|
Log-Analyse und Auswertung: Windows 8.1: Spyware? "Dynamo Combo" Add-on verursacht umleitung auf WerbungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.02.2015, 22:41 | #1 |
| Windows 8.1: Spyware? "Dynamo Combo" Add-on verursacht umleitung auf Werbung Hallo liebe Trojaner-Board-Community, Ich bin neu hier und habe die "Anleitung für Hilfesuchende" durchgearbeitet und hoffentlich nichts vergessen Zum Problem: Ich habe seit ca. einer Woche ein Problem mit einem Add-on namens "Dynamo Combo". Ich habe dieses Add-on nicht bewusst selbst installiert, woher es also kommt ist mir schleierhaft. Zu meinem System: -Laptop mit Windows 8.1 (64-bit) -Hardware: i7 mit 2,4GHz, 16Gb Ram, 250Gb SSD -Avast antivirus installiert -Windows smart screen filter deaktiviert -meist genutzter Browser Firefox (installiert auch Chrome und bitbox) Zu den Symptomen: -Ich erhalte plötzlich auf vielen Seiten aufdringliche Werbe-Popups, trotz Adblocker (Adblock Plus), was bis vor ein paar tagen nie der Fall war. -Es öffnen sich hin und wieder neue Browser-Tabs in denen sich Werbe-Seiten öffnen, dies geschieht oft, wenn ich eine neue Seite laden will oder ich beim Browsen auf einen Link klicke - manchmal aber auch scheinbar ohne Auslöser. -Wenn ich manche links oder Seiten öffnen will - unter anderem auch wenn ich auf ein Suchergebnis bei Google klicke, öffnet sich statt der Seite die ich erreichen will eine Werbeseite. Oft erhalte ich auch eine Fehlermeldung von Firefox nach dem Wortlaut: "Proxy-Server_verweigert_Verbindung" (Gleichnamiger Screenshot im Anhang). Obwohl ich nie einen Proxy-Server eingestellt habe. -Mein Laptop ist gefühlt deutlich langsamer vorallem der Browser. -Ob es nun eine Spyware ist oder nicht weis ich leider nicht, ich habe das bei der recherche im Netz gefunden, allerdings finde ich den Beitrag nicht mehr. Ich hoffe ihr könnt mir Anhand meiner schilderung und der logs mehr verraten. Was ich unternommen habe: -Aufgrund der Belästigung durch die Werbung und der Warnung von Avast, das ein Browser-Addon/Plugin mit schlechter Bewertung installiert sei, habe ich der Empfehlung von Avast vertraut und mit Avast Browser-Clean-Up die Browser reinigen lassen. Dies war soweit ich mich erinnern kann mit einer Fehlermeldung beendet worden. Bei späteren Neustarts, meckerte Avast wieder, mit der gleichen Meldung. (Wobei es beim ersten mal 3-4 Plugins und darunter zweimal "Dynamo Combo" waren die schlechte Bewertungen hatten - soweit ich mich erinnere - und es bei jedem Clean Up immer weniger wurden.) -Als Avast unter anderem das "Dynamo Combo"-Add-On nicht löschen konnte hab ich unter Firefox das Add-On gefunden und deinstalliert. Dort ist es nun auch nicht mehr zu finden. Avast hat dann nochmal gemerkt, hat nach weiteren Neustarts die Tage darauf jedoch nichts mehr gefunden. Laut Avast sind nun alle Browser-Add-ons mit schlechter Bewertung verschwunden. Nachdem Avast keine Probleme mehr findet, habe ich die oben genannten Symptome zwar weniger oft, aber immernoch hin und wieder. Weshalb ich nun nicht mehr weiter weis und euch in diesem Forum kontaktiere und höflichst um Hilfe bitte. Ich habe die "Anleitung für Hilfesuchende" befolgt, es folgen nun die Logfiles: defogger_disable.log: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 21:07 on 02/02/2015 (Nico) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- FRST.txt: *Beitrag zu groß -> siehe Anhang Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015 Ran by Nico at 2015-02-02 21:10:57 Running from C:\Users\Nico\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.2.0.26 - Absolute Software) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated) Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated) Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{9043E92C-183C-7633-0237-96CE00F5C909}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software) Bitcasa version 0.9.20.4135 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 0.9.20.4135 - Bitcasa Inc.) Browser in the Box (HKLM-x32\...\BitBox) (Version: 3.3.1-r30 - Sirrix AG) Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version: - Alactro LLC) <==== ATTENTION Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden CoDeSys for Automation Alliance (HKLM-x32\...\{07976ABB-1EBD-4A65-A7C7-155A0DC17173}) (Version: - 3S-Smart Software Solutions GmbH) Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dotfuscator Software Services - Community Edition - DEU (HKLM-x32\...\{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}) (Version: 5.0.2300.0 - PreEmptive Solutions) Dotfuscator Software Services - Community Edition (HKLM-x32\...\{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}) (Version: 5.0.2300.0 - PreEmptive Solutions) Dropbox (HKU\S-1-5-21-3589802351-439905089-1110981561-1001\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.) Dynamo Combo (HKLM\...\Dynamo Combo) (Version: 2015.01.23.142327 - Dynamo Combo) <==== ATTENTION! Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.6 - Samsung Electronics CO.,LTD.) ELECTRA 2.9.5 (HKLM-x32\...\ELECTRA_is1) (Version: - KONEKT) Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.) ETDWare X64 11.7.19.9_WHQL (HKLM\...\Elantech) (Version: 11.7.19.9 - ELAN Microelectronic Corp.) Evernote v. 5.8.1 (HKLM-x32\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.) Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.6.36.116 - Foxit Software Inc.) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.0.429 - Foxit Corporation) Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Help Desk (HKLM\...\{AEC9D273-E162-4614-83F1-722B8C74B185}) (Version: 1.0.96 - Samsung Electronics CO., LTD.) Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation) Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{87d45b7e-19da-4dd5-9214-5e0d587c312f}) (Version: 15.6.1 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation) IntelliMemory (HKLM\...\{40320F22-7D70-49DB-9D66-B6FAE5F36B47}) (Version: 1.0.32.0 - Condusiv Technologies) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden LTspice IV (HKLM-x32\...\LTspice IV) (Version: - ) Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft ASP.NET MVC 2 - DEU (HKLM-x32\...\{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}) (Version: 2.0.50331.0 - Microsoft Corporation) Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU (HKLM-x32\...\{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}) (Version: 2.0.50331.0 - Microsoft Corporation) Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation) Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation) Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation) Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation) Microsoft Office 365 Home Premium - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Silverlight 3 SDK - Deutsch (HKLM-x32\...\{91F54E1D-804A-46D8-A56C-53EA9C4B3177}) (Version: 3.0.40818.0 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-3589802351-439905089-1110981561-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation) Microsoft SQL Server 2008 Browser (HKLM-x32\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.1.2531.0 - Microsoft Corporation) Microsoft SQL Server 2008 Native Client (HKLM\...\{8325FD0C-2FDB-46C3-921A-3A78385EA972}) (Version: 10.1.2531.0 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}) (Version: 10.50.1447.4 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{A106D33E-6B43-42C0-9BFC-D03303261FA7}) (Version: 10.50.1447.4 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{8583E7E3-2237-4981-B957-E28E5E9AB678}) (Version: 10.50.1447.4 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{92C5C058-E941-47C3-B7E8-38A79C605969}) (Version: 10.50.1447.4 - Microsoft Corporation) Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework (HKLM-x32\...\{9C3B8582-A72A-4835-8903-877A834407BB}) (Version: 10.50.1447.4 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation) Microsoft SQL Server System CLR Types (HKLM-x32\...\{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}) (Version: 10.50.1447.4 - Microsoft Corporation) Microsoft SQL Server System CLR Types (x64) (HKLM\...\{197B3774-B7E6-4D50-AD0D-7F99B1E264D2}) (Version: 10.50.1447.4 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{28D06854-572C-4A65-83E5-F8CAF26B9FDC}) (Version: 10.1.2531.0 - Microsoft Corporation) Microsoft Sync Framework Runtime v1.0 SP1 (x64) de (HKLM\...\{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}) (Version: 1.0.3010.0 - Microsoft Corporation) Microsoft Sync Framework SDK v1.0 SP1 de (HKLM-x32\...\{08DA8E46-ED67-451A-9246-50E0FF6959C9}) (Version: 1.0.3010.0 - Microsoft Corporation) Microsoft Sync Framework Services v1.0 SP1 (x64) de (HKLM\...\{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}) (Version: 1.0.3010.0 - Microsoft Corporation) Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de (HKLM\...\{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}) (Version: 2.0.3010.0 - Microsoft Corporation) Microsoft Team Foundation Server 2010-Objektmodell - DEU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - DEU) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (HKLM\...\{95A2AD24-BD44-3E39-A31F-CE928276577E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 (HKLM-x32\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual F# 2.0 Runtime Language Pack - DEU (HKLM-x32\...\{681F4E9F-34E0-36BD-BF2C-100554E403A5}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (HKLM\...\{E1C1D175-C23E-38F4-9AC1-ABE5167022CF}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010 Ultimate - DEU (HKLM-x32\...\Microsoft Visual Studio 2010 Ultimate - DEU) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio Macro Tools - DEU Language Pack (HKLM-x32\...\Microsoft Visual Studio Macro Tools - DEU Language Pack) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) OEM Application Profile (HKLM-x32\...\{EE55B368-EBDF-98F3-CFE7-7CE4ADBC4553}) (Version: 1.00.0004 - Advanced Micro Devices, Inc.) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4454.1510 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4454.1510 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4454.1510 - Microsoft Corporation) Hidden Oracle VM VirtualBox 4.2.22 (HKLM\...\{CC9889DA-F802-4C85-B543-15C02543BA29}) (Version: 4.2.22 - Oracle Corporation) PDF24 Creator 6.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) Phone Screen Sharing (HKLM-x32\...\{DF02C515-40B5-45AC-A601-5DC69D03885C}) (Version: 2.0.0.21 - RSUPPORT) Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version: - PopCap Games) PowerISO (HKLM-x32\...\PowerISO) (Version: 5.9 - Power Software Ltd) PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.2 - Samsung Electronics CO., LTD.) Raccolta foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden RAPID Mode (Version: 1.0.1.81 - Samsung Electronics Co., Ltd.) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7299 - Realtek Semiconductor Corp.) Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.12.18 - Samsung Electronics CO., LTD.) S Agent (Version: 1.1.51 - Samsung Electronics CO., LTD.) Hidden Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.) Hidden Samsung Link (HKLM-x32\...\{82EC241F-DFCA-4166-A8C3-EA5D2B9A41C4}) (Version: 1.8.0.39 - Samsung Electronics CO., LTD.) Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.25.0 - SAMSUNG Electronics Co., Ltd.) Service Pack 1 für SQL Server 2008 (KB 968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation) Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.) SideSync (HKLM-x32\...\{59687468-8CE9-4ABF-9C6A-5C31F0E09F8B}) (Version: 2.0.0 - Samsung Electronics CO., LTD.) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-3589802351-439905089-1110981561-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB) Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden SRS Premium Sound (HKLM-x32\...\{E44F8A34-529E-4318-A0E1-1893C337A47F}) (Version: 1.00.2900 - DTS, Inc.) Support Center (HKLM\...\{711DE117-767F-48A8-9864-66C525B9539F}) (Version: 2.1.1223 - Samsung Electronics CO., LTD.) Support Center FAQ (x32 Version: 1.0.17 - Samsung Electronics CO., LTD.) Hidden SW Update (HKLM-x32\...\{1687FC01-135F-4ADE-B828-B461CC74BD8A}) (Version: 2.2.4 - Samsung Electronics CO., LTD.) Target 3001! V17 pcb-pool (HKLM-x32\...\Target 3001! V17 pcb-pool) (Version: - Ing. Buero FRIEDRICH) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) The KMPlayer (HKLM-x32\...\The KMPlayer) (Version: 3.9.0.124 - PandoraTV) Toastify (HKLM-x32\...\Toastify) (Version: 1.6 - Jesper Palm) Unterstützungsdateien für Microsoft SQL Server 2008-Setup (HKLM\...\{6AF73222-EE90-434C-AE7E-B96F70A68D89}) (Version: 10.1.2731.0 - Microsoft Corporation) User Guide (HKLM-x32\...\{5A6D46E0-D4F4-487D-BFC5-D7DCEB877027}) (Version: 1.3.00 - Samsung Electronics CO., LTD.) VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes) Visual Studio 2010 Prerequisites - English (HKLM\...\{53952792-BF16-300E-ADF2-E7E4367E00CF}) (Version: 10.0.30319 - Microsoft Corporation) Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation) vi-view uninstall (HKLM-x32\...\vi-view uninstall) (Version: - vi-view) <==== ATTENTION VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows-Treiberpaket - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (08/23/2013 6.2.8400.4218) (HKLM\...\26BFE384C802803107F583AE1A739E4FEB56134B) (Version: 08/23/2013 6.2.8400.4218 - Samsung Electronics Co. Ltd.) WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3589802351-439905089-1110981561-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Nico\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3589802351-439905089-1110981561-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-3589802351-439905089-1110981561-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Nico\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3589802351-439905089-1110981561-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Nico\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3589802351-439905089-1110981561-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Nico\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3589802351-439905089-1110981561-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Nico\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3589802351-439905089-1110981561-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nico\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3589802351-439905089-1110981561-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nico\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3589802351-439905089-1110981561-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nico\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3589802351-439905089-1110981561-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nico\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3589802351-439905089-1110981561-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nico\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3589802351-439905089-1110981561-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nico\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3589802351-439905089-1110981561-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nico\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3589802351-439905089-1110981561-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nico\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 15-01-2015 18:28:57 Windows Modules Installer 15-01-2015 20:39:51 RAPID 19-01-2015 13:37:19 Installiert CoDeSys for Automation Alliance 22-01-2015 19:04:36 Windows Update 24-01-2015 11:57:13 Installed SW Update 28-01-2015 07:59:32 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {021FBA49-9CE2-4630-B257-D5B03319B37E} - System32\Tasks\avastBCLRestartS-1-5-21-3589802351-439905089-1110981561-1001 => Chrome.exe Task: {1544F43B-58AB-470D-A30C-256A1EC00370} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-02-01] (Microsoft Corporation) Task: {15E9A293-03E7-45AA-BC86-3F3B3819B1B1} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] () Task: {2509EB92-8F91-4D50-9226-58A16CCD0A14} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2014-11-12] (SEC) Task: {2E71E9ED-86F0-4E4F-B678-FC7609C14A9E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated) Task: {30B4CDAE-3786-442F-9F95-EAE10B7956AF} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.) Task: {413A57E4-F483-488F-8647-AC9A09BA8C0C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-12-31] (Microsoft Corporation) Task: {43EE1E4C-6DB3-43A6-8315-687CAE69A323} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation) Task: {5C1F0E62-71DB-4BD0-8970-2C29300B04A2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-15] (Google Inc.) Task: {6F73154C-3996-4575-A4C0-80D2763DB034} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-15] (Google Inc.) Task: {78EBD80E-DEE4-4579-B3EE-A9E2D3040183} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-15] (AVAST Software) Task: {80D783CC-237B-452C-B5FE-F728A35DFBFB} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation) Task: {A39C99FA-7FF9-43F1-B2F9-71DAA20CD0CA} - System32\Tasks\SamsungLinkPC => C:\Program Files (x86)\Samsung\HomeSync Lite\RefreshToken.exe Task: {C76CDA18-7CD0-4DD9-A66D-7338706828D1} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-10-29] (Samsung Electronics CO., LTD.) Task: {D7279592-2F09-49A7-BE22-D02E860985E2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-12-07] (Microsoft Corporation) Task: {D864362E-B144-4455-8516-27C0F4820C86} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] () Task: {DB610074-84F1-453C-9F37-C5B513F5646D} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2014-01-29] (Samsung Electronics CO., LTD.) Task: {F970148F-2656-4628-8C63-947981AA7910} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Nico_Study-Nico Nico_Study => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-02-01] (Microsoft Corporation) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2015-02-01 18:36 - 2012-11-10 10:28 - 00382544 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll 2015-02-01 18:36 - 2012-12-07 07:04 - 00513616 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll 2015-02-01 18:36 - 2012-12-07 07:05 - 00607312 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll 2015-01-15 19:39 - 2015-01-15 19:39 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll 2015-01-15 19:39 - 2015-01-15 19:39 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll 2014-01-29 13:20 - 2014-01-29 13:20 - 00084800 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe 2014-10-01 19:54 - 2014-10-01 19:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-10-29 17:19 - 2014-10-29 17:19 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll 2014-01-10 22:48 - 2014-01-10 22:48 - 00380176 _____ () C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll 2014-01-10 22:48 - 2014-01-10 22:48 - 04251920 _____ () C:\Program Files\Oracle\VirtualBox\VBoxRT.dll 2014-01-10 22:50 - 2014-01-10 22:50 - 02030352 _____ () C:\Program Files\Oracle\VirtualBox\VBoxVMM.dll 2014-01-10 22:51 - 2014-01-10 22:51 - 00670992 _____ () C:\Program Files\Oracle\VirtualBox\VBoxREM.dll 2014-03-18 17:41 - 2014-03-18 17:41 - 00025088 _____ () C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL 2014-01-10 22:50 - 2014-01-10 22:50 - 00046864 _____ () C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL 2014-01-10 22:50 - 2014-01-10 22:50 - 00048912 _____ () C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL 2014-01-10 22:50 - 2014-01-10 22:50 - 00042256 _____ () C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL 2014-01-10 22:51 - 2014-01-10 22:51 - 02270992 _____ () C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL 2014-01-10 22:50 - 2014-01-10 22:50 - 00171792 _____ () C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll 2014-01-10 22:50 - 2014-01-10 22:50 - 00040208 _____ () C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL 2014-01-10 22:49 - 2014-01-10 22:49 - 00966416 _____ () C:\Program Files\Oracle\VirtualBox\VBoxManage.exe 2015-02-02 21:07 - 2015-02-02 21:06 - 00050477 _____ () C:\Users\Nico\Desktop\Defogger.exe 2013-10-10 17:48 - 2013-10-10 17:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2015-02-01 14:10 - 2015-02-01 14:10 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020100\algo.dll 2015-01-15 19:39 - 2015-01-15 19:39 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll 2015-02-02 07:27 - 2015-02-02 07:27 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020101\algo.dll 2010-12-23 12:06 - 2010-12-23 12:06 - 00028672 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\cx_Logging.pyd 2012-10-27 15:21 - 2012-10-27 15:21 - 00098816 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32api.pyd 2012-10-27 15:20 - 2012-10-27 15:20 - 00110080 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\pywintypes27.dll 2012-10-27 15:20 - 2012-10-27 15:20 - 00018432 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32event.pyd 2012-10-27 15:20 - 2012-10-27 15:20 - 00119808 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32file.pyd 2012-10-27 15:21 - 2012-10-27 15:21 - 00167936 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32gui.pyd 2012-10-27 15:20 - 2012-10-27 15:20 - 00024064 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32pipe.pyd 2012-10-27 15:20 - 2012-10-27 15:20 - 00035840 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32process.pyd 2012-10-27 15:20 - 2012-10-27 15:20 - 00017408 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32profile.pyd 2012-10-27 15:20 - 2012-10-27 15:20 - 00108544 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32security.pyd 2012-10-27 15:21 - 2012-10-27 15:21 - 00022528 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32ts.pyd 2012-10-27 15:22 - 2012-10-27 15:22 - 00364544 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\pythoncom27.dll 2012-10-27 15:23 - 2012-10-27 15:23 - 00320512 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32com.shell.shell.pyd 2013-11-10 19:24 - 2013-11-10 19:24 - 00087552 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\_ctypes.pyd 2013-11-10 19:24 - 2013-11-10 19:24 - 00358400 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\_hashlib.pyd 2013-11-10 19:24 - 2013-11-10 19:24 - 00044544 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\_socket.pyd 2013-11-10 19:24 - 2013-11-10 19:24 - 00899584 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\_ssl.pyd 2012-10-27 15:20 - 2012-10-27 15:20 - 00025600 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32cred.pyd 2012-10-27 15:20 - 2012-10-27 15:20 - 00011264 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32crypt.pyd 2012-10-27 15:20 - 2012-10-27 15:20 - 00064512 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32net.pyd 2014-01-29 13:20 - 2014-01-29 13:20 - 00027968 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll 2014-01-29 13:20 - 2014-01-29 13:20 - 01141056 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll 2014-01-29 13:20 - 2014-01-29 13:20 - 00109888 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll 2014-01-29 13:20 - 2014-01-29 13:20 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll 2014-01-29 13:20 - 2014-01-29 13:20 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll 2014-01-29 13:20 - 2014-01-29 13:20 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll 2014-01-29 13:20 - 2014-01-29 13:20 - 00109888 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll 2014-01-29 13:20 - 2014-01-29 13:20 - 00059712 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll 2014-01-29 13:20 - 2014-01-29 13:20 - 00102720 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll 2015-01-15 20:17 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll 2015-01-15 22:09 - 2015-01-08 21:44 - 00750080 _____ () C:\Users\Nico\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-02-02 07:28 - 2015-02-02 07:28 - 00043008 _____ () c:\users\nico\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsaz467.dll 2015-01-15 22:09 - 2015-01-08 21:44 - 00047616 _____ () C:\Users\Nico\AppData\Roaming\Dropbox\bin\libEGL.dll 2015-01-15 22:09 - 2015-01-08 21:44 - 00863744 _____ () C:\Users\Nico\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2015-01-15 22:09 - 2015-01-08 21:44 - 00200704 _____ () C:\Users\Nico\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2015-01-15 19:39 - 2015-01-15 19:39 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2015-01-15 19:31 - 2013-09-16 12:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2015-02-01 18:36 - 2015-02-01 18:36 - 00312896 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll 2015-02-01 18:36 - 2015-02-01 18:36 - 00354368 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\c2r32.dll 2015-02-01 18:36 - 2015-02-01 18:37 - 01286256 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\PPRESOURCES.DLL 2015-01-27 12:45 - 2015-01-27 12:45 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-02-15 15:29 - 2014-02-15 15:29 - 01853440 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\PySide.QtCore.pyd 2014-02-15 15:25 - 2014-02-15 15:25 - 00110592 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\pyside-python2.7.dll 2014-02-15 15:24 - 2014-02-15 15:24 - 00108544 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\shiboken-python2.7.dll 2014-02-15 15:47 - 2014-02-15 15:47 - 06947328 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\PySide.QtGui.pyd 2012-10-27 15:20 - 2012-10-27 15:20 - 00042496 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32service.pyd 2014-12-17 15:11 - 2014-12-17 15:11 - 21121032 _____ () C:\Program Files (x86)\Evernote\Evernote\libcef.dll 2014-12-17 15:11 - 2014-12-17 15:11 - 00098312 _____ () C:\Program Files (x86)\Evernote\Evernote\websockets.dll 2014-12-17 15:11 - 2014-12-17 15:11 - 00439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll 2014-12-17 15:11 - 2014-12-17 15:11 - 00321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll 2014-12-17 15:10 - 2014-12-17 15:10 - 00988696 _____ () C:\Program Files (x86)\Evernote\Evernote\avcodec-54.dll 2014-12-17 15:11 - 2014-12-17 15:11 - 00138776 _____ () C:\Program Files (x86)\Evernote\Evernote\avutil-51.dll 2014-12-17 15:11 - 2014-12-17 15:11 - 00195096 _____ () C:\Program Files (x86)\Evernote\Evernote\avformat-54.dll 2014-03-31 21:35 - 2014-03-31 21:35 - 00282304 _____ () C:\Program Files (x86)\Windows Live\Writer\de\WindowsLive.Writer.Localization.resources.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "Bitcasa" HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher" HKLM\...\StartupApproved\Run32: => "KiesTrayAgent" HKLM\...\StartupApproved\Run32: => "RemoteControl10" HKLM\...\StartupApproved\Run32: => "ENISysTray" HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows" HKLM\...\StartupApproved\Run32: => "PDFPrint" HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive" HKU\S-1-5-21-3589802351-439905089-1110981561-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk" HKU\S-1-5-21-3589802351-439905089-1110981561-1001\...\StartupApproved\Run: => "Spotify" ========================= Accounts: ========================== Administrator (S-1-5-21-3589802351-439905089-1110981561-500 - Administrator - Disabled) BitBox (S-1-5-21-3589802351-439905089-1110981561-1002 - Limited - Enabled) Gast (S-1-5-21-3589802351-439905089-1110981561-501 - Limited - Disabled) Nico (S-1-5-21-3589802351-439905089-1110981561-1001 - Administrator - Enabled) => C:\Users\Nico ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (02/02/2015 05:18:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Nico_Study) Description: Das Paket „Tagesschau.Tagesschau_1.1.0.4_x64__6364r0569j69m+App“ wurde beendet, da das Anhalten zu lange dauerte. Error: (02/02/2015 07:40:09 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Tagesschau.exe, Version: 1.0.0.0, Zeitstempel: 0x54886d91 Name des fehlerhaften Moduls: Windows.UI.Xaml.dll, Version: 6.3.9600.17477, Zeitstempel: 0x5452dca5 Ausnahmecode: 0xc000027b Fehleroffset: 0x000000000098260a ID des fehlerhaften Prozesses: 0x8d0 Startzeit der fehlerhaften Anwendung: 0xTagesschau.exe0 Pfad der fehlerhaften Anwendung: Tagesschau.exe1 Pfad des fehlerhaften Moduls: Tagesschau.exe2 Berichtskennung: Tagesschau.exe3 Vollständiger Name des fehlerhaften Pakets: Tagesschau.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Tagesschau.exe5 Error: (02/01/2015 01:35:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IntelliMem.exe, Version: 1.0.32.0, Zeitstempel: 0x50d4991a Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000800000008 ID des fehlerhaften Prozesses: 0x4b8 Startzeit der fehlerhaften Anwendung: 0xIntelliMem.exe0 Pfad der fehlerhaften Anwendung: IntelliMem.exe1 Pfad des fehlerhaften Moduls: IntelliMem.exe2 Berichtskennung: IntelliMem.exe3 Vollständiger Name des fehlerhaften Pakets: IntelliMem.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IntelliMem.exe5 Error: (01/31/2015 00:06:29 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Tagesschau.exe, Version: 1.0.0.0, Zeitstempel: 0x54886d91 Name des fehlerhaften Moduls: Windows.UI.Xaml.dll, Version: 6.3.9600.17477, Zeitstempel: 0x5452dca5 Ausnahmecode: 0xc000027b Fehleroffset: 0x000000000098260a ID des fehlerhaften Prozesses: 0x14f4 Startzeit der fehlerhaften Anwendung: 0xTagesschau.exe0 Pfad der fehlerhaften Anwendung: Tagesschau.exe1 Pfad des fehlerhaften Moduls: Tagesschau.exe2 Berichtskennung: Tagesschau.exe3 Vollständiger Name des fehlerhaften Pakets: Tagesschau.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Tagesschau.exe5 Error: (01/31/2015 03:56:24 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Tagesschau.exe, Version: 1.0.0.0, Zeitstempel: 0x54886d91 Name des fehlerhaften Moduls: Windows.UI.Xaml.dll, Version: 6.3.9600.17477, Zeitstempel: 0x5452dca5 Ausnahmecode: 0xc000027b Fehleroffset: 0x000000000098260a ID des fehlerhaften Prozesses: 0x1358 Startzeit der fehlerhaften Anwendung: 0xTagesschau.exe0 Pfad der fehlerhaften Anwendung: Tagesschau.exe1 Pfad des fehlerhaften Moduls: Tagesschau.exe2 Berichtskennung: Tagesschau.exe3 Vollständiger Name des fehlerhaften Pakets: Tagesschau.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Tagesschau.exe5 Error: (01/30/2015 07:40:08 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Tagesschau.exe, Version: 1.0.0.0, Zeitstempel: 0x54886d91 Name des fehlerhaften Moduls: Windows.UI.Xaml.dll, Version: 6.3.9600.17477, Zeitstempel: 0x5452dca5 Ausnahmecode: 0xc000027b Fehleroffset: 0x000000000098260a ID des fehlerhaften Prozesses: 0x1b4c Startzeit der fehlerhaften Anwendung: 0xTagesschau.exe0 Pfad der fehlerhaften Anwendung: Tagesschau.exe1 Pfad des fehlerhaften Moduls: Tagesschau.exe2 Berichtskennung: Tagesschau.exe3 Vollständiger Name des fehlerhaften Pakets: Tagesschau.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Tagesschau.exe5 Error: (01/29/2015 03:03:13 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Tagesschau.exe, Version 1.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 260 Startzeit: 01d03b8c51a80e29 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\Tagesschau.Tagesschau_1.1.0.4_x64__6364r0569j69m\Tagesschau.exe Berichts-ID: 8bce0a5d-a7bf-11e4-bea3-1867b0c779c5 Vollständiger Name des fehlerhaften Pakets: Tagesschau.Tagesschau_1.1.0.4_x64__6364r0569j69m Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App Error: (01/29/2015 03:03:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Nico_Study) Description: Das Paket „Tagesschau.Tagesschau_1.1.0.4_x64__6364r0569j69m+App“ wurde beendet, da das Anhalten zu lange dauerte. Error: (01/28/2015 01:40:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: delegate_execute.exe, Version: 40.0.2214.93, Zeitstempel: 0x54c45c3f Name des fehlerhaften Moduls: delegate_execute.exe, Version: 40.0.2214.93, Zeitstempel: 0x54c45c3f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002c450 ID des fehlerhaften Prozesses: 0x189c Startzeit der fehlerhaften Anwendung: 0xdelegate_execute.exe0 Pfad der fehlerhaften Anwendung: delegate_execute.exe1 Pfad des fehlerhaften Moduls: delegate_execute.exe2 Berichtskennung: delegate_execute.exe3 Vollständiger Name des fehlerhaften Pakets: delegate_execute.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: delegate_execute.exe5 Error: (01/28/2015 11:16:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3 Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224 Ausnahmecode: 0x80000003 Fehleroffset: 0x00001425 ID des fehlerhaften Prozesses: 0x222c Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5 System errors: ============= Error: (02/02/2015 09:11:00 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT-AUTORITÄT) Description: D:\Device\HarddiskVolume103 Error: (02/02/2015 08:58:33 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: Nico_Study) Description: D:\Device\HarddiskVolume93 Error: (02/02/2015 08:56:42 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT-AUTORITÄT) Description: D:\Device\HarddiskVolume92 Error: (02/02/2015 07:59:24 PM) (Source: volsnap) (EventID: 16) (User: ) Description: Die Schattenkopien von Volume "D:" wurden verworfen, weil die Bereitsstellungaufhebung von Volume "D:", das einen Schattenkopiespeicher für diese Schattenkopie enthält, erzwungen wurde. Error: (02/02/2015 07:59:08 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT-AUTORITÄT) Description: D:\Device\HarddiskVolume82 Error: (02/02/2015 07:58:12 PM) (Source: Ntfs) (EventID: 55) (User: NT-AUTORITÄT) Description: In der Dateisystemstruktur auf Volume "D:" wurde eine Beschädigung erkannt. In einer Indexstruktur des Dateisystems wurde eine Beschädigung gefunden. Die Dateireferenznummer ist 0x10000000014f4. Der Name der Datei ist "\SAVE\#Data\Filme". Das Attribut des beschädigten Indexes ist ":$I30:$INDEX_ALLOCATION". Error: (02/02/2015 07:51:07 PM) (Source: DCOM) (EventID: 10010) (User: Nico_Study) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (02/02/2015 07:02:22 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "NB", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{01E04A84-55B5-45E5-B2C8-8EA35C450074}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (02/02/2015 07:27:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Util Dynamo Combo" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (02/02/2015 07:27:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Update Dynamo Combo" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Microsoft Office Sessions: ========================= Error: (02/02/2015 05:18:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Nico_Study) Description: Tagesschau.Tagesschau_1.1.0.4_x64__6364r0569j69m+App Error: (02/02/2015 07:40:09 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Tagesschau.exe1.0.0.054886d91Windows.UI.Xaml.dll6.3.9600.174775452dca5c000027b000000000098260a8d001d03eb158224305C:\Program Files\WindowsApps\Tagesschau.Tagesschau_1.1.0.4_x64__6364r0569j69m\Tagesschau.exeC:\Windows\System32\Windows.UI.Xaml.dll546c63c4-aaa6-11e4-bea6-b4b6769c136dTagesschau.Tagesschau_1.1.0.4_x64__6364r0569j69mApp Error: (02/01/2015 01:35:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: IntelliMem.exe1.0.32.050d4991aunknown0.0.0.000000000c000000500000008000000084b801d03d42e643f8f1C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exeunknownc4bcbf0f-aa0e-11e4-bea5-1867b0c779c5 Error: (01/31/2015 00:06:29 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Tagesschau.exe1.0.0.054886d91Windows.UI.Xaml.dll6.3.9600.174775452dca5c000027b000000000098260a14f401d03d43b9d96b70C:\Program Files\WindowsApps\Tagesschau.Tagesschau_1.1.0.4_x64__6364r0569j69m\Tagesschau.exeC:\Windows\System32\Windows.UI.Xaml.dll345b6b0a-a939-11e4-bea5-1867b0c779c5Tagesschau.Tagesschau_1.1.0.4_x64__6364r0569j69mApp Error: (01/31/2015 03:56:24 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Tagesschau.exe1.0.0.054886d91Windows.UI.Xaml.dll6.3.9600.174775452dca5c000027b000000000098260a135801d03d017ee61c50C:\Program Files\WindowsApps\Tagesschau.Tagesschau_1.1.0.4_x64__6364r0569j69m\Tagesschau.exeC:\Windows\System32\Windows.UI.Xaml.dllbd968bcd-a8f4-11e4-bea4-1867b0c779c5Tagesschau.Tagesschau_1.1.0.4_x64__6364r0569j69mApp Error: (01/30/2015 07:40:08 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Tagesschau.exe1.0.0.054886d91Windows.UI.Xaml.dll6.3.9600.174775452dca5c000027b000000000098260a1b4c01d03c5451e65a5fC:\Program Files\WindowsApps\Tagesschau.Tagesschau_1.1.0.4_x64__6364r0569j69m\Tagesschau.exeC:\Windows\System32\Windows.UI.Xaml.dlld497a980-a84a-11e4-bea4-1867b0c779c5Tagesschau.Tagesschau_1.1.0.4_x64__6364r0569j69mApp Error: (01/29/2015 03:03:13 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Tagesschau.exe1.0.0.026001d03b8c51a80e294294967295C:\Program Files\WindowsApps\Tagesschau.Tagesschau_1.1.0.4_x64__6364r0569j69m\Tagesschau.exe8bce0a5d-a7bf-11e4-bea3-1867b0c779c5Tagesschau.Tagesschau_1.1.0.4_x64__6364r0569j69mApp Error: (01/29/2015 03:03:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Nico_Study) Description: Tagesschau.Tagesschau_1.1.0.4_x64__6364r0569j69m+App Error: (01/28/2015 01:40:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: delegate_execute.exe40.0.2214.9354c45c3fdelegate_execute.exe40.0.2214.9354c45c3fc00000050002c450189c01d03af787f322dcC:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\delegate_execute.exeC:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\delegate_execute.exec661c0d0-a6ea-11e4-bea2-1867b0c779c5 Error: (01/28/2015 11:16:11 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425222c01d03ac835d220c1C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllae39ec30-a6d6-11e4-bea1-1867b0c779c5 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-3635QM CPU @ 2.40GHz Percentage of memory in use: 34% Total physical RAM: 16270.86 MB Available physical RAM: 10710.32 MB Total Pagefile: 17430.86 MB Available Pagefile: 11041.06 MB Total Virtual: 131072 MB Available Virtual: 131071.78 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:393.69 GB) (Free:231.7 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 5900EE1B) Partition: GPT Partition Type. ==================== End Of Log ============================ Gmer.txt: *leider zu groß -> siehe Anhang Avast-BrowserClearnUp log: *leider auch zu groß -> siehe Anhang adwcleaner log: *leider auch zu groß -> siehe Anhang Wie ihr seht hab ich noch ein log von Avast-BroserCleanUp und vom adwcleaner angehängt - in der Hoffnung das könnte euch vielleicht helfen. Leider ist der Beitrag mit 200000 Zeichen viel zu groß geworden, weshalb ich einige logfiles nun als Zip angehängt habe. Gmer gab beim Start eine und nach ende des Scans zwei Fehlermeldungen aus - Scrennshots sind im Anhang. Ich hoffe mal ich habe nichts vergessen - habe versucht möglichst genau die Situation darzustellen, wie gewünscht. Ich hoffe dennoch ich habe euch mit den Informationen nicht erschlagen. Ich hoffe mal, dass ihr mir helfen könnt und wir das Problem wenn möglich ohne ein Neufsetzen des Latops lösen können. In jedem Fall schonmal Danke, wenn sich jemand mit meinem Problem befasst und mir versucht zu helfen! Edit: Den adwcleaner habe ich bisher nur zum scannen genutzt um auch das logfile hier posten zu können, gelöscht oder deinstalliert habe ich mit ihm noch nicht, da angst habe die falschen Datein zu löschen und keine Spuren des Schadbefalls für die Analyse hier vernichten wollte Geändert von IneedHelp1 (02.02.2015 um 22:44 Uhr) Grund: Ergänzung zum Einsatz des adwcleaners. |
03.02.2015, 00:37 | #2 |
Ruhe in Frieden † 2019 | Windows 8.1: Spyware? "Dynamo Combo" Add-on verursacht umleitung auf WerbungMein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist. Bitte sämtliche Logfiles hier in diesen Thread posten. Posten in Code Tags Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke. Dazu:
__________________ |
03.02.2015, 07:20 | #3 |
| Windows 8.1: Spyware? "Dynamo Combo" Add-on verursacht umleitung auf Werbung Hallo Sandra,
__________________ersteinmal vielen Dank für die schnelle Antwort! In der Anleitung habe ich gelesen, dass wenn die logs zu lang sind, man sie in ner zip in den Anhang hängen sollte und ich wollte keine Antwort posten, da sonst ja mein "Fall" als "in bearbeitung" gelten sollte. Da ich ja nun von dir Betreut werde, hole ich das gerne nach Logfiles: FRST.txt - Teil 1 Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015 Ran by Nico (administrator) on NICO_STUDY on 02-02-2015 21:09:39 Running from C:\Users\Nico\Desktop Loaded Profiles: Nico (Available profiles: Nico) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Condusiv Technologies) C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (Sirrix AG) C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (XTab system) C:\Program Files (x86)\XTab\ProtectService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (3S-Smart Software Solutions GmbH) C:\Program Files (x86)\3S Software\CoDeSys ENI Server\ENI.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe (Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Spotify Ltd) C:\Users\Nico\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Dropbox, Inc.) C:\Users\Nico\AppData\Roaming\Dropbox\bin\Dropbox.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\POWERPNT.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Sirrix AG) C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxTrayapp.exe (Sirrix AG) C:\Program Files (x86)\Sirrix AG\BitBox\bin\BITBstartApplicationAsUser.exe (Sirrix AG) C:\Program Files (x86)\Sirrix AG\BitBox\bin\bitb.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe (Oracle Corporation) C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Oracle Corporation) C:\Program Files\Oracle\VirtualBox\VirtualBox.exe (Sirrix AG) C:\Program Files (x86)\Sirrix AG\BitBox\bin\watchdog.exe (Sirrix AG) C:\Program Files (x86)\Sirrix AG\BitBox\bin\watchdog.exe () C:\Program Files\Oracle\VirtualBox\VBoxManage.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe () C:\Users\Nico\Desktop\Defogger.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894152 2013-11-04] (ELAN Microelectronics Corp.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13674712 2014-07-16] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1389936 2014-07-18] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_SRSSA] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1389936 2014-07-18] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281776 2014-09-16] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310640 2013-03-07] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.) HKLM-x32\...\Run: [ENISysTray] => C:\Program Files (x86)\3S Software\CoDeSys ENI Server\ENISysTray.exe [245760 2009-01-20] (3S-Smart Software Solutions GmbH) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3589802351-439905089-1110981561-1001\...\Run: [Quick Starter] => C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe [2358064 2014-07-15] (Samsung Electronics CO., LTD.) HKU\S-1-5-21-3589802351-439905089-1110981561-1001\...\Run: [Spotify] => C:\Users\Nico\AppData\Roaming\Spotify\Spotify.exe [6737976 2015-01-15] (Spotify Ltd) HKU\S-1-5-21-3589802351-439905089-1110981561-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30873192 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-3589802351-439905089-1110981561-1001\...\Run: [Spotify Web Helper] => C:\Users\Nico\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-15] (Spotify Ltd) HKU\S-1-5-21-3589802351-439905089-1110981561-1001\...\MountPoints2: {5978b983-9cee-11e4-be94-b4b6769c136d} - "E:\autorun.exe" AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [245008 2015-01-05] (Client Connect LTD) AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [215312 2015-01-05] (Client Connect LTD) Startup: C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Nico\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {75EE9A76-CCF7-47D7-BAA3-573E905D5109} => C:\windows\SYSTEM32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [BitcasaIconOverlay] -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll (Bitcasa, Inc) ShellIconOverlayIdentifiers: [BitcasaProgressOverlay] -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll (Bitcasa, Inc) ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {75EE9A76-CCF7-47D7-BAA3-573E905D5109} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation) BootExecute: autocheck autochk * aswBoot.exe /M:5971001 /wow /dir:"C:\Program Files\AVAST Software\Avast" GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) AutoConfigURL: [S-1-5-21-3589802351-439905089-1110981561-1001] => file://C:\Program Files (x86)\Dynamo Combo\bin\Pac9064.js HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://myhome.vi-view.com/?type=hp&ts=1422024598&from=cor&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF824519D HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://myhome.vi-view.com/web/?type=ds&ts=1422024598&from=cor&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF824519D&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://myhome.vi-view.com/?type=hp&ts=1422024598&from=cor&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF824519D HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://myhome.vi-view.com/web/?type=ds&ts=1422024598&from=cor&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF824519D&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3589802351-439905089-1110981561-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms} HKU\S-1-5-21-3589802351-439905089-1110981561-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006 HKU\S-1-5-21-3589802351-439905089-1110981561-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://myhome.vi-view.com/web/?type=ds&ts=1422024598&from=cor&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF824519D&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://myhome.vi-view.com/web/?type=ds&ts=1422024598&from=cor&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF824519D&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://myhome.vi-view.com/web/?type=ds&ts=1422024598&from=cor&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF824519D&q={searchTerms} SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-3589802351-439905089-1110981561-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-3589802351-439905089-1110981561-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://myhome.vi-view.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF824519D&ts=1422024732&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3589802351-439905089-1110981561-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://myhome.vi-view.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF824519D&ts=1422024732&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3589802351-439905089-1110981561-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://myhome.vi-view.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF824519D&ts=1422024732&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3589802351-439905089-1110981561-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://myhome.vi-view.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF824519D&ts=1422024732&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3589802351-439905089-1110981561-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://myhome.vi-view.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF824519D&ts=1422024732&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3589802351-439905089-1110981561-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Dynamo Combo 1.0.0.7 -> {986c37a1-7b65-476f-80dc-54f80bd4b0d6} -> C:\Program Files (x86)\Dynamo Combo\DynamoComboBHO.dll (Dynamo Combo) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\045rdp04.default FF DefaultSearchEngine: Google (avast) FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006 FF SearchEngineOrder.1: Google (avast) FF SelectedSearchEngine: Google (avast) FF Homepage: https://www.google.com/?trackid=sp-006 FF Keyword.URL: https://www.google.com/search/?trackid=sp-006 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\045rdp04.default\searchplugins\google-avast.xml FF SearchPlugin: C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\045rdp04.default\searchplugins\vi-view.xml FF Extension: YouTube Unblocker - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\045rdp04.default\Extensions\youtubeunblocker@unblocker.yt [2015-01-15] FF Extension: Adblock Plus - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\045rdp04.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-25] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-14] FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\045rdp04.default\extensions\fftoolbar2014@etech.com FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\045rdp04.default\extensions\faststartff@gmail.com Chrome: ======= CHR HomePage: Default -> hxxp://myhome.vi-view.com/?type=hp&ts=1422024598&from=cor&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF824519D CHR StartupUrls: Default -> "https://www.google.com/?trackid=sp-006" CHR DefaultSearchKeyword: Default -> google CHR DefaultSuggestURL: Default -> https://www.google.com/complete/search?client=chrome&q={searchTerms} CHR Profile: C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-15] CHR Extension: (Google Drive) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-15] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-15] CHR Extension: (YouTube) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-15] CHR Extension: (Google-Suche) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-15] CHR Extension: (Dynamo Combo) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\eheacoflpaonnngbihgdjcgjlhbfhcpe [2015-01-26] CHR Extension: (Google Tabellen) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-15] CHR Extension: (Avast Online Security) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-15] CHR Extension: (Google Wallet) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-18] CHR Extension: (Google Mail) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-15] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-15] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-15] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-01-15] (Avast Software) R2 BitBoxService; C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe [738304 2014-03-18] (Sirrix AG) [File not signed] S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation) R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593152 2014-01-29] (Samsung Electronics CO., LTD.) R2 ENI Server; C:\Program Files (x86)\3S Software\CoDeSys ENI Server\ENI.exe [651264 2009-01-20] (3S-Smart Software Solutions GmbH) [File not signed] R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-09-05] (ELAN Microelectronics Corp.) R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [243880 2015-01-16] (Foxit Software Inc.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation) R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation) R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation) R2 IntelliMemory; C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe [55720 2012-12-21] (Condusiv Technologies) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] () R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1854056 2012-12-07] (Microsoft Corporation) R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28848 2014-09-16] (Samsung Electronics Co., Ltd.) S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation) R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3000664 2015-01-06] (Samsung Electronics CO., LTD.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2015-01-15] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-01-15] (Microsoft Corporation) R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-01-23] (SysTool PasSame LIMITED) [File not signed] R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2014-07-21] (Advanced Micro Devices, Inc.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-15] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-15] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-15] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-15] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-15] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-15] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-15] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-15] () R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131328 2014-11-21] (Microsoft Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation) R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.) R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation) R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22832 2013-07-24] (ELAN Microelectronic Corp.) R1 intmfs; C:\Windows\System32\DRIVERS\intmfs.sys [29096 2012-12-21] (Condusiv Technologies) R0 intmsd; C:\Windows\System32\DRIVERS\intmsd.sys [104872 2012-12-21] (Condusiv Technologies) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation) R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation) R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider) R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [268976 2014-09-16] (Samsung Electronics Co., Ltd.) R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111280 2014-09-16] (Samsung Electronics Co., Ltd.) R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation) R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-01-15] (Avast Software) S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-01-15] (Microsoft Corporation) R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider) R1 {16a92140-918d-4afb-9edb-46f22437bb10}Gw64; C:\Windows\System32\drivers\{16a92140-918d-4afb-9edb-46f22437bb10}Gw64.sys [48792 2015-01-25] (StdLib) R1 {3bcf4f2c-0bbb-4d4c-bf1f-11bbe6d501ea}Gw64; C:\Windows\System32\drivers\{3bcf4f2c-0bbb-4d4c-bf1f-11bbe6d501ea}Gw64.sys [48792 2015-01-28] (StdLib) R1 {915cb94b-b4d8-4c0e-83b4-61409471b1c3}Gw64; C:\Windows\System32\drivers\{915cb94b-b4d8-4c0e-83b4-61409471b1c3}Gw64.sys [48792 2015-01-23] (StdLib) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-02 21:09 - 2015-02-02 21:09 - 00034370 _____ () C:\Users\Nico\Desktop\FRST.txt 2015-02-02 21:09 - 2015-02-02 21:09 - 00000000 ____D () C:\FRST 2015-02-02 21:08 - 2015-02-02 21:08 - 02131456 _____ (Farbar) C:\Users\Nico\Downloads\FRST64.exe 2015-02-02 21:08 - 2015-02-02 21:08 - 02131456 _____ (Farbar) C:\Users\Nico\Desktop\FRST64.exe 2015-02-02 21:07 - 2015-02-02 21:07 - 00000470 _____ () C:\Users\Nico\Desktop\defogger_disable.log 2015-02-02 21:07 - 2015-02-02 21:07 - 00000000 _____ () C:\Users\Nico\defogger_reenable 2015-02-02 21:07 - 2015-02-02 21:06 - 00050477 _____ () C:\Users\Nico\Desktop\Defogger.exe 2015-02-02 21:06 - 2015-02-02 21:06 - 00050477 _____ () C:\Users\Nico\Downloads\Defogger.exe 2015-02-02 20:54 - 2015-02-02 20:54 - 00011731 _____ () C:\Users\Nico\Desktop\AdwCleaner[R0].txt 2015-02-02 18:40 - 2015-02-02 18:45 - 00000000 ____D () C:\AdwCleaner 2015-02-02 18:39 - 2015-02-02 18:39 - 02194432 _____ () C:\Users\Nico\Downloads\adwcleaner_4.109.exe 2015-02-02 18:39 - 2015-02-02 18:39 - 02194432 _____ () C:\Users\Nico\Desktop\adwcleaner_4.109.exe 2015-02-02 07:27 - 2015-02-02 07:28 - 00000197 _____ () C:\WINDOWS\system32\2015-02-02-06-27-57.055-AvastVBoxSVC.exe-3956.log 2015-02-01 19:36 - 2015-02-02 21:04 - 00005138 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for Nico_Study-Nico Nico_Study 2015-02-01 19:36 - 2015-02-01 19:36 - 00000000 ____D () C:\Users\Nico\Documents\Benutzerdefinierte Office-Vorlagen 2015-02-01 18:39 - 2015-02-01 18:39 - 00002185 _____ () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk 2015-02-01 18:39 - 2015-02-01 18:39 - 00002132 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk 2015-02-01 18:39 - 2015-02-01 18:39 - 00002132 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk 2015-02-01 18:39 - 2015-02-01 18:39 - 00000000 ___RD () C:\Users\Nico\SkyDrive 2015-02-01 18:39 - 2015-02-01 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices 2015-02-01 18:39 - 2015-02-01 18:39 - 00000000 ____D () C:\ProgramData\Microsoft SkyDrive 2015-02-01 18:39 - 2015-02-01 18:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft SkyDrive 2015-02-01 18:36 - 2015-02-01 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-02-01 18:36 - 2015-02-01 18:36 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2015-02-01 18:35 - 2015-02-01 18:35 - 01064632 _____ (Microsoft Corporation) C:\Users\Nico\Downloads\Setup.X86.de-DE_O365HomePremRetail_69addc71-75e4-44ca-8fe2-b75fec0ab50a_TX_DB_.exe 2015-01-31 21:32 - 2015-01-31 21:32 - 00000666 _____ () C:\Users\Nico\Documents\Desktop - Verknüpfung.lnk 2015-01-31 20:25 - 2015-01-31 20:25 - 00084743 _____ () C:\Users\Nico\Downloads\Lohnsteuertabelle 2015.html 2015-01-31 11:45 - 2015-01-31 11:46 - 00000197 _____ () C:\WINDOWS\system32\2015-01-31-10-45-29.010-AvastVBoxSVC.exe-2208.log 2015-01-30 07:17 - 2015-01-30 07:17 - 00000197 _____ () C:\WINDOWS\system32\2015-01-30-06-17-00.090-AvastVBoxSVC.exe-3828.log 2015-01-29 07:35 - 2015-01-29 07:35 - 00000247 _____ () C:\WINDOWS\system32\2015-01-29-06-35-36.066-aswFe.exe-7372.log 2015-01-29 07:30 - 2015-01-29 07:35 - 00000247 _____ () C:\WINDOWS\system32\2015-01-29-06-30-54.071-aswFe.exe-6736.log 2015-01-29 07:30 - 2015-01-29 07:30 - 00000197 _____ () C:\WINDOWS\system32\2015-01-29-06-30-53.005-AvastVBoxSVC.exe-1236.log 2015-01-29 07:22 - 2015-01-29 07:22 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\BRT 2015-01-29 07:22 - 2015-01-28 21:41 - 00048792 _____ (StdLib) C:\WINDOWS\system32\Drivers\{3bcf4f2c-0bbb-4d4c-bf1f-11bbe6d501ea}Gw64.sys 2015-01-28 12:49 - 2015-01-28 12:50 - 00000197 _____ () C:\WINDOWS\system32\2015-01-28-11-49-54.090-AvastVBoxSVC.exe-1900.log 2015-01-28 07:25 - 2015-01-28 07:25 - 00000197 _____ () C:\WINDOWS\system32\2015-01-28-06-25-25.070-AvastVBoxSVC.exe-4116.log 2015-01-27 23:50 - 2015-01-27 23:50 - 00000197 _____ () C:\WINDOWS\system32\2015-01-27-22-50-04.045-AvastVBoxSVC.exe-3340.log 2015-01-27 22:00 - 2015-01-27 22:02 - 51621699 _____ () C:\Users\Nico\Downloads\fritzing.0.9.1b.64.pc_1.zip 2015-01-27 12:45 - 2015-01-27 12:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-25 17:01 - 2015-01-25 05:44 - 00048792 _____ (StdLib) C:\WINDOWS\system32\Drivers\{16a92140-918d-4afb-9edb-46f22437bb10}Gw64.sys 2015-01-25 11:13 - 2015-01-25 11:13 - 00000197 _____ () C:\WINDOWS\system32\2015-01-25-10-13-02.080-AvastVBoxSVC.exe-4020.log 2015-01-24 12:00 - 2015-01-24 12:00 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\PowerISO 2015-01-24 11:57 - 2015-01-24 11:57 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2015-01-24 11:55 - 2015-01-24 11:56 - 00000197 _____ () C:\WINDOWS\system32\2015-01-24-10-55-59.055-AvastVBoxSVC.exe-3480.log 2015-01-24 11:55 - 2015-01-24 11:55 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2015-01-24 00:31 - 2015-01-28 13:40 - 00003278 _____ () C:\WINDOWS\System32\Tasks\avastBCLRestartS-1-5-21-3589802351-439905089-1110981561-1001 2015-01-23 17:13 - 2015-01-23 17:14 - 00754216 _____ (DownloadAstro) C:\Users\Nico\Downloads\kmplayer.exe 2015-01-23 16:02 - 2015-01-23 16:02 - 00000197 _____ () C:\WINDOWS\system32\2015-01-23-15-02-14.017-AvastVBoxSVC.exe-3960.log 2015-01-23 15:59 - 2015-01-23 01:41 - 00048792 _____ (StdLib) C:\WINDOWS\system32\Drivers\{915cb94b-b4d8-4c0e-83b4-61409471b1c3}Gw64.sys 2015-01-23 15:53 - 2015-01-23 15:53 - 00000000 ____D () C:\ProgramData\IHProtectUpDate 2015-01-23 15:52 - 2015-01-23 15:53 - 00000000 ____D () C:\Program Files (x86)\XTab 2015-01-23 15:51 - 2015-01-23 15:51 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader 2015-01-23 15:51 - 2015-01-23 15:51 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect 2015-01-23 15:50 - 2015-01-23 15:50 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\vi-view 2015-01-23 15:49 - 2015-02-02 07:27 - 00000000 ____D () C:\Program Files (x86)\Dynamo Combo 2015-01-23 15:49 - 2015-01-23 18:59 - 00000000 ____D () C:\Users\Nico\AppData\Local\JDownloader v2.0 2015-01-23 07:18 - 2015-01-23 07:19 - 00000197 _____ () C:\WINDOWS\system32\2015-01-23-06-18-57.062-AvastVBoxSVC.exe-3996.log 2015-01-21 14:25 - 2015-01-21 14:25 - 00000000 ____D () C:\Users\Nico\AppData\Local\PDF24 2015-01-20 07:16 - 2015-01-20 07:17 - 00000197 _____ () C:\WINDOWS\system32\2015-01-20-06-16-31.052-AvastVBoxSVC.exe-3912.log 2015-01-20 07:15 - 2015-01-20 07:15 - 00000000 ____D () C:\ENI 2015-01-19 14:28 - 2015-01-19 14:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote 2015-01-19 14:28 - 2015-01-19 14:28 - 00000000 ____D () C:\Program Files (x86)\Evernote 2015-01-19 14:23 - 2015-01-19 14:25 - 98672136 _____ (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\Nico\Downloads\Evernote_5.8.1.6061.exe 2015-01-19 13:39 - 2008-06-06 14:15 - 00016488 _____ (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\Drivers\SysDrv3S.sys 2015-01-19 13:38 - 2015-01-19 13:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3S Software 2015-01-19 13:38 - 2015-01-19 13:39 - 00000000 ____D () C:\Program Files (x86)\3S Software 2015-01-19 13:38 - 2015-01-19 13:39 - 00000000 ____D () C:\lm.dat 2015-01-19 13:38 - 2015-01-19 13:38 - 00000000 ____D () C:\WINDOWS\Gateway Files 2015-01-19 13:38 - 2015-01-19 13:38 - 00000000 ____D () C:\Users\Nico\AppData\Local\EvernoteNW 2015-01-19 13:38 - 2010-06-10 13:53 - 00225353 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\Gateway.exe 2015-01-19 13:38 - 2010-06-10 13:53 - 00217164 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\GDrvStd.dll 2015-01-19 13:38 - 2010-06-10 13:53 - 00192588 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\GClient.dll 2015-01-19 13:38 - 2010-06-10 13:53 - 00184396 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\GatewayDDE.exe 2015-01-19 13:38 - 2010-06-10 13:53 - 00147532 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\GSymbol.dll 2015-01-19 13:38 - 2010-06-10 13:53 - 00147528 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\GUtil.dll 2015-01-19 13:38 - 2010-06-10 13:53 - 00143436 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\GHandle.dll 2015-01-19 13:38 - 2010-06-10 13:53 - 00135258 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\GHandleStdcall.dll 2015-01-19 13:38 - 2010-06-10 13:53 - 00114766 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\GDrvBase.dll 2015-01-19 13:38 - 2010-06-10 13:53 - 00081993 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\CommUsr.dll 2015-01-19 13:38 - 2010-06-10 13:53 - 00040960 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\CAN_VCI.dll 2015-01-19 13:38 - 2010-06-10 13:53 - 00036937 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\CommSym.dll 2015-01-19 13:38 - 2010-06-10 13:53 - 00032768 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\PEAK_USB.dll 2015-01-19 13:38 - 2010-06-10 13:53 - 00032768 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\PEAK_DNG.dll 2015-01-19 13:38 - 2010-05-11 17:10 - 00483328 _____ (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\LMAPI.DLL 2015-01-19 13:38 - 2010-01-07 16:57 - 00081408 ____N (PEAK-System Technik GmbH) C:\WINDOWS\SysWOW64\PCAN_USB.dll 2015-01-19 13:38 - 2010-01-07 16:57 - 00069120 ____N (PEAK-System Technik GmbH) C:\WINDOWS\SysWOW64\PCAN_DNG.dll 2015-01-19 13:38 - 2009-01-20 08:45 - 00274432 _____ (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\ENIClient.dll 2015-01-19 13:38 - 2007-04-10 16:30 - 00088613 _____ () C:\WINDOWS\SysWOW64\gateway.chm 2015-01-19 13:38 - 2007-02-27 16:59 - 00139264 _____ (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\3SXMLParser.dll 2015-01-19 13:38 - 2000-11-10 08:38 - 00114688 _____ (Technosoftware AG) C:\WINDOWS\SysWOW64\OCSDAAuto.dll 2015-01-19 13:38 - 2000-11-10 08:38 - 00077824 _____ (OPC Foundation) C:\WINDOWS\SysWOW64\opcproxy.dll 2015-01-19 13:38 - 2000-11-10 08:38 - 00075264 _____ () C:\WINDOWS\SysWOW64\callrproxy.dll 2015-01-19 13:38 - 2000-11-10 08:38 - 00061440 _____ (OPC Foundation) C:\WINDOWS\SysWOW64\opccomn_ps.dll 2015-01-19 13:38 - 2000-11-10 08:38 - 00060416 _____ () C:\WINDOWS\SysWOW64\OPCENUM.EXE 2015-01-19 13:38 - 2000-11-10 08:38 - 00040960 _____ (Technosoftware AG) C:\WINDOWS\SysWOW64\OCSSpy_ps.dll 2015-01-19 13:35 - 2015-01-19 13:35 - 00000197 _____ () C:\WINDOWS\system32\2015-01-19-12-35-36.019-AvastVBoxSVC.exe-3620.log 2015-01-18 16:12 - 2015-01-18 16:12 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2010 2015-01-18 16:12 - 2015-01-18 16:12 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2010 2015-01-18 15:18 - 2015-01-18 15:18 - 00000197 _____ () C:\WINDOWS\system32\2015-01-18-14-18-08.028-AvastVBoxSVC.exe-3876.log 2015-01-18 15:11 - 2015-01-18 15:11 - 00000197 _____ () C:\WINDOWS\system32\2015-01-18-14-11-07.053-AvastVBoxSVC.exe-3680.log 2015-01-16 00:17 - 2015-01-16 00:17 - 00000247 _____ () C:\WINDOWS\system32\2015-01-15-23-17-19.029-aswFe.exe-5592.log 2015-01-16 00:07 - 2015-01-16 00:17 - 00000247 _____ () C:\WINDOWS\system32\2015-01-15-23-07-38.068-aswFe.exe-5112.log 2015-01-16 00:07 - 2015-01-16 00:07 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-23-07-05.000-AvastVBoxSVC.exe-5652.log 2015-01-15 22:41 - 2015-01-15 22:41 - 00000000 ____D () C:\WINDOWS\SysWOW64\1033 2015-01-15 22:41 - 2015-01-15 22:41 - 00000000 ____D () C:\WINDOWS\system32\RsFx 2015-01-15 22:41 - 2015-01-15 22:41 - 00000000 ____D () C:\WINDOWS\system32\1033 2015-01-15 22:41 - 2015-01-15 22:41 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0 2015-01-15 22:41 - 2009-07-21 01:42 - 00111640 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll 2015-01-15 22:41 - 2009-07-21 01:42 - 00079896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll 2015-01-15 22:41 - 2009-07-21 01:42 - 00078872 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2015-01-15 22:41 - 2009-07-21 01:42 - 00050200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2015-01-15 22:40 - 2015-01-15 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 2015-01-15 22:39 - 2015-01-15 22:41 - 00000000 ____D () C:\Program Files\Microsoft SQL Server 2015-01-15 22:39 - 2015-01-15 22:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server 2015-01-15 22:39 - 2015-01-15 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Sync Framework 2015-01-15 22:39 - 2015-01-15 22:39 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services 2015-01-15 22:39 - 2015-01-15 22:39 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework 2015-01-15 22:39 - 2015-01-15 22:39 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition 2015-01-15 22:39 - 2015-01-15 22:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services 2015-01-15 22:38 - 2015-01-15 22:38 - 00000000 ____D () C:\ProgramData\PreEmptive Solutions 2015-01-15 22:36 - 2015-01-15 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 3 SDK - Deutsch 2015-01-15 22:35 - 2015-01-15 22:35 - 00000000 ____D () C:\Users\Nico\Documents\Visual Studio 2008 2015-01-15 22:35 - 2015-01-15 22:35 - 00000000 ____D () C:\Program Files\IIS 2015-01-15 22:35 - 2015-01-15 22:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET 2015-01-15 22:35 - 2015-01-15 22:35 - 00000000 ____D () C:\Program Files (x86)\IIS 2015-01-15 22:34 - 2015-01-15 22:34 - 00000000 ____D () C:\Users\Nico\Documents\Visual Studio 2010 2015-01-15 22:32 - 2015-01-18 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 2015-01-15 22:32 - 2015-01-15 22:41 - 00000000 ____D () C:\WINDOWS\SysWOW64\1031 2015-01-15 22:32 - 2015-01-15 22:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0 2015-01-15 22:32 - 2015-01-15 22:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft F# 2015-01-15 22:32 - 2015-01-15 22:33 - 00000000 ____D () C:\Program Files (x86)\HTML Help Workshop 2015-01-15 22:31 - 2015-01-15 22:41 - 00000000 ____D () C:\WINDOWS\system32\1031 2015-01-15 22:31 - 2015-01-15 22:39 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 10.0 2015-01-15 22:31 - 2015-01-15 22:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs 2015-01-15 22:31 - 2015-01-15 22:31 - 00000000 ____D () C:\WINDOWS\symbols 2015-01-15 22:31 - 2015-01-15 22:31 - 00000000 ____D () C:\Program Files\Microsoft Help Viewer 2015-01-15 22:31 - 2015-01-15 22:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 9.0 2015-01-15 22:30 - 2015-01-15 22:30 - 00000000 ____D () C:\WINDOWS\PCHEALTH 2015-01-15 22:27 - 2015-01-21 14:33 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Windows Live Writer 2015-01-15 22:27 - 2015-01-15 22:27 - 00000000 ____D () C:\Users\Nico\AppData\Local\Windows Live Writer 2015-01-15 22:22 - 2015-01-15 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ELECTRA_250 2015-01-15 22:22 - 2015-01-15 22:22 - 00000000 ____D () C:\ProgramData\CP70vxDj0 2015-01-15 22:22 - 2015-01-15 22:22 - 00000000 ____D () C:\Program Files (x86)\ELECTRA_250 2015-01-15 22:21 - 2015-01-15 22:21 - 00000806 _____ () C:\Users\Nico\Downloads\#Ablage.lnk 2015-01-15 22:21 - 2015-01-15 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TARGET 3001! V17 pcb-pool 2015-01-15 22:21 - 2015-01-15 22:21 - 00000000 ____D () C:\Program Files (x86)\ibf 2015-01-15 22:13 - 2015-02-02 07:28 - 00000000 ___RD () C:\Users\Nico\Dropbox 2015-01-15 22:06 - 2015-01-15 22:06 - 00324136 _____ (Dropbox, Inc.) C:\Users\Nico\Downloads\DropboxInstaller.exe 2015-01-15 21:57 - 2015-01-15 21:57 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-20-57-11.022-AvastVBoxSVC.exe-3676.log 2015-01-15 21:55 - 2015-01-15 21:55 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Sirrix AG 2015-01-15 21:54 - 2015-01-15 21:54 - 00000000 ____D () C:\Users\Nico\AppData\Local\Cisco 2015-01-15 21:54 - 2015-01-15 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco 2015-01-15 21:54 - 2015-01-15 21:54 - 00000000 ____D () C:\ProgramData\Cisco 2015-01-15 21:54 - 2013-10-10 17:29 - 00112496 ____R (Cisco Systems, Inc.) C:\WINDOWS\system32\Drivers\acsock64.sys 2015-01-15 21:53 - 2015-01-15 21:53 - 00001275 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser in the Box.lnk 2015-01-15 21:53 - 2015-01-15 21:53 - 00000000 ____D () C:\ProgramData\Sirrix AG 2015-01-15 21:53 - 2015-01-15 21:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser in the Box 2015-01-15 21:53 - 2015-01-15 21:53 - 00000000 ____D () C:\Program Files (x86)\Sirrix AG 2015-01-15 21:50 - 2015-01-15 21:50 - 00000000 ____D () C:\Program Files\Oracle 2015-01-15 21:50 - 2014-01-10 22:49 - 00239376 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys 2015-01-15 21:50 - 2014-01-10 22:48 - 00119056 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys 2015-01-15 21:46 - 2015-01-15 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-01-15 21:45 - 2015-01-15 22:09 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-01-15 21:43 - 2015-02-02 20:59 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-15 21:43 - 2015-02-02 07:27 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-15 21:43 - 2015-01-15 21:54 - 00004112 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-01-15 21:43 - 2015-01-15 21:54 - 00003876 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-01-15 21:43 - 2015-01-15 21:46 - 00000000 ____D () C:\Users\Nico\AppData\Local\Google 2015-01-15 21:43 - 2015-01-15 21:46 - 00000000 ____D () C:\Program Files (x86)\Google 2015-01-15 21:42 - 2015-02-02 07:28 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Dropbox 2015-01-15 21:37 - 2015-01-15 21:37 - 00000000 ____D () C:\Users\Nico\AppData\Local\Evernote 2015-01-15 21:32 - 2015-01-18 15:59 - 00004062 _____ () C:\Users\Nico\AppData\Roaming\LTspiceIV.ini 2015-01-15 21:30 - 2015-01-15 21:30 - 00001211 _____ () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\LTspice IV.lnk 2015-01-15 21:30 - 2015-01-15 21:30 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Toastify 2015-01-15 21:29 - 2015-01-15 21:29 - 00000000 ____D () C:\Program Files (x86)\LTC 2015-01-15 21:20 - 2015-01-15 21:21 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-20-20-55.031-AvastVBoxSVC.exe-3124.log 2015-01-15 21:20 - 2015-01-15 21:20 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-01-15 21:20 - 2015-01-15 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-01-15 21:19 - 2015-01-15 21:19 - 00000844 _____ () C:\Users\Nico\Desktop\##Studium## - Verknüpfung.lnk 2015-01-15 21:19 - 2015-01-15 21:19 - 00000806 _____ () C:\Users\Nico\Desktop\#Ablage - Verknüpfung.lnk 2015-01-15 21:18 - 2015-01-15 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 2015-01-15 21:18 - 2015-01-15 21:18 - 00000000 ____D () C:\Program Files (x86)\PDF24 2015-01-15 21:17 - 2015-01-15 22:21 - 00000000 ____D () C:\Program Files (x86)\PhotoshopPortable 2015-01-15 21:16 - 2015-01-15 21:16 - 00000039 _____ () C:\Users\Nico\AppData\Roaming\SupportBox_MSUL.cfg 2015-01-15 21:16 - 2015-01-15 21:16 - 00000000 ____D () C:\Users\Nico\AppData\Local\SearchProtect 2015-01-15 21:16 - 2015-01-15 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO 2015-01-15 21:16 - 2015-01-15 21:16 - 00000000 ____D () C:\Program Files\PowerISO 2015-01-15 21:16 - 2015-01-15 21:16 - 00000000 ____D () C:\Program Files (x86)\SearchProtect 2015-01-15 21:16 - 2014-03-30 07:26 - 00129944 _____ (Power Software Ltd) C:\WINDOWS\system32\Drivers\scdemu.sys 2015-01-15 21:15 - 2015-01-15 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes 2015-01-15 21:15 - 2015-01-15 21:15 - 00000000 ____D () C:\Program Files (x86)\Toastify 2015-01-15 21:15 - 2015-01-15 21:15 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes 2015-01-15 21:11 - 2015-01-26 13:55 - 00000000 ____D () C:\Users\Nico\AppData\Local\Spotify 2015-01-15 21:11 - 2015-01-15 21:11 - 00001794 _____ () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2015-01-15 21:11 - 2015-01-15 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2015-01-15 21:11 - 2015-01-15 21:11 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client 2015-01-15 21:10 - 2015-01-23 18:57 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\vlc 2015-01-15 21:10 - 2015-01-15 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2015-01-15 21:10 - 2015-01-15 21:10 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2015-01-15 21:09 - 2015-02-01 21:47 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Spotify 2015-01-15 21:09 - 2015-01-15 21:09 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2015-01-15 21:08 - 2015-01-15 21:08 - 00000000 ____D () C:\The KMPlayer 2015-01-15 21:06 - 2015-01-15 21:06 - 00001478 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk 2015-01-15 21:06 - 2015-01-15 21:06 - 00001329 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2015-01-15 21:06 - 2015-01-15 21:06 - 00000000 ____D () C:\WINDOWS\it 2015-01-15 21:06 - 2015-01-15 21:06 - 00000000 ____D () C:\WINDOWS\fr 2015-01-15 21:06 - 2015-01-15 21:06 - 00000000 ____D () C:\WINDOWS\de 2015-01-15 21:06 - 2015-01-15 21:06 - 00000000 ____D () C:\Program Files\Windows Live 2015-01-15 21:06 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll 2015-01-15 21:06 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll 2015-01-15 21:06 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll 2015-01-15 21:06 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll 2015-01-15 21:06 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll 2015-01-15 21:06 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll 2015-01-15 21:06 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll 2015-01-15 21:06 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll 2015-01-15 21:06 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll 2015-01-15 21:06 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll 2015-01-15 21:05 - 2015-01-22 07:22 - 00000000 ____D () C:\Users\Nico\AppData\Local\Windows Live 2015-01-15 21:05 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll 2015-01-15 21:05 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll 2015-01-15 21:03 - 2015-02-02 21:08 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Skype 2015-01-15 21:03 - 2015-01-15 21:20 - 00000000 ____D () C:\ProgramData\Skype 2015-01-15 21:03 - 2015-01-15 21:03 - 00000000 ____D () C:\Users\Nico\AppData\Local\Skype 2015-01-15 21:01 - 2015-01-15 21:08 - 92658088 _____ (Oracle Corporation) C:\Users\Nico\Downloads\jre-8u25-windows-x64.exe 2015-01-15 21:01 - 2015-01-15 21:03 - 29727656 _____ (Oracle Corporation) C:\Users\Nico\Downloads\jre-8u25-windows-i586.exe 2015-01-15 21:00 - 2015-01-15 21:09 - 00000000 ____D () C:\ProgramData\Oracle 2015-01-15 21:00 - 2015-01-15 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-01-15 21:00 - 2015-01-15 21:03 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe 2015-01-15 21:00 - 2015-01-15 21:03 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe 2015-01-15 21:00 - 2015-01-15 21:03 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe 2015-01-15 21:00 - 2015-01-15 21:03 - 00000000 ____D () C:\Program Files (x86)\Java 2015-01-15 21:00 - 2015-01-15 21:00 - 00000000 ____D () C:\ProgramData\Sun 2015-01-15 20:58 - 2015-01-28 21:18 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Foxit Software 2015-01-15 20:58 - 2015-01-15 20:58 - 00000000 ____D () C:\Users\Public\Foxit Software 2015-01-15 20:58 - 2015-01-15 20:58 - 00000000 ____D () C:\Program Files (x86)\Foxit Software 2015-01-15 20:57 - 2015-01-13 18:08 - 00001012 _____ () C:\Users\Nico\Desktop\DHBW.exe.lnk 2015-01-15 20:42 - 2015-01-15 20:42 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-19-42-31.087-AvastVBoxSVC.exe-2524.log 2015-01-15 20:40 - 2015-01-15 20:40 - 00000000 ____D () C:\WINDOWS\system32\RAPID 2015-01-15 20:40 - 2014-09-16 14:30 - 00268976 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\SamsungRapidDiskFltr.sys 2015-01-15 20:24 - 2015-01-15 20:24 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-19-24-13.000-AvastVBoxSVC.exe-2488.log 2015-01-15 20:17 - 2015-01-15 20:17 - 00003276 _____ () C:\WINDOWS\System32\Tasks\SamsungMagician 2015-01-15 20:17 - 2015-01-15 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician 2015-01-15 20:15 - 2015-01-15 20:15 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-19-15-31.060-AvastVBoxSVC.exe-2496.log 2015-01-15 20:11 - 2015-01-15 20:11 - 00000247 _____ () C:\WINDOWS\system32\2015-01-15-19-11-42.036-aswFe.exe-3816.log 2015-01-15 20:09 - 2015-01-15 20:11 - 00000247 _____ () C:\WINDOWS\system32\2015-01-15-19-09-56.093-aswFe.exe-3408.log 2015-01-15 20:09 - 2015-01-15 20:10 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-19-09-56.027-AvastVBoxSVC.exe-2432.log 2015-01-15 20:00 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll 2015-01-15 20:00 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll 2015-01-15 19:55 - 2014-11-15 20:05 - 00801584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2015-01-15 19:55 - 2014-11-15 07:29 - 00962216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2015-01-15 19:55 - 2014-11-14 15:36 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2015-01-15 19:55 - 2014-11-14 08:10 - 03558400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-01-15 19:55 - 2014-11-14 07:58 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2015-01-15 19:55 - 2014-11-14 07:57 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2015-01-15 19:55 - 2014-11-14 07:57 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2015-01-15 19:55 - 2014-11-14 07:54 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2015-01-15 19:55 - 2014-11-14 07:54 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2015-01-15 19:55 - 2014-11-14 07:53 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2015-01-15 19:55 - 2014-11-14 07:52 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2015-01-15 19:55 - 2014-11-14 06:04 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2015-01-15 19:55 - 2014-11-14 06:03 - 00885760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2015-01-15 19:55 - 2014-11-14 06:03 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2015-01-15 19:55 - 2014-11-14 06:01 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2015-01-15 19:55 - 2014-11-14 06:01 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2015-01-15 19:55 - 2014-11-11 01:39 - 22290560 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2015-01-15 19:55 - 2014-11-11 01:17 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2015-01-15 19:55 - 2014-11-10 19:06 - 02485056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2015-01-15 19:55 - 2014-11-10 19:06 - 00473408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys 2015-01-15 19:55 - 2014-11-10 19:06 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2015-01-15 19:55 - 2014-11-10 19:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys 2015-01-15 19:55 - 2014-11-10 03:57 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys 2015-01-15 19:55 - 2014-11-10 02:37 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL 2015-01-15 19:55 - 2014-11-10 02:34 - 01084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2015-01-15 19:55 - 2014-11-10 02:26 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL 2015-01-15 19:55 - 2014-11-10 02:20 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll 2015-01-15 19:55 - 2014-11-10 02:09 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL 2015-01-15 19:55 - 2014-11-10 02:08 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2015-01-15 19:55 - 2014-11-10 02:06 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll 2015-01-15 19:55 - 2014-11-10 01:57 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll 2015-01-15 19:55 - 2014-11-10 01:57 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll 2015-01-15 19:55 - 2014-11-08 11:42 - 01390928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2015-01-15 19:55 - 2014-11-08 11:23 - 01127976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2015-01-15 19:55 - 2014-11-08 05:00 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys 2015-01-15 19:55 - 2014-11-08 05:00 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys 2015-01-15 19:55 - 2014-11-08 04:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys 2015-01-15 19:55 - 2014-11-08 04:58 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys 2015-01-15 19:55 - 2014-11-08 04:56 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp 2015-01-15 19:55 - 2014-11-08 04:56 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll 2015-01-15 19:55 - 2014-11-08 04:56 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll 2015-01-15 19:55 - 2014-11-08 04:24 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll 2015-01-15 19:55 - 2014-11-08 04:13 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp 2015-01-15 19:55 - 2014-11-08 04:13 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll 2015-01-15 19:55 - 2014-11-08 04:13 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll 2015-01-15 19:55 - 2014-11-08 03:48 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll 2015-01-15 19:55 - 2014-11-08 03:38 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2015-01-15 19:55 - 2014-11-08 03:17 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2015-01-15 19:55 - 2014-11-08 03:09 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll 2015-01-15 19:55 - 2014-11-08 03:03 - 00733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll 2015-01-15 19:55 - 2014-11-08 02:59 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll 2015-01-15 19:55 - 2014-11-08 02:58 - 04837376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll 2015-01-15 19:55 - 2014-11-08 02:49 - 01154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe 2015-01-15 19:55 - 2014-11-07 04:58 - 00952896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2015-01-15 19:55 - 2014-11-07 04:20 - 00786120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2015-01-15 19:55 - 2014-11-05 03:12 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSHVHOST.DLL 2015-01-15 19:55 - 2014-11-05 03:12 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSVRMGMT.DLL 2015-01-15 19:55 - 2014-11-05 03:06 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll 2015-01-15 19:55 - 2014-11-05 02:44 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2015-01-15 19:55 - 2014-11-05 02:43 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2015-01-15 19:55 - 2014-11-05 02:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll 2015-01-15 19:55 - 2014-11-05 02:39 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSHVHOST.DLL 2015-01-15 19:55 - 2014-11-05 02:39 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSVRMGMT.DLL 2015-01-15 19:55 - 2014-11-05 02:33 - 00465408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll 2015-01-15 19:55 - 2014-11-05 02:21 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll 2015-01-15 19:55 - 2014-11-05 02:20 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2015-01-15 19:55 - 2014-11-05 02:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll 2015-01-15 19:55 - 2014-11-05 02:14 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll 2015-01-15 19:55 - 2014-11-05 02:06 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll 2015-01-15 19:55 - 2014-11-04 20:33 - 00058176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys 2015-01-15 19:55 - 2014-11-04 20:25 - 00059712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys 2015-01-15 19:55 - 2014-11-04 20:25 - 00051008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys 2015-01-15 19:55 - 2014-11-04 07:55 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys 2015-01-15 19:55 - 2014-11-04 07:54 - 00108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys 2015-01-15 19:55 - 2014-11-04 07:54 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys 2015-01-15 19:55 - 2014-11-04 07:54 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys 2015-01-15 19:55 - 2014-11-04 07:27 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe 2015-01-15 19:55 - 2014-11-04 06:01 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe 2015-01-15 19:55 - 2014-10-31 01:51 - 18823168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2015-01-15 19:55 - 2014-10-31 01:10 - 15158784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2015-01-15 19:55 - 2014-10-30 06:55 - 07473472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-01-15 19:55 - 2014-10-30 06:47 - 01499384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-01-15 19:55 - 2014-10-30 06:41 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-01-15 19:55 - 2014-10-29 04:05 - 00551232 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2015-01-15 19:55 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll 2015-01-15 19:55 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll 2015-01-15 19:55 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll 2015-01-15 19:55 - 2014-10-29 02:55 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll 2015-01-15 19:55 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll 2015-01-15 19:55 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll 2015-01-15 19:55 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe 2015-01-15 19:55 - 2014-10-29 02:13 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll 2015-01-15 19:55 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe 2015-01-15 19:55 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe 2015-01-15 19:55 - 2014-10-26 23:10 - 00390841 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2015-01-15 19:55 - 2014-10-21 02:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventcls.dll 2015-01-15 19:55 - 2014-10-21 02:19 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eventcls.dll 2015-01-15 19:55 - 2014-10-21 01:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll 2015-01-15 19:55 - 2014-10-21 01:31 - 01574400 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll 2015-01-15 19:55 - 2014-10-21 01:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll 2015-01-15 19:55 - 2014-10-21 01:30 - 01454080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe 2015-01-15 19:55 - 2014-10-21 01:20 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll 2015-01-15 19:55 - 2014-10-18 09:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2015-01-15 19:55 - 2014-10-18 09:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2015-01-15 19:55 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll 2015-01-15 19:55 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll 2015-01-15 19:55 - 2014-10-17 05:56 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2015-01-15 19:55 - 2014-10-17 05:56 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2015-01-15 19:55 - 2014-10-17 05:56 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys 2015-01-15 19:55 - 2014-10-17 04:35 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2015-01-15 19:54 - 2014-04-30 07:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys 2015-01-15 19:54 - 2014-04-30 07:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys 2015-01-15 19:52 - 2015-01-15 19:52 - 00000247 _____ () C:\WINDOWS\system32\2015-01-15-18-52-31.026-aswFe.exe-6052.log 2015-01-15 19:52 - 2015-01-15 19:52 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-18-52-30.013-AvastVBoxSVC.exe-4164.log 2015-01-15 19:48 - 2015-01-15 19:48 - 00000000 ____D () C:\WINDOWS\SysWOW64\vbox 2015-01-15 19:48 - 2015-01-15 19:48 - 00000000 ____D () C:\WINDOWS\system32\vbox 2015-01-15 19:48 - 2015-01-15 19:48 - 00000000 ____D () C:\ProgramData\ATI 2015-01-15 19:45 - 2015-01-15 19:45 - 03733666 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI 2015-01-15 19:45 - 2015-01-15 19:45 - 00000000 ____D () C:\WINDOWS\RSTLog 2015-01-15 19:45 - 2015-01-15 19:45 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Intel Corporation 2015-01-15 19:44 - 2015-01-15 19:44 - 00000000 ____D () C:\WINDOWS\SysWOW64\sda 2015-01-15 19:43 - 2013-07-26 15:07 - 00827096 _____ (Realtek ) C:\WINDOWS\system32\Drivers\Rt630x64.sys 2015-01-15 19:43 - 2013-07-26 15:07 - 00074456 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll 2015-01-15 19:42 - 2013-07-24 14:57 - 00022832 _____ (ELAN Microelectronic Corp.) C:\WINDOWS\system32\Drivers\ETDSMBus.sys 2015-01-15 19:39 - 2015-01-15 19:39 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2015-01-15 19:39 - 2015-01-15 19:39 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2015-01-15 19:38 - 2015-02-02 19:57 - 00000000 ____D () C:\#Data 2015-01-15 19:32 - 2015-01-15 19:32 - 00003936 _____ () C:\WINDOWS\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d 2015-01-15 19:32 - 2015-01-15 19:32 - 00003690 _____ () C:\WINDOWS\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon 2015-01-15 19:32 - 2015-01-15 19:32 - 00000000 _____ () C:\WINDOWS\SysWOW64\agent.log 2015-01-15 19:31 - 2015-01-15 19:31 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf 2015-01-15 19:26 - 2015-01-15 19:26 - 00061191 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201501151926091236.log 2015-01-15 19:26 - 2015-01-15 19:26 - 00001272 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerXpress.lnk 2015-01-15 19:26 - 2015-01-15 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2015-01-15 19:26 - 2015-01-15 19:26 - 00000000 ____D () C:\Program Files (x86)\AMD AVT 2015-01-15 19:25 - 2013-08-30 20:14 - 00156712 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll 2015-01-15 19:25 - 2013-08-30 20:14 - 00142792 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll 2015-01-15 19:25 - 2013-08-30 20:14 - 00141256 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll 2015-01-15 19:25 - 2013-08-30 20:14 - 00114488 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll 2015-01-15 19:25 - 2013-08-30 20:14 - 00097984 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll 2015-01-15 19:25 - 2013-08-30 20:14 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll 2015-01-15 19:25 - 2013-08-30 20:14 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll 2015-01-15 19:25 - 2013-08-30 20:14 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll 2015-01-15 19:25 - 2013-08-30 20:14 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll 2015-01-15 19:25 - 2013-08-30 20:13 - 09464840 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll 2015-01-15 19:25 - 2013-08-30 20:13 - 07256496 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll 2015-01-15 19:25 - 2013-08-30 20:13 - 06767240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll 2015-01-15 19:25 - 2013-08-30 20:13 - 06189416 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll 2015-01-15 19:25 - 2013-08-30 20:13 - 06176008 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll 2015-01-15 19:25 - 2013-08-30 20:13 - 01233080 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll 2015-01-15 19:25 - 2013-08-30 20:11 - 12528640 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys 2015-01-15 19:25 - 2013-08-30 20:05 - 00781312 _____ () C:\WINDOWS\system32\amdmiracast.dll 2015-01-15 19:25 - 2013-08-30 19:48 - 00229376 _____ () C:\WINDOWS\system32\clinfo.exe 2015-01-15 19:25 - 2013-08-30 19:48 - 00127488 _____ (AMD) C:\WINDOWS\system32\coinst_13.152.dll 2015-01-15 19:25 - 2013-08-30 19:47 - 28192256 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll 2015-01-15 19:25 - 2013-08-30 19:47 - 00098816 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\OpenVideo64.dll 2015-01-15 19:25 - 2013-08-30 19:47 - 00086528 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\OVDecode64.dll 2015-01-15 19:25 - 2013-08-30 19:47 - 00083456 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\OpenVideo.dll 2015-01-15 19:25 - 2013-08-30 19:47 - 00073216 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\OVDecode.dll 2015-01-15 19:25 - 2013-08-30 19:45 - 23760896 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll 2015-01-15 19:25 - 2013-08-30 19:43 - 00063488 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2015-01-15 19:25 - 2013-08-30 19:43 - 00057344 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2015-01-15 19:25 - 2013-08-30 19:35 - 25387520 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll 2015-01-15 19:25 - 2013-08-30 19:18 - 00530824 _____ () C:\WINDOWS\SysWOW64\atiapfxx.blb 2015-01-15 19:25 - 2013-08-30 19:18 - 00530824 _____ () C:\WINDOWS\system32\atiapfxx.blb 2015-01-15 19:25 - 2013-08-30 19:18 - 00368640 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe 2015-01-15 19:25 - 2013-08-30 19:18 - 00062464 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll 2015-01-15 19:25 - 2013-08-30 19:18 - 00055808 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll 2015-01-15 19:25 - 2013-08-30 19:18 - 00052224 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll 2015-01-15 19:25 - 2013-08-30 19:18 - 00049152 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll 2015-01-15 19:25 - 2013-08-30 19:17 - 15716352 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll 2015-01-15 19:25 - 2013-08-30 19:14 - 21400064 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll 2015-01-15 19:25 - 2013-08-30 19:14 - 14302208 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll 2015-01-15 19:25 - 2013-08-30 19:04 - 03388672 _____ () C:\WINDOWS\system32\atiumd6a.cap 2015-01-15 19:25 - 2013-08-30 18:59 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll 2015-01-15 19:25 - 2013-08-30 18:58 - 00571904 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe 2015-01-15 19:25 - 2013-08-30 18:58 - 00026112 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll 2015-01-15 19:25 - 2013-08-30 18:57 - 00239616 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe 2015-01-15 19:25 - 2013-08-30 18:56 - 00190976 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll 2015-01-15 19:25 - 2013-08-30 18:50 - 03422720 _____ () C:\WINDOWS\SysWOW64\atiumdva.cap 2015-01-15 19:25 - 2013-08-30 18:37 - 00096256 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll 2015-01-15 19:25 - 2013-08-30 18:37 - 00090624 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll 2015-01-15 19:25 - 2013-08-30 18:37 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll 2015-01-15 19:25 - 2013-08-30 18:37 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll 2015-01-15 19:25 - 2013-08-30 18:35 - 00134656 _____ () C:\WINDOWS\system32\amdhdl64.dll 2015-01-15 19:25 - 2013-08-30 18:34 - 00123392 _____ () C:\WINDOWS\SysWOW64\amdhdl32.dll 2015-01-15 19:25 - 2013-08-30 18:33 - 00784384 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll 2015-01-15 19:25 - 2013-08-30 18:33 - 00594944 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll 2015-01-15 19:25 - 2013-08-30 18:33 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll 2015-01-15 19:25 - 2013-08-30 18:33 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll 2015-01-15 19:25 - 2013-08-30 18:32 - 00618496 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys 2015-01-15 19:25 - 2013-08-30 18:32 - 00100352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll 2015-01-15 19:25 - 2013-08-30 18:32 - 00096768 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll 2015-01-15 19:25 - 2013-08-30 18:32 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll 2015-01-15 19:25 - 2013-08-30 18:32 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll 2015-01-15 19:25 - 2013-08-27 15:06 - 00233652 _____ () C:\WINDOWS\system32\ativvaxy_cik.dat 2015-01-15 19:25 - 2013-08-27 13:27 - 00082336 _____ () C:\WINDOWS\system32\ativce02.dat 2015-01-15 19:25 - 2013-08-07 13:22 - 00716208 _____ () C:\WINDOWS\system32\atiicdxx.dat 2015-01-15 19:25 - 2013-08-07 11:12 - 00231984 _____ () C:\WINDOWS\system32\ativvaxy_cik_nd.dat 2015-01-15 19:25 - 2013-05-04 15:22 - 00047164 _____ () C:\WINDOWS\atiogl.xml 2015-01-15 19:09 - 2015-01-15 19:09 - 00000000 ____D () C:\Program Files\DIFX 2015-01-15 18:45 - 2015-01-15 18:45 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2015-01-15 18:45 - 2015-01-15 18:45 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2015-01-15 18:45 - 2015-01-15 18:45 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll 2015-01-15 18:45 - 2015-01-15 18:45 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll 2015-01-15 18:44 - 2015-01-15 18:44 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2015-01-15 18:44 - 2015-01-15 18:44 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys 2015-01-15 18:44 - 2015-01-15 18:44 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2015-01-15 18:44 - 2015-01-15 18:44 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll 2015-01-15 18:44 - 2015-01-15 18:44 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll 2015-01-15 18:42 - 2015-01-15 18:42 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2015-01-15 18:42 - 2015-01-15 18:42 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2015-01-15 18:41 - 2015-01-15 18:41 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll 2015-01-15 18:41 - 2015-01-15 18:41 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll 2015-01-15 18:28 - 2015-01-15 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-01-15 18:27 - 2015-01-15 18:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-01-15 18:27 - 2015-01-15 18:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2015-01-15 18:25 - 2015-01-15 18:25 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2015-01-15 18:23 - 2014-07-21 22:03 - 00036096 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdkmpfd.sys 2015-01-15 18:22 - 2015-01-15 18:22 - 00001450 _____ () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-15 18:22 - 2015-01-15 18:22 - 00000451 _____ () C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat 2015-01-15 18:22 - 2015-01-15 18:22 - 00000020 ___SH () C:\Users\Nico\ntuser.ini 2015-01-15 18:22 - 2015-01-15 18:22 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\ATI 2015-01-15 18:22 - 2015-01-15 18:22 - 00000000 ____D () C:\Users\Nico\AppData\Local\ATI 2015-01-15 18:20 - 2015-02-02 20:03 - 02036910 _____ () C:\WINDOWS\WindowsUpdate.log 2015-01-15 18:20 - 2015-01-15 18:20 - 00022960 _____ () C:\WINDOWS\system32\emptyregdb.dat 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\Vorlagen 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\Startmenü 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\Druckumgebung 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Programme 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\ProgramData\Vorlagen 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\ProgramData\Startmenü 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\ProgramData\Dokumente 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Dokumente und Einstellungen 2015-01-15 18:18 - 2015-01-15 18:18 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-01-15 18:17 - 2015-02-02 21:07 - 00000000 ____D () C:\Users\Nico 2015-01-15 18:17 - 2015-01-15 18:20 - 00020958 _____ () C:\WINDOWS\diagwrn.xml 2015-01-15 18:17 - 2015-01-15 18:20 - 00020958 _____ () C:\WINDOWS\diagerr.xml 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\Vorlagen 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\Startmenü 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\Netzwerkumgebung 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\Lokale Einstellungen 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\Eigene Dateien 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\Druckumgebung 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\Documents\Eigene Musik 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\Documents\Eigene Bilder 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\AppData\Local\Verlauf 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\AppData\Local\Anwendungsdaten 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\Anwendungsdaten 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 ___RD () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate 2015-01-15 18:17 - 2014-11-21 11:52 - 00000000 ___RD () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-15 18:17 - 2014-11-21 11:52 - 00000000 ___RD () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-01-15 18:17 - 2014-11-21 04:42 - 00000369 _____ () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-01-15 18:17 - 2014-11-21 04:42 - 00000369 _____ () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-01-15 18:17 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-01-15 18:15 - 2015-01-15 18:15 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2015-01-15 18:15 - 2015-01-15 18:15 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_SensorsAlsDriver_01_11_00.Wdf 2015-01-15 18:15 - 2015-01-15 18:15 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_iBtFltCoex_01009.Wdf 2015-01-15 18:15 - 2015-01-15 18:15 - 00000000 ____H () C:\ProgramData\DP45977C.lfl 2015-01-15 18:15 - 2015-01-15 18:15 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM 2015-01-15 18:15 - 2015-01-15 18:15 - 00000000 ____D () C:\WINDOWS\system32\SRSLabs 2015-01-15 18:15 - 2015-01-15 18:15 - 00000000 ____D () C:\Program Files\Realtek 2015-01-15 18:14 - 2015-01-15 19:46 - 00000000 ____D () C:\Program Files (x86)\Intel 2015-01-15 18:14 - 2015-01-15 18:14 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies 2015-01-15 18:14 - 2015-01-15 18:14 - 00000000 ____D () C:\Program Files\AMD 2015-01-15 18:14 - 2015-01-15 18:14 - 00000000 ____D () C:\AMD 2015-01-15 18:13 - 2015-01-15 19:46 - 00000000 ____D () C:\Program Files\Elantech 2015-01-15 18:13 - 2015-01-15 18:22 - 00000000 ___DC () C:\WINDOWS\Panther 2015-01-15 18:13 - 2015-01-15 18:13 - 00000000 __SHD () C:\Recovery 2015-01-15 18:12 - 2015-01-15 18:12 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-01-15 18:12 - 2015-01-15 18:12 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-01-15 18:12 - 2015-01-15 18:12 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-01-15 18:12 - 2015-01-15 18:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2015-01-15 18:12 - 2015-01-15 18:12 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2015-01-15 18:12 - 2015-01-15 18:12 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-01-15 18:12 - 2015-01-15 18:12 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-01-15 18:11 - 2015-01-19 23:25 - 00000000 ____D () C:\WINDOWS\en-GB 2015-01-15 18:11 - 2015-01-15 18:11 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2015-01-15 18:11 - 2015-01-15 18:11 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll 2015-01-15 18:11 - 2015-01-15 18:11 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2015-01-15 18:11 - 2015-01-15 18:11 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2015-01-15 18:11 - 2015-01-15 18:11 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2015-01-15 18:11 - 2015-01-15 18:11 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll 2015-01-15 18:11 - 2015-01-15 18:11 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe 2015-01-15 18:11 - 2015-01-15 18:11 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll 2015-01-15 18:05 - 2015-01-15 18:05 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2015-01-15 18:05 - 2015-01-15 18:05 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2015-01-15 18:05 - 2015-01-15 18:05 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-01-15 18:05 - 2015-01-15 18:05 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-01-15 18:04 - 2015-01-15 18:04 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2015-01-15 18:04 - 2015-01-15 18:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2015-01-15 18:04 - 2015-01-15 18:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-01-15 18:01 - 2015-01-15 18:01 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff 2015-01-15 18:01 - 2015-01-15 18:01 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-01-15 18:01 - 2015-01-15 18:01 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2015-01-15 18:01 - 2015-01-15 18:01 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-01-15 18:01 - 2015-01-15 18:01 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2015-01-15 18:01 - 2015-01-15 18:01 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-01-15 18:01 - 2015-01-15 18:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll 2015-01-15 18:01 - 2015-01-15 18:01 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll 2015-01-15 18:00 - 2015-01-19 23:25 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer 2015-01-15 18:00 - 2015-01-15 22:37 - 00000000 ____D () C:\Program Files\MSBuild 2015-01-15 18:00 - 2015-01-15 22:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2015-01-15 18:00 - 2015-01-15 18:00 - 00000000 ____D () C:\Program Files\Reference Assemblies 2015-01-15 18:00 - 2015-01-15 18:00 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies 2015-01-15 18:00 - 2013-08-03 05:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2015-01-15 18:00 - 2013-08-03 05:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2015-01-15 18:00 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2015-01-15 18:00 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-01-15 17:54 - 2015-01-15 18:20 - 00006611 _____ () C:\WINDOWS\comsetup.log 2015-01-15 17:32 - 2014-07-21 21:28 - 04016216 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys 2015-01-15 17:32 - 2014-07-21 13:52 - 01279373 _____ () C:\WINDOWS\system32\Drivers\RTAIODAT.DAT 2015-01-15 17:32 - 2014-07-18 18:10 - 02810736 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll 2015-01-15 17:32 - 2014-07-18 14:22 - 00955096 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll 2015-01-15 17:32 - 2014-07-16 14:36 - 67245056 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat 2015-01-15 17:32 - 2014-07-07 19:55 - 00000008 _____ () C:\WINDOWS\system32\Drivers\rtkhdaud.dat 2015-01-15 17:32 - 2014-07-07 14:07 - 02860760 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll 2015-01-15 17:32 - 2014-07-04 11:07 - 01024728 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll 2015-01-15 17:32 - 2014-06-17 13:32 - 01286872 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll 2015-01-15 17:32 - 2014-05-09 11:17 - 00628952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll 2015-01-15 17:32 - 2014-04-10 12:19 - 14863448 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek64.dll 2015-01-15 17:32 - 2014-04-10 12:19 - 02101848 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll 2015-01-15 17:32 - 2014-04-10 12:19 - 02041432 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll 2015-01-15 17:32 - 2014-03-06 16:35 - 01959128 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl 2015-01-15 17:32 - 2014-02-06 11:28 - 05804772 _____ () C:\WINDOWS\system32\Drivers\rtvienna.dat 2015-01-15 17:32 - 2013-10-11 11:31 - 00947760 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll 2015-01-15 17:32 - 2013-08-14 15:36 - 00662784 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll 2015-01-15 17:32 - 2012-08-31 19:18 - 07164176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll 2015-01-15 17:32 - 2012-08-31 19:17 - 00434960 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll 2015-01-15 17:32 - 2012-08-31 19:17 - 00141584 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll 2015-01-15 17:32 - 2012-08-31 19:17 - 00124176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll 2015-01-15 17:32 - 2012-08-31 19:17 - 00075024 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll 2015-01-15 17:32 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll 2015-01-15 17:32 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll 2015-01-15 17:32 - 2011-09-02 14:21 - 00221024 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll 2015-01-15 17:32 - 2011-09-02 14:21 - 00081248 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll 2015-01-15 17:32 - 2011-09-02 14:21 - 00078688 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll 2015-01-15 17:32 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll 2015-01-15 17:32 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll 2015-01-15 17:32 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll 2015-01-15 17:32 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll 2015-01-15 17:32 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll 2015-01-15 17:32 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll 2015-01-15 17:32 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll 2015-01-15 17:32 - 2010-07-22 16:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll 2015-01-15 17:32 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll 2015-01-15 17:32 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll 2015-01-15 17:32 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll 2015-01-15 17:32 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll 2015-01-15 17:31 - 2015-01-15 19:44 - 00000194 _____ () C:\Setup.log 2015-01-15 17:31 - 2014-06-09 10:59 - 00560328 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll 2015-01-15 17:31 - 2014-05-19 10:47 - 02080472 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll 2015-01-15 17:31 - 2014-04-10 12:19 - 01063512 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll 2015-01-15 17:31 - 2014-04-07 16:03 - 06218072 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll 2015-01-15 17:31 - 2014-04-07 16:03 - 01939800 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll 2015-01-15 17:31 - 2014-04-07 16:03 - 00315736 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll 2015-01-15 17:31 - 2014-04-07 16:03 - 00261464 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll 2015-01-15 17:31 - 2014-02-18 17:04 - 02770976 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll 2015-01-15 17:31 - 2013-10-11 12:47 - 00113576 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll 2015-01-15 17:31 - 2013-08-14 15:35 - 00663296 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll 2015-01-15 17:31 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll 2015-01-15 17:31 - 2011-08-23 17:00 - 00603984 _____ (Knowles Acoustics ) C:\WINDOWS\system32\KAAPORT64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 01756264 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 01568360 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 01486952 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 00728680 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 00712296 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 00693352 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 00491112 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 00432744 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 00428648 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 00241768 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll 2015-01-15 17:31 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll 2015-01-15 16:47 - 2015-01-15 16:47 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Samsung 2015-01-15 16:33 - 2015-01-15 16:33 - 00002970 _____ () C:\WINDOWS\System32\Tasks\SamsungLinkPC 2015-01-15 09:48 - 2015-01-15 09:48 - 00003126 _____ () C:\WINDOWS\System32\Tasks\advRecovery 2015-01-15 09:46 - 2015-01-15 09:46 - 00000000 ____D () C:\iBTWU 2015-01-15 09:34 - 2015-01-15 09:34 - 00003434 _____ () C:\WINDOWS\System32\Tasks\Settings 2015-01-14 23:08 - 2015-01-23 07:23 - 00003718 _____ () C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 2015-01-14 15:10 - 2015-01-14 15:10 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Macromedia 2015-01-14 15:10 - 2015-01-14 15:10 - 00000000 ____D () C:\Users\Nico\AppData\Local\Macromedia 2015-01-14 15:09 - 2015-02-02 20:17 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-01-14 15:09 - 2015-01-25 11:17 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-01-14 15:08 - 2015-01-27 07:39 - 00000000 ____D () C:\Users\Nico\AppData\Local\Adobe 2015-01-14 15:03 - 2015-01-14 15:03 - 00003476 _____ () C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon 2015-01-14 15:03 - 2015-01-14 15:03 - 00000000 ____D () C:\ProgramData\Intel(R) Update Manager 2015-01-14 14:59 - 2015-01-15 18:24 - 00000000 ____D () C:\WINDOWS\system32\AutoUpdateLicense 2015-01-14 14:58 - 2015-01-14 14:59 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-01-14 14:58 - 2014-12-31 13:12 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-01-14 14:40 - 2015-01-15 21:54 - 00000000 ____D () C:\Program Files (x86)\Cisco 2015-01-14 14:40 - 2015-01-14 14:40 - 00000000 ____D () C:\Program Files\Common Files\Intel 2015-01-14 14:35 - 2014-10-22 04:34 - 00010777 ____N () C:\WINDOWS\system32\AutoconfigV2.cab 2015-01-14 14:01 - 2013-05-04 05:51 - 00014848 ____N (Microsoft) C:\WINDOWS\system32\rars.rs 2015-01-14 14:01 - 2013-05-04 05:10 - 00014848 ____N (Microsoft) C:\WINDOWS\SysWOW64\rars.rs 2015-01-14 13:08 - 2015-01-14 13:08 - 00000000 _____ () C:\Users\Nico\agent.log 2015-01-14 13:01 - 2015-01-15 19:40 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2015-01-14 13:01 - 2015-01-15 19:39 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys 2015-01-14 13:01 - 2015-01-15 19:39 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys 2015-01-14 12:54 - 2015-01-14 12:54 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Mozilla 2015-01-14 12:54 - 2015-01-14 12:54 - 00000000 ____D () C:\Users\Nico\AppData\Local\Mozilla 2015-01-14 12:53 - 2015-01-27 23:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-14 12:53 - 2015-01-24 00:34 - 00001151 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-01-14 12:53 - 2015-01-14 12:53 - 00000000 ____D () C:\ProgramData\Mozilla 2015-01-14 12:49 - 2015-01-30 07:16 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update 2015-01-14 12:49 - 2015-01-15 19:39 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2015-01-14 12:49 - 2015-01-15 19:39 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2015-01-14 12:49 - 2015-01-15 19:39 - 00083280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2015-01-14 12:49 - 2015-01-15 19:39 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2015-01-14 12:49 - 2015-01-15 19:39 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys 2015-01-14 12:49 - 2015-01-14 12:49 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\AVAST Software 2015-01-14 12:49 - 2015-01-14 12:49 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-01-14 12:49 - 2015-01-14 12:49 - 00000000 ____D () C:\Program Files\AVAST Software 2015-01-14 12:29 - 2015-01-15 18:46 - 00008400 _____ () C:\WINDOWS\wsusofflineupdate.log 2015-01-14 12:28 - 2015-02-01 18:56 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3589802351-439905089-1110981561-1001 2015-01-14 12:28 - 2015-01-14 12:28 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\WinRAR 2015-01-14 12:28 - 2015-01-14 12:28 - 00000000 ____D () C:\Users\Nico\AppData\Local\bitcasa 2015-01-14 12:27 - 2015-01-15 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-01-14 12:27 - 2015-01-15 18:17 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-01-14 12:27 - 2015-01-15 17:40 - 00000000 ____D () C:\Program Files\WinRAR 2015-01-14 12:24 - 2015-01-15 20:25 - 00000000 ____D () C:\Users\Nico\AppData\Local\Samsung 2015-01-14 12:23 - 2015-01-31 12:09 - 00005347 _____ () C:\Users\Nico\AppData\Roaming\AbsoluteReminder.xml 2015-01-14 12:23 - 2015-01-14 12:23 - 00001249 _____ () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RtkGUI.lnk 2015-01-14 12:23 - 2015-01-14 12:23 - 00001202 _____ () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S Agent.lnk 2015-01-14 12:23 - 2015-01-14 12:23 - 00000000 ____D () C:\Users\Nico\AppData\Local\Absolute_Software 2015-01-14 12:23 - 2015-01-14 12:23 - 00000000 _____ () C:\WINDOWS\system32\Drivers\144D_SAMSUNG_na_870Z5E_P05A.mrk 2015-01-14 12:22 - 2015-02-01 18:36 - 00000000 ____D () C:\Users\Nico\AppData\Local\VirtualStore 2015-01-14 12:22 - 2015-01-23 15:50 - 00000000 ____D () C:\Users\Nico\AppData\Local\Packages 2015-01-14 12:22 - 2015-01-14 12:22 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Intel 2015-01-14 12:22 - 2015-01-14 12:22 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Adobe 2015-01-14 12:22 - 2013-02-27 18:08 - 139490760 _____ () C:\WINDOWS\[0407]SamsungStory01_ger.scr |
03.02.2015, 07:23 | #4 |
| Windows 8.1: Spyware? "Dynamo Combo" Add-on verursacht umleitung auf Werbung Hier Teil 2 von FRST.txt: Code:
ATTFilter ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-02 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-02 20:44 - 2013-08-22 15:46 - 00310287 _____ () C:\WINDOWS\setupact.log 2015-02-02 19:58 - 2014-11-21 04:35 - 01963610 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-02-02 19:58 - 2014-11-21 03:45 - 00831932 _____ () C:\WINDOWS\system32\perfh007.dat 2015-02-02 19:58 - 2014-11-21 03:45 - 00184304 _____ () C:\WINDOWS\system32\perfc007.dat 2015-02-02 07:30 - 2013-04-15 22:37 - 00000000 ____D () C:\ProgramData\WinClon 2015-02-02 07:27 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-02 07:26 - 2014-11-20 19:24 - 00024436 _____ () C:\WINDOWS\PFRO.log 2015-02-02 07:26 - 2013-08-22 15:44 - 00533664 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-02-01 22:06 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2015-02-01 18:09 - 2013-08-22 14:25 - 00000194 _____ () C:\WINDOWS\win.ini 2015-01-28 08:00 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-01-24 21:20 - 2014-11-21 12:01 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-01-24 21:20 - 2014-11-21 12:01 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-24 11:57 - 2013-04-15 21:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2015-01-24 00:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy 2015-01-23 15:55 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-01-23 07:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-01-22 18:55 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports 2015-01-19 23:25 - 2014-11-21 04:13 - 00000000 ____D () C:\Program Files\Windows Journal 2015-01-19 23:25 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\winrm 2015-01-19 23:25 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN 2015-01-19 23:25 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\slmgr 2015-01-19 23:25 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\Printing_Admin_Scripts 2015-01-19 23:25 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\system32\winrm 2015-01-19 23:25 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\system32\WCN 2015-01-19 23:25 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\system32\slmgr 2015-01-19 23:25 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\system32\Printing_Admin_Scripts 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ___SD () C:\WINDOWS\system32\dsc 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\MUI 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\Com 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\IME 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Help 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2015-01-19 23:25 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe 2015-01-19 23:25 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism 2015-01-19 23:25 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep 2015-01-19 23:25 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\oobe 2015-01-19 23:25 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Dism 2015-01-19 23:25 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\servicing 2015-01-19 13:38 - 2013-04-15 21:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-15 22:41 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-01-15 22:39 - 2013-04-15 22:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2015-01-15 21:06 - 2013-04-15 22:41 - 00001398 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2015-01-15 21:06 - 2013-04-15 22:41 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2015-01-15 21:05 - 2013-04-15 22:41 - 00001653 _____ () C:\WINDOWS\DirectX.log 2015-01-15 20:39 - 2013-04-15 21:50 - 00000000 ____D () C:\Program Files (x86)\Samsung 2015-01-15 20:17 - 2013-04-15 22:38 - 00000000 ____D () C:\ProgramData\Samsung 2015-01-15 20:07 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2015-01-15 20:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup 2015-01-15 20:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS 2015-01-15 20:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS 2015-01-15 20:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\setup 2015-01-15 19:45 - 2013-04-15 21:48 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2015-01-15 19:45 - 2013-04-15 21:48 - 00000000 ____D () C:\ProgramData\Intel 2015-01-15 19:45 - 2013-04-15 21:48 - 00000000 ____D () C:\Program Files\Intel 2015-01-15 19:44 - 2013-04-15 21:48 - 00000000 ____D () C:\Program Files (x86)\Realtek 2015-01-15 19:42 - 2013-04-15 21:49 - 00028034 _____ () C:\WINDOWS\DPINST.LOG 2015-01-15 19:36 - 2013-08-22 15:46 - 00000262 _____ () C:\WINDOWS\setuperr.log 2015-01-15 19:36 - 2013-04-15 22:46 - 00019318 _____ () C:\WINDOWS\system32\results.xml 2015-01-15 19:26 - 2013-04-15 22:34 - 00000000 ____D () C:\ProgramData\AMD 2015-01-15 19:25 - 2013-04-15 22:33 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies 2015-01-15 19:25 - 2013-04-15 21:49 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-15 18:46 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-01-15 18:46 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-01-15 18:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\restore 2015-01-15 18:20 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Registration 2015-01-15 18:20 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows NT 2015-01-15 18:20 - 2013-08-22 14:36 - 00000000 __RHD () C:\Users\Default 2015-01-15 18:19 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media 2015-01-15 18:19 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries 2015-01-15 18:18 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep 2015-01-15 18:18 - 2013-08-22 16:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker 2015-01-15 18:18 - 2013-08-22 16:37 - 00005217 _____ () C:\WINDOWS\DtcInstall.log 2015-01-15 18:18 - 2013-08-22 16:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar 2015-01-15 18:18 - 2013-08-22 16:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar 2015-01-15 18:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz 2015-01-15 18:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME 2015-01-15 18:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns 2015-01-15 18:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\spool 2015-01-15 18:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\IME 2015-01-15 18:18 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI 2015-01-15 18:18 - 2013-08-22 14:25 - 00008192 ___SH () C:\WINDOWS\system32\config\ELAM 2015-01-15 18:18 - 2013-04-15 22:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 10 2015-01-15 18:18 - 2013-04-15 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitcasa 2015-01-15 18:18 - 2013-04-15 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games 2015-01-15 18:18 - 2013-04-15 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Absolute Software 2015-01-15 18:18 - 2013-04-15 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation 2015-01-15 18:18 - 2012-08-05 22:11 - 00000000 ____D () C:\ProgramData\PRICache 2015-01-15 18:18 - 2012-07-26 06:37 - 00000000 ____D () C:\Users\Default.migrated 2015-01-15 18:17 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery 2015-01-15 18:12 - 2013-08-22 16:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template 2015-01-15 18:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager 2015-01-15 17:58 - 2013-04-15 21:49 - 01771989 _____ () C:\WINDOWS\WindowsUpdate (1).log 2015-01-15 17:56 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent 2015-01-15 17:32 - 2013-04-15 21:48 - 00002787 _____ () C:\RHDSetup.log 2015-01-15 17:32 - 2013-04-15 21:48 - 00000000 ___HD () C:\Program Files (x86)\Temp 2015-01-15 13:07 - 2013-04-15 22:38 - 00000000 ____D () C:\ProgramData\Temp 2015-01-15 09:48 - 2013-04-15 21:50 - 00000000 ____D () C:\Program Files\Samsung 2015-01-14 14:40 - 2013-04-15 22:38 - 00000000 ____D () C:\Users\EasySurvey 2015-01-14 14:39 - 2013-04-15 21:48 - 00000000 ____D () C:\Intel 2015-01-14 12:48 - 2013-04-15 22:36 - 00000000 ____D () C:\ProgramData\Norton 2015-01-14 12:46 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP ==================== Files in the root of some directories ======= 2015-01-14 12:23 - 2015-01-31 12:09 - 0005347 _____ () C:\Users\Nico\AppData\Roaming\AbsoluteReminder.xml 2015-01-15 21:32 - 2015-01-18 15:59 - 0004062 _____ () C:\Users\Nico\AppData\Roaming\LTspiceIV.ini 2015-01-15 21:16 - 2015-01-15 21:16 - 0000039 _____ () C:\Users\Nico\AppData\Roaming\SupportBox_MSUL.cfg 2015-01-15 18:15 - 2015-01-15 18:15 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2013-04-15 22:43 - 2013-02-19 08:34 - 2064264 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe 2013-04-15 22:43 - 2013-01-12 15:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml Files to move or delete: ==================== C:\ProgramData\MakeMarkerFile.exe C:\Users\EasySurvey\EasySurvey.exe Some content of TEMP: ==================== C:\Users\Nico\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsaz467.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-26 07:33 ==================== End Of Log ============================ Gmer.txt: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-02-02 21:22:52 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002e Samsung_SSD_840_EVO_500GB rev.EXT0BB6Q 465,76GB Running: Gmer-19357.exe; Driver: C:\Users\Nico\AppData\Local\Temp\pwryyfog.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff9600009e200 15 bytes [00, 28, F6, 01, 80, 1C, 6C, ...] .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff9600009e210 11 bytes [00, 0E, FC, FF, 00, 05, C4, ...] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [992:100] fffff9600090b2d0 ---- Processes - GMER 2.1 ---- Process C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (*** suspicious ***) @ C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [1864] (Windows SysTool Service/SysTool PasSame LIMITED)(2015-01-23 14:51:48) 0000000000960000 Process C:\Users\Nico\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\Nico\AppData\Roaming\Dropbox\bin\Dropbox.exe [7096] (FILE NOT FOUND) 0000000000400000 Library C:\Users\Nico\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Nico\AppData\Roaming\Dropbox\bin\Dropbox.exe [7096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-01-15 21:09:09) 0000000065490000 Library C:\Users\Nico\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Nico\AppData\Roaming\Dropbox\bin\Dropbox.exe [7096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-01-15 21:09:08) 0000000065190000 Library C:\Users\Nico\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Nico\AppData\Roaming\Dropbox\bin\Dropbox.exe [7096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-01-15 21:09:08) 0000000064da0000 Library C:\Users\Nico\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Nico\AppData\Roaming\Dropbox\bin\Dropbox.exe [7096](2015-01-15 21:09:09) 0000000064ce0000 Library C:\Users\Nico\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Nico\AppData\Roaming\Dropbox\bin\Dropbox.exe [7096] (ICU I18N DLL/The ICU Project)(2015-01-15 21:09:09) 000000004a900000 Library C:\Users\Nico\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Nico\AppData\Roaming\Dropbox\bin\Dropbox.exe [7096] (ICU Common DLL/The ICU Project)(2015-01-15 21:09:09) 0000000004300000 Library C:\Users\Nico\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Nico\AppData\Roaming\Dropbox\bin\Dropbox.exe [7096] (ICU Data DLL/The ICU Project)(2015-01-15 21:09:09) 000000004ad00000 Library c:\users\nico\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsaz467.dll (*** suspicious ***) @ C:\Users\Nico\AppData\Roaming\Dropbox\bin\Dropbox.exe [7096](2015-02-02 06:28:08) 0000000003ee0000 Library C:\Users\Nico\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Nico\AppData\Roaming\Dropbox\bin\Dropbox.exe [7096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-01-15 21:09:08) 0000000062b30000 Library C:\Users\Nico\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Nico\AppData\Roaming\Dropbox\bin\Dropbox.exe [7096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-01-15 21:09:09) 0000000061120000 Library C:\Users\Nico\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Nico\AppData\Roaming\Dropbox\bin\Dropbox.exe [7096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-01-15 21:09:09) 0000000060f00000 Library C:\Users\Nico\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Nico\AppData\Roaming\Dropbox\bin\Dropbox.exe [7096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-01-15 21:09:08) 0000000060ca0000 Library C:\Users\Nico\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Nico\AppData\Roaming\Dropbox\bin\Dropbox.exe [7096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-01-15 21:09:09) 0000000060c70000 Library C:\Users\Nico\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Nico\AppData\Roaming\Dropbox\bin\Dropbox.exe [7096](2015-01-15 21:09:09) 000000006a1b0000 Library C:\Users\Nico\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Nico\AppData\Roaming\Dropbox\bin\Dropbox.exe [7096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-01-15 21:09:09) 0000000060c40000 Library C:\Users\Nico\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Nico\AppData\Roaming\Dropbox\bin\Dropbox.exe [7096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-01-15 21:09:08) 0000000060c00000 Library C:\Users\Nico\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Nico\AppData\Roaming\Dropbox\bin\Dropbox.exe [7096] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-01-15 21:09:08) 0000000060bb0000 Library C:\Users\Nico\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Nico\AppData\Roaming\Dropbox\bin\Dropbox.exe [7096](2015-01-15 21:09:09) 0000000062a50000 Library C:\Users\Nico\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Nico\AppData\Roaming\Dropbox\bin\Dropbox.exe [7096](2015-01-15 21:09:09) 0000000062a10000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- adwcleaner: Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 02/02/2015 um 18:40:12 # Aktualisiert 24/01/2015 von Xplode # Database : 2015-01-26.1 [Live] # Betriebssystem : Windows 8.1 (64 bits) # Benutzername : Nico - NICO_STUDY # Gestartet von : C:\Users\Nico\Desktop\adwcleaner_4.109.exe # Option : Suchen ***** [ Dienste ] ***** Dienst Gefunden : WindowsMangerProtect Dienst Gefunden : IHProtect Service Dienst Gefunden : Util Dynamo Combo Dienst Gefunden : Update Dynamo Combo Dienst Gefunden : Update Dynamo Combo Dienst Gefunden : Util Dynamo Combo Dienst Gefunden : {16a92140-918d-4afb-9edb-46f22437bb10}Gw64 Dienst Gefunden : {3bcf4f2c-0bbb-4d4c-bf1f-11bbe6d501ea}Gw64 Dienst Gefunden : {915cb94b-b4d8-4c0e-83b4-61409471b1c3}Gw64 ***** [ Dateien / Ordner ] ***** Datei Gefunden : C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage Datei Gefunden : C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal Datei Gefunden : C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage Datei Gefunden : C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal Datei Gefunden : C:\WINDOWS\System32\drivers\{16a92140-918d-4afb-9edb-46f22437bb10}Gw64.sys Datei Gefunden : C:\WINDOWS\System32\drivers\{3bcf4f2c-0bbb-4d4c-bf1f-11bbe6d501ea}Gw64.sys Datei Gefunden : C:\WINDOWS\System32\drivers\{915cb94b-b4d8-4c0e-83b4-61409471b1c3}Gw64.sys Ordner Gefunden : C:\Program Files (x86)\Dynamo Combo Ordner Gefunden : C:\Program Files (x86)\Dynamo Combo Ordner Gefunden : C:\Program Files (x86)\SearchProtect Ordner Gefunden : C:\Program Files (x86)\XTab Ordner Gefunden : C:\ProgramData\IHProtectUpDate Ordner Gefunden : C:\ProgramData\WindowsMangerProtect Ordner Gefunden : C:\Users\Nico\AppData\Local\SearchProtect Ordner Gefunden : C:\Users\Nico\AppData\Roaming\vi-view ***** [ Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Daten Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll Daten Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll Schlüssel Gefunden : HKCU\Software\Dynamo Combo Schlüssel Gefunden : HKCU\Software\Dynamo Combo Schlüssel Gefunden : HKCU\Software\InstallCore Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} Schlüssel Gefunden : HKCU\Software\Mozilla\Extends Schlüssel Gefunden : [x64] HKCU\Software\Dynamo Combo Schlüssel Gefunden : [x64] HKCU\Software\Dynamo Combo Schlüssel Gefunden : [x64] HKCU\Software\InstallCore Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\secman.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{986c37a1-7b65-476f-80dc-54f80bd4b0d6} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{986C37A1-7B65-476F-80DC-54F80BD4B0D6} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager Schlüssel Gefunden : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{53f00938-0214-4c62-b6d8-9e2034314ebb} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66} Schlüssel Gefunden : HKLM\SOFTWARE\Dynamo Combo Schlüssel Gefunden : HKLM\SOFTWARE\Dynamo Combo Schlüssel Gefunden : HKLM\SOFTWARE\IHProtect Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{986c37a1-7b65-476f-80dc-54f80bd4b0d6} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{986C37A1-7B65-476F-80DC-54F80BD4B0D6} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vi-view uninstall Schlüssel Gefunden : HKLM\SOFTWARE\SearchProtect Schlüssel Gefunden : HKLM\SOFTWARE\SPPDCOM Schlüssel Gefunden : HKLM\SOFTWARE\SupDp Schlüssel Gefunden : HKLM\SOFTWARE\SupTab Schlüssel Gefunden : HKLM\SOFTWARE\supWindowsMangerProtect Schlüssel Gefunden : HKLM\SOFTWARE\vi-viewSoftware Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update Dynamo Combo Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util Dynamo Combo Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dynamo Combo Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dynamo Combo Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com] Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com] ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17416 Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://myhome.vi-view.com/web/?type=ds&ts=1422024598&from=cor&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF824519D&q={searchTerms} Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://myhome.vi-view.com/?type=hp&ts=1422024598&from=cor&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF824519D Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://myhome.vi-view.com/?type=hp&ts=1422024598&from=cor&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF824519D Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://myhome.vi-view.com/web/?type=ds&ts=1422024598&from=cor&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF824519D&q={searchTerms} -\\ Mozilla Firefox v35.0.1 (x86 de) [045rdp04.default] - Zeile gefunden : user_pref("browser.search.searchengine.alias", "vi-view"); [045rdp04.default] - Zeile gefunden : user_pref("browser.search.searchengine.iconURL", "hxxp://myhome.vi-view.com/favicon.ico"); [045rdp04.default] - Zeile gefunden : user_pref("browser.search.searchengine.name", "vi-view"); [045rdp04.default] - Zeile gefunden : user_pref("browser.search.searchengine.url", "hxxp://myhome.vi-view.com/web/?type=ds&ts=1422024598&from=cor&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF824519D&q={searchTerms}"); [045rdp04.default] - Zeile gefunden : user_pref("extensions.quick_start.enable_search1", false); [045rdp04.default] - Zeile gefunden : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); -\\ Google Chrome v40.0.2214.93 [C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1422024598&from=cor&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF824519D&q={searchTerms} [C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1422024598&from=cor&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF824519D&q={searchTerms} [C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1422024598&from=cor&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF824519D&q={searchTerms} [C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://myhome.vi-view.com/web/?type=ds&ts=1422024598&from=cor&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF824519D&q={searchTerms} ************************* AdwCleaner[R0].txt - [11485 octets] - [02/02/2015 18:40:12] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [11546 octets] ########## Avast-BrowserCleanUp: Code:
ATTFilter 02.02.2015 21:31:48 (TID: 5808) Product version: 10.0.2208.84 02.02.2015 21:31:48 (TID: 5808) BCUEngine version : 9.0.0.496 ProductLanguage : de OSLanguage : de-de Location : de-de OSType : 6.2 IsStandalone : 0 PartnerId : avastbcl Priority : 10 Microsoft IE Install Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Version: 9.11.9600.17498 Mozilla Firefox Browser Install Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Version: 35.0.1.5500 Profile Path: C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\ Mozilla Firefox Profiles Name: default Path: C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\045rdp04.default Google Chrome Browser Version: 40.0.2214.93 Install Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Profile Path: C:\Users\Nico\AppData\Local\Google\Chrome\User Data\ Google Chrome Profiles Name: Default Path: C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default Google Chrome64 Browser Version: Browser not found Google Chrome Extensions Profile: Default ID: aohghmighlieiainnegkcijnfilokake Name: Google Docs ID: felcaaldnbdncclmgdcncolpebgiejap Name: Google Tabellen ID: gomekmidlodglbbmalcneegieacbdmki Name: Avast Online Security Mozilla Firefox Extensions Profile: default ID: youtubeunblocker@unblocker.yt Name: YouTube Unblocker ID: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} Name: Adblock Plus ID: wrc@avast.com Name: Avast Online Security Google Chrome Homepages Profile: Default Url : https://www.google.com/?trackid=sp-006 Search Engines Profile: Default Name : Google Url : https://www.google.de/search?q={searchTerms}?trackid=sp-006 FireFox Homepages Profile: default URL : https://www.google.com/?trackid=sp-006 Search Engines Profile: default Name : Google (avast) Url : hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&channel=fs&trackid=sp-006 Microsoft IE Homepages Profile: HKCU Url : https://www.google.com/?trackid=sp-006 Search Engines Profile: HKCU Name : Google Url : https://www.google.com/search?trackid=sp-006&q={searchTerms} BCURequest: GlobalStat ProductLanguage : de EngineVersion : 9.0.0.496 OSLanguage : de-de Location : de-de OSType : 6.2 IsStandalone : 0 Version : 10.0.2208.84 PartnerId : avastbcl Priority : 10 AvastProductType: 0 DefaultBrowser : FIREFOXURL Google Chrome: IsDefault: 0 Homepages Url: https://www.google.com/?trackid=sp-006 Search Engines Name : Google Url : https://www.google.de/search?q={searchTerms}?trackid=sp-006 Extensions ID: aohghmighlieiainnegkcijnfilokake Name: Google Docs ID: felcaaldnbdncclmgdcncolpebgiejap Name: Google Tabellen ID: gomekmidlodglbbmalcneegieacbdmki Name: Avast Online Security FireFox: IsDefault: 1 Homepages Url: https://www.google.com/?trackid=sp-006 Search Engines Name : Google (avast) Url : hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&channel=fs&trackid=sp-006 Extensions ID: wrc@avast.com Name: Avast Online Security ID: youtubeunblocker@unblocker.yt Name: YouTube Unblocker ID: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} Name: Adblock Plus Microsoft IE: IsDefault: 0 Homepages Url: https://www.google.com/?trackid=sp-006 Search Engines Name : Google Url : https://www.google.com/search?trackid=sp-006&q={searchTerms} Extensions ID: {18df081c-e8ad-4283-a596-fa578c2ebdc3} Name: Adobe PDF Link Helper ID: {31d09ba0-12f5-4cce-be8a-2923e76605da} Name: Lync Browser Helper BCUResponse: OfferId : ID_DE_DE_YB_RB_V10 TemplateId: TPL_RADIO BCUConfig RrescanDelay : 0 CacheIntervalPos : 604800 CacheIntervalNeg : 604800 CmsTimeout : 15000 UseCorporate : 0 BCUProviders ID: TPL_YAHOO9_DE Name: Yahoo! (Avast) ID: TPL_BING02_ALL Name: Bing (by Microsoft) ID: PID_BLEKKO_ALL Name: Blekko ID: PID_GOOGLE_ALL Name: Google ID: PID_STARTPAGE_ALL Name: Startpage ID: PID_WOLFRAM_ALL Name: WolframAlpha ID: PID_KEEPEXISTING Name: Keep Existing (not recommended) Google Chrome: IsProviderModified: 0 Extensions ID: aohghmighlieiainnegkcijnfilokake Rating: 4 InternalId: 1 ID: felcaaldnbdncclmgdcncolpebgiejap Rating: 4 InternalId: 8000 ID: gomekmidlodglbbmalcneegieacbdmki Rating: 5 InternalId: 8000 Search Engine Name: Google Url : https://www.google.de/search?q={searchTerms}?trackid=sp-006 FireFox: IsProviderModified: 0 Extensions ID: wrc@avast.com Rating: 5 InternalId: 1 ID: youtubeunblocker@unblocker.yt Rating: 4 InternalId: 3 ID: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} Rating: 5 InternalId: 8000 Search Engine Name: Google (avast) Url : hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&channel=fs&trackid=sp-006 Microsoft IE: IsProviderModified: 0 Extensions ID: {18df081c-e8ad-4283-a596-fa578c2ebdc3} Rating: 5 InternalId: 8000 ID: {31d09ba0-12f5-4cce-be8a-2923e76605da} Rating: 5 InternalId: 5200 Search Engine Name: Google Url : https://www.google.com/search?trackid=sp-006&q={searchTerms} Detected a potential browser protector: { "Services" : { "iumsvc" : { "Description" : "intel(r) update manager helps you keep your system up-to-date.", "DisplayName" : "intel(r) update manager", "FileInfo" : { "Path" : "\"c:\\program files (x86)\\intel\\intel(r) update manager\\bin\\iumsvc.exe\"", "md5" : "" } } } } Detected a potential browser protector: { "Services" : { "WdNisSvc" : { "Description" : "@%programfiles%\\windows defender\\mpasdesc.dll,-242", "DisplayName" : "@%programfiles%\\windows defender\\mpasdesc.dll,-320", "FileInfo" : { "Path" : "\"c:\\program files (x86)\\windows defender\\nissrv.exe\"", "md5" : "" } }, "WinDefend" : { "Description" : "@%programfiles%\\windows defender\\mpasdesc.dll,-240", "DisplayName" : "@%programfiles%\\windows defender\\mpasdesc.dll,-310", "FileInfo" : { "Path" : "\"c:\\program files (x86)\\windows defender\\msmpeng.exe\"", "md5" : "" } } } } Detected a potential browser protector:3BF731130158C1F78DA21D7B8026CBB6EFA0F0F5F8DE4994728CA3D0A06B8819 { "runKeys" : { "SamsungRapidApp" : "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\SamsungRapidApp=c:\\program files (x86)\\samsung\\rapid\\cachefilter\\samsungrapidapp.exe" }, "runningProcess" : { "SamsungRapidApp.exe" : { "CompanyName" : "Samsung Electronics Co., Ltd.", "FileDescription" : "Samsung RAPID Mode Notification Utility", "FileVersion" : "1.0.1.81 built by: WinDDK", "Path" : "c:\\program files (x86)\\samsung\\rapid\\cachefilter\\samsungrapidapp.exe", "ProductVersion" : "Samsung RAPID Mode 1.0.1.81", "md5" : "6F4E71A0C3817FC8F36532796632A259" } } } Detected a potential browser protector:CDE1D980F85F9ECE745A06DDE3E4616F2E7232D9086FA6E4C984BB65D9746F2C { "Services" : { "IHProtect Service" : { "Description" : "", "DisplayName" : "ihprotect service", "FileInfo" : { "CompanyName" : "XTab system", "FileDescription" : "ProtectSvc.exe", "FileVersion" : "4.0.1.1716", "Path" : "c:\\program files (x86)\\xtab\\protectservice.exe", "ProductVersion" : "4.0.1.1716", "md5" : "B32A88B91E59BFB553A9BEBF78A1E567" } } } } Detected a potential browser protector:4B88C39D12D8A7E0387766C4FDEAB6F5D7639ED38F9CEF7B7363538B5645EC72 { "runKeys" : { "RtHDVBg" : "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\RtHDVBg=\"c:\\program files\\realtek\\audio\\hda\\ravbg64.exe\" /s3hpprotect", "RtHDVBg_SRSSA" : "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\RtHDVBg_SRSSA=\"c:\\program files\\realtek\\audio\\hda\\ravbg64.exe\" /srssa", "RtHDVCpl" : "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\RtHDVCpl=c:\\program files\\realtek\\audio\\hda\\ravcpl64.exe -s" }, "runningProcess" : { "RAVBg64.exe" : { "CompanyName" : "Realtek Semiconductor", "FileDescription" : "HD Audio Background Process", "FileVersion" : "1, 0, 0, 203", "Path" : "c:\\program files\\realtek\\audio\\hda\\ravbg64.exe", "ProductVersion" : "1, 0, 0, 203", "md5" : "4D3341C3D5AF1A1B8B93A5A6C08902BD" }, "RAVCpl64.exe" : { "CompanyName" : "Realtek Semiconductor", "FileDescription" : "Realtek HD Audio-Manager", "FileVersion" : "1, 0, 0, 935", "Path" : "c:\\program files\\realtek\\audio\\hda\\ravcpl64.exe", "ProductVersion" : "1, 0, 0, 935", "md5" : "8F9343E9015DA92CDC455A92FE320AB0" } }, "uninstallInfo" : { "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" : { "DisplayName" : "Realtek High Definition Audio Driver", "Publisher" : "Realtek Semiconductor Corp.", "UninstallString" : "c:\\program files\\realtek\\audio\\hda\\rtlupd64.exe -r -m -nrg2709" } } } Detected a potential browser protector: { "Services" : { "WindowsMangerProtect" : { "Description" : "windowsmangerprotect service", "DisplayName" : "windowsmangerprotect service", "FileInfo" : { "Path" : "c:\\programdata\\windowsmangerprotect\\protectwindowsmanager.exe -service", "md5" : "" } } } } Detected a potential browser protector:8AF70D124AE6E89B486BD1D97E0ECA70CB423316CA9EF44BF51373998CA80645 { "AppInitDll" : { "CompanyName" : "Client Connect LTD", "FileDescription" : "Search Protect", "FileVersion" : "2.19.30.69", "Path" : "c:\\progra~2\\searchprotect\\searchprotect\\bin\\vc32loader.dll", "ProductVersion" : "2.19.30.69", "md5" : "F56FDE850079E5D7FFAFF38E090485C5" } } Detected a potential browser protector: { "uninstallInfo" : { "vi-view uninstall" : { "DisplayName" : "vi-view uninstall", "Publisher" : "vi-view", "UninstallString" : "c:\\users\\nico\\appdata\\roaming\\vi-view\\uninstallmanager.exe -ptid=cor" } } } Detected a potential browser protector:3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A { "Services" : { "AdobeFlashPlayerUpdateSvc" : { "Description" : "mit diesem dienst ist ihre flash player-installation immer aktuell und verwendet die neuesten verbesserungen und sicherheits-fixes.", "DisplayName" : "adobe flash player update service", "FileInfo" : { "CompanyName" : "Adobe Systems Incorporated", "FileDescription" : "Adobe® Flash® Player Update Service 16.0 r0", "FileVersion" : "16,0,0,296", "Path" : "c:\\windows\\syswow64\\macromed\\flash\\flashplayerupdateservice.exe", "ProductVersion" : "16,0,0,296", "md5" : "A2A9C100FE1BE20A76C0B80D4CA44103" } }, "PerfHost" : { "Description" : "@%systemroot%\\syswow64\\perfhost.exe,-1", "DisplayName" : "@%systemroot%\\syswow64\\perfhost.exe,-2", "FileInfo" : { "CompanyName" : "Microsoft Corporation", "FileDescription" : "x86-Leistungsindikatorhost", "FileVersion" : "6.3.9600.16384 (winblue_rtm.130821-1623)", "Path" : "c:\\windows\\syswow64\\perfhost.exe", "ProductVersion" : "6.3.9600.16384", "md5" : "8E3C640FFF5A963F570233AE99C0FFF3" } }, "cphs" : { "Description" : "intel(r) content protection heci service - enables communication with the content protection fw", "DisplayName" : "intel(r) content protection heci service", "FileInfo" : { "CompanyName" : "Intel Corporation", "FileDescription" : "IntelCpHeciSvc Executable", "Path" : "c:\\windows\\syswow64\\intelcphecisvc.exe", "ProductVersion" : "9.0.20.9000", "md5" : "7459091986F5A926AC807F2C85B49BA8" } } }, "runKeys" : { "StubPath" : "HKLM\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{89B4C1CD-B018-4511-B02.02.2015 21:32:04 (TID: 7440) Product version: 10.0.2208.84 02.02.2015 21:32:04 (TID: 7440) BCUEngine version : 9.0.0.496 ProductLanguage : de OSLanguage : de-de Location : de-de OSType : 6.2 IsStandalone : 0 PartnerId : avastbcl Priority : 10 Microsoft IE Install Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Version: 9.11.9600.17498 Mozilla Firefox Browser Install Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Version: 35.0.1.5500 Profile Path: C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\ Mozilla Firefox Profiles Name: default Path: C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\045rdp04.default Google Chrome Browser Version: 40.0.2214.93 Install Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Profile Path: C:\Users\Nico\AppData\Local\Google\Chrome\User Data\ Google Chrome Profiles Name: Default Path: C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default Google Chrome64 Browser Version: Browser not found Google Chrome Extensions Profile: Default ID: aohghmighlieiainnegkcijnfilokake Name: Google Docs ID: felcaaldnbdncclmgdcncolpebgiejap Name: Google Tabellen ID: gomekmidlodglbbmalcneegieacbdmki Name: Avast Online Security Mozilla Firefox Extensions Profile: default ID: youtubeunblocker@unblocker.yt Name: YouTube Unblocker ID: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} Name: Adblock Plus ID: wrc@avast.com Name: Avast Online Security Google Chrome Homepages Profile: Default Url : https://www.google.com/?trackid=sp-006 Search Engines Profile: Default Name : Google Url : https://www.google.de/search?q={searchTerms}?trackid=sp-006 FireFox Homepages Profile: default URL : https://www.google.com/?trackid=sp-006 Search Engines Profile: default Name : Google (avast) Url : hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&channel=fs&trackid=sp-006 Microsoft IE Homepages Profile: HKCU Url : https://www.google.com/?trackid=sp-006 Search Engines Profile: HKCU Name : Google Url : https://www.google.com/search?trackid=sp-006&q={searchTerms} BCURequest: GlobalStat ProductLanguage : de EngineVersion : 9.0.0.496 OSLanguage : de-de Location : de-de OSType : 6.2 IsStandalone : 0 Version : 10.0.2208.84 PartnerId : avastbcl Priority : 10 AvastProductType: 0 DefaultBrowser : FIREFOXURL Google Chrome: IsDefault: 0 Homepages Url: https://www.google.com/?trackid=sp-006 Search Engines Name : Google Url : https://www.google.de/search?q={searchTerms}?trackid=sp-006 Extensions ID: aohghmighlieiainnegkcijnfilokake Name: Google Docs ID: felcaaldnbdncclmgdcncolpebgiejap Name: Google Tabellen ID: gomekmidlodglbbmalcneegieacbdmki Name: Avast Online Security FireFox: IsDefault: 1 Homepages Url: https://www.google.com/?trackid=sp-006 Search Engines Name : Google (avast) Url : hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&channel=fs&trackid=sp-006 Extensions ID: wrc@avast.com Name: Avast Online Security ID: youtubeunblocker@unblocker.yt Name: YouTube Unblocker ID: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} Name: Adblock Plus Microsoft IE: IsDefault: 0 Homepages Url: https://www.google.com/?trackid=sp-006 Search Engines Name : Google Url : https://www.google.com/search?trackid=sp-006&q={searchTerms} Extensions ID: {18df081c-e8ad-4283-a596-fa578c2ebdc3} Name: Adobe PDF Link Helper ID: {31d09ba0-12f5-4cce-be8a-2923e76605da} Name: Lync Browser Helper BCUResponse: OfferId : ID_DE_DE_YB_RB_V10 TemplateId: TPL_RADIO BCUConfig RrescanDelay : 0 CacheIntervalPos : 604800 CacheIntervalNeg : 604800 CmsTimeout : 15000 UseCorporate : 0 BCUProviders ID: TPL_YAHOO9_DE Name: Yahoo! (Avast) ID: TPL_BING02_ALL Name: Bing (by Microsoft) ID: PID_BLEKKO_ALL Name: Blekko ID: PID_GOOGLE_ALL Name: Google ID: PID_STARTPAGE_ALL Name: Startpage ID: PID_WOLFRAM_ALL Name: WolframAlpha ID: PID_KEEPEXISTING Name: Keep Existing (not recommended) Google Chrome: IsProviderModified: 0 Extensions ID: aohghmighlieiainnegkcijnfilokake Rating: 4 InternalId: 1 ID: felcaaldnbdncclmgdcncolpebgiejap Rating: 4 InternalId: 8000 ID: gomekmidlodglbbmalcneegieacbdmki Rating: 5 InternalId: 8000 Search Engine Name: Google Url : https://www.google.de/search?q={searchTerms}?trackid=sp-006 FireFox: IsProviderModified: 0 Extensions ID: wrc@avast.com Rating: 5 InternalId: 1 ID: youtubeunblocker@unblocker.yt Rating: 4 InternalId: 3 ID: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} Rating: 5 InternalId: 8000 Search Engine Name: Google (avast) Url : hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&channel=fs&trackid=sp-006 Microsoft IE: IsProviderModified: 0 Extensions ID: {18df081c-e8ad-4283-a596-fa578c2ebdc3} Rating: 5 InternalId: 8000 ID: {31d09ba0-12f5-4cce-be8a-2923e76605da} Rating: 5 InternalId: 5200 Search Engine Name: Google Url : https://www.google.com/search?trackid=sp-006&q={searchTerms} Detected a potential browser protector: { "Services" : { "iumsvc" : { "Description" : "intel(r) update manager helps you keep your system up-to-date.", "DisplayName" : "intel(r) update manager", "FileInfo" : { "Path" : "\"c:\\program files (x86)\\intel\\intel(r) update manager\\bin\\iumsvc.exe\"", "md5" : "" } } } } Detected a potential browser protector: { "Services" : { "WdNisSvc" : { "Description" : "@%programfiles%\\windows defender\\mpasdesc.dll,-242", "DisplayName" : "@%programfiles%\\windows defender\\mpasdesc.dll,-320", "FileInfo" : { "Path" : "\"c:\\program files (x86)\\windows defender\\nissrv.exe\"", "md5" : "" } }, "WinDefend" : { "Description" : "@%programfiles%\\windows defender\\mpasdesc.dll,-240", "DisplayName" : "@%programfiles%\\windows defender\\mpasdesc.dll,-310", "FileInfo" : { "Path" : "\"c:\\program files (x86)\\windows defender\\msmpeng.exe\"", "md5" : "" } } } } Detected a potential browser protector:3BF731130158C1F78DA21D7B8026CBB6EFA0F0F5F8DE4994728CA3D0A06B8819 { "runKeys" : { "SamsungRapidApp" : "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\SamsungRapidApp=c:\\program files (x86)\\samsung\\rapid\\cachefilter\\samsungrapidapp.exe" }, "runningProcess" : { "SamsungRapidApp.exe" : { "CompanyName" : "Samsung Electronics Co., Ltd.", "FileDescription" : "Samsung RAPID Mode Notification Utility", "FileVersion" : "1.0.1.81 built by: WinDDK", "Path" : "c:\\program files (x86)\\samsung\\rapid\\cachefilter\\samsungrapidapp.exe", "ProductVersion" : "Samsung RAPID Mode 1.0.1.81", "md5" : "6F4E71A0C3817FC8F36532796632A259" } } } Detected a potential browser protector:CDE1D980F85F9ECE745A06DDE3E4616F2E7232D9086FA6E4C984BB65D9746F2C { "Services" : { "IHProtect Service" : { "Description" : "", "DisplayName" : "ihprotect service", "FileInfo" : { "CompanyName" : "XTab system", "FileDescription" : "ProtectSvc.exe", "FileVersion" : "4.0.1.1716", "Path" : "c:\\program files (x86)\\xtab\\protectservice.exe", "ProductVersion" : "4.0.1.1716", "md5" : "B32A88B91E59BFB553A9BEBF78A1E567" } } } } Detected a potential browser protector:4B88C39D12D8A7E0387766C4FDEAB6F5D7639ED38F9CEF7B7363538B5645EC72 { "runKeys" : { "RtHDVBg" : "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\RtHDVBg=\"c:\\program files\\realtek\\audio\\hda\\ravbg64.exe\" /s3hpprotect", "RtHDVBg_SRSSA" : "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\RtHDVBg_SRSSA=\"c:\\program files\\realtek\\audio\\hda\\ravbg64.exe\" /srssa", "RtHDVCpl" : "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\RtHDVCpl=c:\\program files\\realtek\\audio\\hda\\ravcpl64.exe -s" }, "runningProcess" : { "RAVBg64.exe" : { "CompanyName" : "Realtek Semiconductor", "FileDescription" : "HD Audio Background Process", "FileVersion" : "1, 0, 0, 203", "Path" : "c:\\program files\\realtek\\audio\\hda\\ravbg64.exe", "ProductVersion" : "1, 0, 0, 203", "md5" : "4D3341C3D5AF1A1B8B93A5A6C08902BD" }, "RAVCpl64.exe" : { "CompanyName" : "Realtek Semiconductor", "FileDescription" : "Realtek HD Audio-Manager", "FileVersion" : "1, 0, 0, 935", "Path" : "c:\\program files\\realtek\\audio\\hda\\ravcpl64.exe", "ProductVersion" : "1, 0, 0, 935", "md5" : "8F9343E9015DA92CDC455A92FE320AB0" } }, "uninstallInfo" : { "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" : { "DisplayName" : "Realtek High Definition Audio Driver", "Publisher" : "Realtek Semiconductor Corp.", "UninstallString" : "c:\\program files\\realtek\\audio\\hda\\rtlupd64.exe -r -m -nrg2709" } } } Detected a potential browser protector: { "Services" : { "WindowsMangerProtect" : { "Description" : "windowsmangerprotect service", "DisplayName" : "windowsmangerprotect service", "FileInfo" : { "Path" : "c:\\programdata\\windowsmangerprotect\\protectwindowsmanager.exe -service", "md5" : "" } } } } Detected a potential browser protector:8AF70D124AE6E89B486BD1D97E0ECA70CB423316CA9EF44BF51373998CA80645 { "AppInitDll" : { "CompanyName" : "Client Connect LTD", "FileDescription" : "Search Protect", "FileVersion" : "2.19.30.69", "Path" : "c:\\progra~2\\searchprotect\\searchprotect\\bin\\vc32loader.dll", "ProductVersion" : "2.19.30.69", "md5" : "F56FDE850079E5D7FFAFF38E090485C5" } } Detected a potential browser protector: { "uninstallInfo" : { "vi-view uninstall" : { "DisplayName" : "vi-view uninstall", "Publisher" : "vi-view", "UninstallString" : "c:\\users\\nico\\appdata\\roaming\\vi-view\\uninstallmanager.exe -ptid=cor" } } } Detected a potential browser protector:3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A { "Services" : { "AdobeFlashPlayerUpdateSvc" : { "Description" : "mit diesem dienst ist ihre flash player-installation immer aktuell und verwendet die neuesten verbesserungen und sicherheits-fixes.", "DisplayName" : "adobe flash player update service", "FileInfo" : { "CompanyName" : "Adobe Systems Incorporated", "FileDescription" : "Adobe® Flash® Player Update Service 16.0 r0", "FileVersion" : "16,0,0,296", "Path" : "c:\\windows\\syswow64\\macromed\\flash\\flashplayerupdateservice.exe", "ProductVersion" : "16,0,0,296", "md5" : "A2A9C100FE1BE20A76C0B80D4CA44103" } }, "PerfHost" : { "Description" : "@%systemroot%\\syswow64\\perfhost.exe,-1", "DisplayName" : "@%systemroot%\\syswow64\\perfhost.exe,-2", "FileInfo" : { "CompanyName" : "Microsoft Corporation", "FileDescription" : "x86-Leistungsindikatorhost", "FileVersion" : "6.3.9600.16384 (winblue_rtm.130821-1623)", "Path" : "c:\\windows\\syswow64\\perfhost.exe", "ProductVersion" : "6.3.9600.16384", "md5" : "8E3C640FFF5A963F570233AE99C0FFF3" } }, "cphs" : { "Description" : "intel(r) content protection heci service - enables communication with the content protection fw", "DisplayName" : "intel(r) content protection heci service", "FileInfo" : { "CompanyName" : "Intel Corporation", "FileDescription" : "IntelCpHeciSvc Executable", "Path" : "c:\\windows\\syswow64\\intelcphecisvc.exe", "ProductVersion" : "9.0.20.9000", "md5" : "7459091986F5A926AC807F2C85B49BA8" } } }, "runKeys" : { "StubPath" : "HKLM\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{89B4C1CD-B018-4511-B Interessant, dass das Problem mit der länge nur an FRST.txt lag. Grüße Nico |
04.02.2015, 01:27 | #5 |
Ruhe in Frieden † 2019 | Windows 8.1: Spyware? "Dynamo Combo" Add-on verursacht umleitung auf Werbung Hallo Nico, ja, sehr imposant von der Länge. Der Grund warum du mir die Logs bitte nicht anhängen sollst ist, dass die dan alle auf meinem Rechner rumrümpeln und dann hab ich da nachher ne wilde Logcollection . Hattest du auch die Löschen-Funktion vom Adwarecleaner benutzt? Hol das sonst bitte nach dem Deinstallieren nach. Schritt 1 Bitte deinstalliere folgende Programme (falls vorhanden) : Buzzdock Dynamo Combo vi-view uninstall Dazu gehe auf: den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Programm auswählen --> entfernen Falls du ein Programm nicht deinstallieren kannst, lade dir von hier den Revo-uninstaller herunter und deinstalliere es damit, wähle dabei den moderaten Modus. Schritt 2 Starte den AdwCleaner erneut
Schritt 3 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 4 Starte noch einmal FRST.
|
04.02.2015, 10:21 | #6 |
| Windows 8.1: Spyware? "Dynamo Combo" Add-on verursacht umleitung auf Werbung Hello again, ich hab nun soweit Schritte 1 bis 4 abgearbeiten, hier die logs: adwcleaner[S0] (nach dem deinstallieren): Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 04/02/2015 um 09:39:15 # Aktualisiert 24/01/2015 von Xplode # Database : 2015-02-03.1 [Live] # Betriebssystem : Windows 8.1 (64 bits) # Benutzername : Nico - NICO_STUDY # Gestartet von : C:\Users\Nico\Desktop\adwcleaner_4.109.exe # Option : Löschen ***** [ Dienste ] ***** Dienst Gelöscht : WindowsMangerProtect Dienst Gelöscht : IHProtect Service Dienst Gelöscht : {16a92140-918d-4afb-9edb-46f22437bb10}Gw64 Dienst Gelöscht : {3bcf4f2c-0bbb-4d4c-bf1f-11bbe6d501ea}Gw64 Dienst Gelöscht : {915cb94b-b4d8-4c0e-83b4-61409471b1c3}Gw64 ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect Ordner Gelöscht : C:\ProgramData\IHProtectUpDate Ordner Gelöscht : C:\Program Files (x86)\SearchProtect Ordner Gelöscht : C:\Program Files (x86)\XTab Ordner Gelöscht : C:\Users\Nico\AppData\Local\SearchProtect Ordner Gelöscht : C:\Users\Nico\AppData\Roaming\vi-view Datei Gelöscht : C:\WINDOWS\System32\drivers\{16a92140-918d-4afb-9edb-46f22437bb10}Gw64.sys Datei Gelöscht : C:\WINDOWS\System32\drivers\{3bcf4f2c-0bbb-4d4c-bf1f-11bbe6d501ea}Gw64.sys Datei Gelöscht : C:\WINDOWS\System32\drivers\{915cb94b-b4d8-4c0e-83b4-61409471b1c3}Gw64.sys Datei Gelöscht : C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\045rdp04.default\user.js Datei Gelöscht : C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage Datei Gelöscht : C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal Datei Gelöscht : C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage Datei Gelöscht : C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal ***** [ Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1 Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} Schlüssel Gelöscht : HKCU\Software\InstallCore Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp Schlüssel Gelöscht : HKLM\SOFTWARE\SupTab Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect Schlüssel Gelöscht : HKLM\SOFTWARE\IHProtect Schlüssel Gelöscht : HKLM\SOFTWARE\vi-viewSoftware Schlüssel Gelöscht : HKLM\SOFTWARE\SPPDCOM Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17416 Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] -\\ Mozilla Firefox v35.0.1 (x86 de) [045rdp04.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.alias", "vi-view"); [045rdp04.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://myhome.vi-view.com/favicon.ico"); [045rdp04.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.name", "vi-view"); [045rdp04.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.url", "hxxp://myhome.vi-view.com/web/?type=ds&ts=1422024598&from=cor&uid=SamsungXSSDX840XEVOX500GB_S1DHNSAF824519D&q={searchTerms}"); [045rdp04.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false); [045rdp04.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); -\\ Google Chrome v40.0.2214.94 ************************* AdwCleaner[R0].txt - [11731 octets] - [02/02/2015 18:40:12] AdwCleaner[R1].txt - [11640 octets] - [02/02/2015 21:42:59] AdwCleaner[R2].txt - [7838 octets] - [04/02/2015 09:28:15] AdwCleaner[S0].txt - [6881 octets] - [04/02/2015 09:39:15] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6941 octets] ########## mbam.txt (nach dem deinstallieren): Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 04.02.2015 Suchlauf-Zeit: 09:43:36 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2014.11.20.06 Rootkit Datenbank: v2014.11.18.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Nico Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 352692 Verstrichene Zeit: 12 Min, 41 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 2 PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, In Quarantäne, [47bf9da1dd9f45f18dd409a7e321cc34], PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, In Quarantäne, [2adcc87680fcaf87c59b337d4eb6dd23], Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 5 PUP.Optional.OpenCandy, C:\Users\Nico\AppData\Roaming\PowerISO\Upgrade\PowerISO6-x64.exe, In Quarantäne, [f016a896512b76c023e33c399d6828d8], PUP.Optional.SearchProtect.A, C:\Windows\apppatch\apppatch64\VCLdr64.dll, In Quarantäne, [fe08b18d89f30135e016fcaaa95841bf], PUP.Optional.SearchProtect.A, C:\Windows\apppatch\nbin\VC32Loader.dll, In Quarantäne, [e91d1b237a022d093abc8c1aa75aaa56], PUP.Optional.ViView.A, C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\045rdp04.default\searchplugins\vi-view.xml, In Quarantäne, [739344fabcc0b77fb4da0742ed1605fb], PUP.Optional.SearchProtect, C:\Windows\apppatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, In Quarantäne, [8a7ca698b9c36fc7a9bbfeb28c78a060], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Addition.txt (nach dem deinstallieren): Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015 Ran by Nico at 2015-02-04 10:02:28 Running from C:\Users\Nico\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.2.0.26 - Absolute Software) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated) Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated) Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{9043E92C-183C-7633-0237-96CE00F5C909}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software) Bitcasa version 0.9.20.4135 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 0.9.20.4135 - Bitcasa Inc.) Browser in the Box (HKLM-x32\...\BitBox) (Version: 3.3.1-r30 - Sirrix AG) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden CoDeSys for Automation Alliance (HKLM-x32\...\{07976ABB-1EBD-4A65-A7C7-155A0DC17173}) (Version: - 3S-Smart Software Solutions GmbH) Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dotfuscator Software Services - Community Edition - DEU (HKLM-x32\...\{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}) (Version: 5.0.2300.0 - PreEmptive Solutions) Dotfuscator Software Services - Community Edition (HKLM-x32\...\{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}) (Version: 5.0.2300.0 - PreEmptive Solutions) Dropbox (HKU\S-1-5-21-3589802351-439905089-1110981561-1001\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.) Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.6 - Samsung Electronics CO.,LTD.) ELECTRA 2.9.5 (HKLM-x32\...\ELECTRA_is1) (Version: - KONEKT) Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.) ETDWare X64 11.7.19.9_WHQL (HKLM\...\Elantech) (Version: 11.7.19.9 - ELAN Microelectronic Corp.) Evernote v. 5.8.3 (HKLM-x32\...\{404B3FB8-A820-11E4-83FC-00163E98E7D6}) (Version: 5.8.3.6507 - Evernote Corp.) Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.6.36.116 - Foxit Software Inc.) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.0.429 - Foxit Corporation) Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Help Desk (HKLM\...\{AEC9D273-E162-4614-83F1-722B8C74B185}) (Version: 1.0.96 - Samsung Electronics CO., LTD.) Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation) Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{87d45b7e-19da-4dd5-9214-5e0d587c312f}) (Version: 15.6.1 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation) IntelliMemory (HKLM\...\{40320F22-7D70-49DB-9D66-B6FAE5F36B47}) (Version: 1.0.32.0 - Condusiv Technologies) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden LTspice IV (HKLM-x32\...\LTspice IV) (Version: - ) Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft ASP.NET MVC 2 - DEU (HKLM-x32\...\{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}) (Version: 2.0.50331.0 - Microsoft Corporation) Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU (HKLM-x32\...\{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}) (Version: 2.0.50331.0 - Microsoft Corporation) Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation) Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation) Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation) Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation) Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Silverlight 3 SDK - Deutsch (HKLM-x32\...\{91F54E1D-804A-46D8-A56C-53EA9C4B3177}) (Version: 3.0.40818.0 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-3589802351-439905089-1110981561-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation) Microsoft SQL Server 2008 Browser (HKLM-x32\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.1.2531.0 - Microsoft Corporation) Microsoft SQL Server 2008 Native Client (HKLM\...\{8325FD0C-2FDB-46C3-921A-3A78385EA972}) (Version: 10.1.2531.0 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}) (Version: 10.50.1447.4 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{A106D33E-6B43-42C0-9BFC-D03303261FA7}) (Version: 10.50.1447.4 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{8583E7E3-2237-4981-B957-E28E5E9AB678}) (Version: 10.50.1447.4 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{92C5C058-E941-47C3-B7E8-38A79C605969}) (Version: 10.50.1447.4 - Microsoft Corporation) Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework (HKLM-x32\...\{9C3B8582-A72A-4835-8903-877A834407BB}) (Version: 10.50.1447.4 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation) Microsoft SQL Server System CLR Types (HKLM-x32\...\{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}) (Version: 10.50.1447.4 - Microsoft Corporation) Microsoft SQL Server System CLR Types (x64) (HKLM\...\{197B3774-B7E6-4D50-AD0D-7F99B1E264D2}) (Version: 10.50.1447.4 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{28D06854-572C-4A65-83E5-F8CAF26B9FDC}) (Version: 10.1.2531.0 - Microsoft Corporation) Microsoft Sync Framework Runtime v1.0 SP1 (x64) de (HKLM\...\{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}) (Version: 1.0.3010.0 - Microsoft Corporation) Microsoft Sync Framework SDK v1.0 SP1 de (HKLM-x32\...\{08DA8E46-ED67-451A-9246-50E0FF6959C9}) (Version: 1.0.3010.0 - Microsoft Corporation) Microsoft Sync Framework Services v1.0 SP1 (x64) de (HKLM\...\{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}) (Version: 1.0.3010.0 - Microsoft Corporation) Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de (HKLM\...\{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}) (Version: 2.0.3010.0 - Microsoft Corporation) Microsoft Team Foundation Server 2010-Objektmodell - DEU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - DEU) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (HKLM\...\{95A2AD24-BD44-3E39-A31F-CE928276577E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 (HKLM-x32\...\{6A86554B-8928-30E4-A53C-D7337689134D}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual F# 2.0 Runtime Language Pack - DEU (HKLM-x32\...\{681F4E9F-34E0-36BD-BF2C-100554E403A5}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (HKLM\...\{E1C1D175-C23E-38F4-9AC1-ABE5167022CF}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010 Ultimate - DEU (HKLM-x32\...\Microsoft Visual Studio 2010 Ultimate - DEU) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio Macro Tools - DEU Language Pack (HKLM-x32\...\Microsoft Visual Studio Macro Tools - DEU Language Pack) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) OEM Application Profile (HKLM-x32\...\{EE55B368-EBDF-98F3-CFE7-7CE4ADBC4553}) (Version: 1.00.0004 - Advanced Micro Devices, Inc.) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Oracle VM VirtualBox 4.2.22 (HKLM\...\{CC9889DA-F802-4C85-B543-15C02543BA29}) (Version: 4.2.22 - Oracle Corporation) PDF24 Creator 6.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) Phone Screen Sharing (HKLM-x32\...\{DF02C515-40B5-45AC-A601-5DC69D03885C}) (Version: 2.0.0.21 - RSUPPORT) Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version: - PopCap Games) PowerISO (HKLM-x32\...\PowerISO) (Version: 5.9 - Power Software Ltd) PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.2 - Samsung Electronics CO., LTD.) Raccolta foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden RAPID Mode (Version: 1.0.1.81 - Samsung Electronics Co., Ltd.) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7299 - Realtek Semiconductor Corp.) Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.12.18 - Samsung Electronics CO., LTD.) S Agent (Version: 1.1.51 - Samsung Electronics CO., LTD.) Hidden Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.) Hidden Samsung Link (HKLM-x32\...\{82EC241F-DFCA-4166-A8C3-EA5D2B9A41C4}) (Version: 1.8.0.39 - Samsung Electronics CO., LTD.) Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.25.0 - SAMSUNG Electronics Co., Ltd.) Service Pack 1 für SQL Server 2008 (KB 968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation) Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.) SideSync (HKLM-x32\...\{59687468-8CE9-4ABF-9C6A-5C31F0E09F8B}) (Version: 2.0.0 - Samsung Electronics CO., LTD.) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-3589802351-439905089-1110981561-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB) Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden SRS Premium Sound (HKLM-x32\...\{E44F8A34-529E-4318-A0E1-1893C337A47F}) (Version: 1.00.2900 - DTS, Inc.) Support Center (HKLM\...\{711DE117-767F-48A8-9864-66C525B9539F}) (Version: 2.1.1223 - Samsung Electronics CO., LTD.) Support Center FAQ (x32 Version: 1.0.17 - Samsung Electronics CO., LTD.) Hidden SW Update (HKLM-x32\...\{1687FC01-135F-4ADE-B828-B461CC74BD8A}) (Version: 2.2.4 - Samsung Electronics CO., LTD.) Target 3001! V17 pcb-pool (HKLM-x32\...\Target 3001! V17 pcb-pool) (Version: - Ing. Buero FRIEDRICH) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) The KMPlayer (HKLM-x32\...\The KMPlayer) (Version: 3.9.0.124 - PandoraTV) Toastify (HKLM-x32\...\Toastify) (Version: 1.6 - Jesper Palm) Unterstützungsdateien für Microsoft SQL Server 2008-Setup (HKLM\...\{6AF73222-EE90-434C-AE7E-B96F70A68D89}) (Version: 10.1.2731.0 - Microsoft Corporation) User Guide (HKLM-x32\...\{5A6D46E0-D4F4-487D-BFC5-D7DCEB877027}) (Version: 1.3.00 - Samsung Electronics CO., LTD.) VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes) Visual Studio 2010 Prerequisites - English (HKLM\...\{53952792-BF16-300E-ADF2-E7E4367E00CF}) (Version: 10.0.30319 - Microsoft Corporation) Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows-Treiberpaket - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (08/23/2013 6.2.8400.4218) (HKLM\...\26BFE384C802803107F583AE1A739E4FEB56134B) (Version: 08/23/2013 6.2.8400.4218 - Samsung Electronics Co. Ltd.) WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3589802351-439905089-1110981561-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Nico\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3589802351-439905089-1110981561-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-3589802351-439905089-1110981561-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Nico\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3589802351-439905089-1110981561-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Nico\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3589802351-439905089-1110981561-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Nico\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3589802351-439905089-1110981561-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Nico\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3589802351-439905089-1110981561-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nico\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3589802351-439905089-1110981561-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nico\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3589802351-439905089-1110981561-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nico\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3589802351-439905089-1110981561-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nico\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3589802351-439905089-1110981561-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nico\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3589802351-439905089-1110981561-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nico\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3589802351-439905089-1110981561-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nico\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3589802351-439905089-1110981561-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nico\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 19-01-2015 13:37:19 Installiert CoDeSys for Automation Alliance 22-01-2015 19:04:36 Windows Update 24-01-2015 11:57:13 Installed SW Update 28-01-2015 07:59:32 Windows Update 03-02-2015 17:11:56 Installed Evernote v. 5.8.3 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {021FBA49-9CE2-4630-B257-D5B03319B37E} - System32\Tasks\avastBCLRestartS-1-5-21-3589802351-439905089-1110981561-1001 => Chrome.exe Task: {1544F43B-58AB-470D-A30C-256A1EC00370} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-02-02] (Microsoft Corporation) Task: {15E9A293-03E7-45AA-BC86-3F3B3819B1B1} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] () Task: {1A140134-3E42-4DF0-9CB7-2FAA45E0620F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-12-31] (Microsoft Corporation) Task: {2509EB92-8F91-4D50-9226-58A16CCD0A14} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2014-11-12] (SEC) Task: {2E71E9ED-86F0-4E4F-B678-FC7609C14A9E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated) Task: {30B4CDAE-3786-442F-9F95-EAE10B7956AF} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.) Task: {43EE1E4C-6DB3-43A6-8315-687CAE69A323} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation) Task: {5C1F0E62-71DB-4BD0-8970-2C29300B04A2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-15] (Google Inc.) Task: {6F73154C-3996-4575-A4C0-80D2763DB034} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-15] (Google Inc.) Task: {78EBD80E-DEE4-4579-B3EE-A9E2D3040183} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-15] (AVAST Software) Task: {80D783CC-237B-452C-B5FE-F728A35DFBFB} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation) Task: {A39C99FA-7FF9-43F1-B2F9-71DAA20CD0CA} - System32\Tasks\SamsungLinkPC => C:\Program Files (x86)\Samsung\HomeSync Lite\RefreshToken.exe Task: {AE673B14-DCD6-4101-A95D-53FE988A64F5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation) Task: {C76CDA18-7CD0-4DD9-A66D-7338706828D1} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-10-29] (Samsung Electronics CO., LTD.) Task: {D864362E-B144-4455-8516-27C0F4820C86} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] () Task: {DB610074-84F1-453C-9F37-C5B513F5646D} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2014-01-29] (Samsung Electronics CO., LTD.) Task: {F970148F-2656-4628-8C63-947981AA7910} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Nico_Study-Nico Nico_Study => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-02-02] (Microsoft Corporation) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2015-02-02 22:13 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2015-01-15 19:39 - 2015-01-15 19:39 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll 2015-01-15 19:39 - 2015-01-15 19:39 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll 2014-01-29 13:20 - 2014-01-29 13:20 - 00084800 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe 2014-10-01 19:54 - 2014-10-01 19:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-10-29 17:19 - 2014-10-29 17:19 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll 2013-10-10 17:48 - 2013-10-10 17:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2015-02-03 21:53 - 2015-02-03 21:53 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020301\algo.dll 2015-01-15 19:39 - 2015-01-15 19:39 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll 2010-12-23 12:06 - 2010-12-23 12:06 - 00028672 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\cx_Logging.pyd 2012-10-27 15:21 - 2012-10-27 15:21 - 00098816 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32api.pyd 2012-10-27 15:20 - 2012-10-27 15:20 - 00110080 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\pywintypes27.dll 2012-10-27 15:20 - 2012-10-27 15:20 - 00018432 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32event.pyd 2012-10-27 15:20 - 2012-10-27 15:20 - 00119808 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32file.pyd 2012-10-27 15:21 - 2012-10-27 15:21 - 00167936 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32gui.pyd 2012-10-27 15:20 - 2012-10-27 15:20 - 00024064 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32pipe.pyd 2012-10-27 15:20 - 2012-10-27 15:20 - 00035840 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32process.pyd 2012-10-27 15:20 - 2012-10-27 15:20 - 00017408 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32profile.pyd 2012-10-27 15:20 - 2012-10-27 15:20 - 00108544 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32security.pyd 2012-10-27 15:21 - 2012-10-27 15:21 - 00022528 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32ts.pyd 2012-10-27 15:22 - 2012-10-27 15:22 - 00364544 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\pythoncom27.dll 2012-10-27 15:23 - 2012-10-27 15:23 - 00320512 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32com.shell.shell.pyd 2013-11-10 19:24 - 2013-11-10 19:24 - 00087552 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\_ctypes.pyd 2013-11-10 19:24 - 2013-11-10 19:24 - 00358400 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\_hashlib.pyd 2013-11-10 19:24 - 2013-11-10 19:24 - 00044544 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\_socket.pyd 2013-11-10 19:24 - 2013-11-10 19:24 - 00899584 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\_ssl.pyd 2012-10-27 15:20 - 2012-10-27 15:20 - 00025600 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32cred.pyd 2012-10-27 15:20 - 2012-10-27 15:20 - 00011264 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32crypt.pyd 2012-10-27 15:20 - 2012-10-27 15:20 - 00064512 _____ () C:\Program Files (x86)\Sirrix AG\BitBox\bin\win32net.pyd 2014-01-29 13:20 - 2014-01-29 13:20 - 00027968 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll 2014-01-29 13:20 - 2014-01-29 13:20 - 01141056 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll 2014-01-29 13:20 - 2014-01-29 13:20 - 00109888 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll 2014-01-29 13:20 - 2014-01-29 13:20 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll 2014-01-29 13:20 - 2014-01-29 13:20 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll 2014-01-29 13:20 - 2014-01-29 13:20 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll 2014-01-29 13:20 - 2014-01-29 13:20 - 00109888 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll 2014-01-29 13:20 - 2014-01-29 13:20 - 00059712 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll 2014-01-29 13:20 - 2014-01-29 13:20 - 00102720 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll 2015-01-15 20:17 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll 2015-01-15 22:09 - 2015-01-08 21:44 - 00750080 _____ () C:\Users\Nico\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-02-04 09:58 - 2015-02-04 09:58 - 00043008 _____ () c:\users\nico\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfub0ih.dll 2015-01-15 22:09 - 2015-01-08 21:44 - 00047616 _____ () C:\Users\Nico\AppData\Roaming\Dropbox\bin\libEGL.dll 2015-01-15 22:09 - 2015-01-08 21:44 - 00863744 _____ () C:\Users\Nico\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2015-01-15 22:09 - 2015-01-08 21:44 - 00200704 _____ () C:\Users\Nico\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2015-01-15 19:39 - 2015-01-15 19:39 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2015-02-02 18:54 - 2015-02-02 18:54 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll 2015-01-15 19:31 - 2013-09-16 12:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Nico\Desktop\Hannes und der Bürgermeister Wanzen & Seelenwanderung.mp4:com.dropbox.attributes ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "Bitcasa" HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher" HKLM\...\StartupApproved\Run32: => "KiesTrayAgent" HKLM\...\StartupApproved\Run32: => "RemoteControl10" HKLM\...\StartupApproved\Run32: => "ENISysTray" HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows" HKLM\...\StartupApproved\Run32: => "PDFPrint" HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive" HKU\S-1-5-21-3589802351-439905089-1110981561-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk" HKU\S-1-5-21-3589802351-439905089-1110981561-1001\...\StartupApproved\Run: => "Spotify" ========================= Accounts: ========================== Administrator (S-1-5-21-3589802351-439905089-1110981561-500 - Administrator - Disabled) BitBox (S-1-5-21-3589802351-439905089-1110981561-1002 - Limited - Enabled) Gast (S-1-5-21-3589802351-439905089-1110981561-501 - Limited - Disabled) Nico (S-1-5-21-3589802351-439905089-1110981561-1001 - Administrator - Enabled) => C:\Users\Nico ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (02/04/2015 09:50:51 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: Das Volume "Windows RE tools" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057) Error: (02/03/2015 00:22:05 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: IAStorIcon.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.ObjectDisposedException Stapel: Server stack trace: bei System.ServiceModel.Channels.CommunicationObject.ThrowIfDisposedOrNotOpen() bei System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) bei System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) bei System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage) bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(System.Runtime.Remoting.Proxies.MessageData ByRef, Int32) bei IAStorDataMgrSvcInterfaces.IPublisher.GetServerBit() bei IAStorIcon.StorageIcon.<trySubscription>b__0(System.Object) bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() bei System.Threading.ThreadPoolWorkQueue.Dispatch() bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (02/02/2015 10:53:35 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: ) Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {8BD86F89-74DA-4351-A1FC-51861390CBFF} Error: (02/02/2015 10:53:35 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: ) Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {8BD86F89-74DA-4351-A1FC-51861390CBFF} Error: (02/02/2015 10:53:31 PM) (Source: Microsoft Office 15) (EventID: 2001) (User: ) Description: Microsoft PowerPoint: Rejected Safe Mode action : PowerPoint konnte beim letzten Mal nicht gestartet werden. Der abgesicherte Modus kann Ihnen bei der Problembehandlung behilflich sein. Einige Features sind aber in diesem Modus möglicherweise nicht verfügbar. Möchten Sie im abgesicherten Modus starten?. Rejected Safe Mode action : Microsoft PowerPoint. Error: (02/02/2015 10:52:16 PM) (Source: ATIeRecord) (EventID: 16386) (User: ) Description: ATI EEU Client has failed to start Error: (02/02/2015 09:27:55 PM) (Source: ATIeRecord) (EventID: 16386) (User: ) Description: ATI EEU Client has failed to start Error: (02/02/2015 09:27:29 PM) (Source: ATIeRecord) (EventID: 16386) (User: ) Description: ATI EEU Client has failed to start Error: (02/02/2015 09:26:54 PM) (Source: ATIeRecord) (EventID: 16386) (User: ) Description: ATI EEU Client has failed to start Error: (02/02/2015 05:18:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Nico_Study) Description: Das Paket „Tagesschau.Tagesschau_1.1.0.4_x64__6364r0569j69m+App“ wurde beendet, da das Anhalten zu lange dauerte. System errors: ============= Error: (02/04/2015 09:51:51 AM) (Source: DCOM) (EventID: 10010) (User: Nico_Study) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (02/04/2015 09:51:20 AM) (Source: DCOM) (EventID: 10010) (User: Nico_Study) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (02/04/2015 09:40:22 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\WINDOWS\System32\IWMSSvc.dll Error: (02/04/2015 09:40:22 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\WINDOWS\System32\IWMSSvc.dll Error: (02/04/2015 09:40:21 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\WINDOWS\System32\IWMSSvc.dll Error: (02/04/2015 09:39:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Bluetooth OBEX Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (02/04/2015 09:39:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts. Error: (02/04/2015 09:39:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (02/04/2015 09:39:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Intel(R) ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (02/04/2015 09:39:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Intel(R) Integrated Clock Controller Service - Intel(R) ICCS" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Microsoft Office Sessions: ========================= Error: (02/04/2015 09:50:51 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: Windows RE toolsFalscher Parameter. (0x80070057) Error: (02/03/2015 00:22:05 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: IAStorIcon.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: System.ObjectDisposedException Stapel: Server stack trace: bei System.ServiceModel.Channels.CommunicationObject.ThrowIfDisposedOrNotOpen() bei System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) bei System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) bei System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) bei System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage) bei System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(System.Runtime.Remoting.Proxies.MessageData ByRef, Int32) bei IAStorDataMgrSvcInterfaces.IPublisher.GetServerBit() bei IAStorIcon.StorageIcon.<trySubscription>b__0(System.Object) bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() bei System.Threading.ThreadPoolWorkQueue.Dispatch() bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (02/02/2015 10:53:35 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: ) Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {8BD86F89-74DA-4351-A1FC-51861390CBFF} Error: (02/02/2015 10:53:35 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: ) Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {8BD86F89-74DA-4351-A1FC-51861390CBFF} Error: (02/02/2015 10:53:31 PM) (Source: Microsoft Office 15) (EventID: 2001) (User: ) Description: Microsoft PowerPointPowerPoint konnte beim letzten Mal nicht gestartet werden. Der abgesicherte Modus kann Ihnen bei der Problembehandlung behilflich sein. Einige Features sind aber in diesem Modus möglicherweise nicht verfügbar. Möchten Sie im abgesicherten Modus starten? Error: (02/02/2015 10:52:16 PM) (Source: ATIeRecord) (EventID: 16386) (User: ) Description: Error: (02/02/2015 09:27:55 PM) (Source: ATIeRecord) (EventID: 16386) (User: ) Description: Error: (02/02/2015 09:27:29 PM) (Source: ATIeRecord) (EventID: 16386) (User: ) Description: Error: (02/02/2015 09:26:54 PM) (Source: ATIeRecord) (EventID: 16386) (User: ) Description: Error: (02/02/2015 05:18:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Nico_Study) Description: Tagesschau.Tagesschau_1.1.0.4_x64__6364r0569j69m+App ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-3635QM CPU @ 2.40GHz Percentage of memory in use: 49% Total physical RAM: 16270.86 MB Available physical RAM: 8166.98 MB Total Pagefile: 16470.86 MB Available Pagefile: 8443.42 MB Total Virtual: 131072 MB Available Virtual: 131071.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:393.69 GB) (Free:241.07 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 5900EE1B) Partition: GPT Partition Type. ==================== End Of Log ============================ FRST.txt (nach dem deinstallieren): Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015 Ran by Nico (administrator) on NICO_STUDY on 04-02-2015 10:01:13 Running from C:\Users\Nico\Desktop Loaded Profiles: Nico (Available profiles: Nico) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Condusiv Technologies) C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Sirrix AG) C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (3S-Smart Software Solutions GmbH) C:\Program Files (x86)\3S Software\CoDeSys ENI Server\ENI.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe (Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Spotify Ltd) C:\Users\Nico\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Dropbox, Inc.) C:\Users\Nico\AppData\Roaming\Dropbox\bin\Dropbox.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894152 2013-11-04] (ELAN Microelectronics Corp.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13674712 2014-07-16] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1389936 2014-07-18] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_SRSSA] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1389936 2014-07-18] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281776 2014-09-16] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310640 2013-03-07] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.) HKLM-x32\...\Run: [ENISysTray] => C:\Program Files (x86)\3S Software\CoDeSys ENI Server\ENISysTray.exe [245760 2009-01-20] (3S-Smart Software Solutions GmbH) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3589802351-439905089-1110981561-1001\...\Run: [Quick Starter] => C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe [2358064 2014-07-15] (Samsung Electronics CO., LTD.) HKU\S-1-5-21-3589802351-439905089-1110981561-1001\...\Run: [Spotify] => C:\Users\Nico\AppData\Roaming\Spotify\Spotify.exe [6737976 2015-01-15] (Spotify Ltd) HKU\S-1-5-21-3589802351-439905089-1110981561-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30873192 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-3589802351-439905089-1110981561-1001\...\Run: [Spotify Web Helper] => C:\Users\Nico\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-15] (Spotify Ltd) HKU\S-1-5-21-3589802351-439905089-1110981561-1001\...\MountPoints2: {5978b983-9cee-11e4-be94-b4b6769c136d} - "E:\autorun.exe" Startup: C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Nico\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {75EE9A76-CCF7-47D7-BAA3-573E905D5109} => C:\windows\SYSTEM32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [BitcasaIconOverlay] -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll (Bitcasa, Inc) ShellIconOverlayIdentifiers: [BitcasaProgressOverlay] -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll (Bitcasa, Inc) ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {75EE9A76-CCF7-47D7-BAA3-573E905D5109} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) AutoConfigURL: [S-1-5-21-3589802351-439905089-1110981561-1001] => file://C:\Program Files (x86)\Dynamo Combo\bin\Pac9064.js HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3589802351-439905089-1110981561-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms} HKU\S-1-5-21-3589802351-439905089-1110981561-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3589802351-439905089-1110981561-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006 SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3589802351-439905089-1110981561-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\045rdp04.default FF DefaultSearchEngine: Google (avast) FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006 FF Keyword.URL: https://www.google.com/search/?trackid=sp-006 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\045rdp04.default\searchplugins\google-avast.xml FF Extension: YouTube Unblocker - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\045rdp04.default\Extensions\youtubeunblocker@unblocker.yt [2015-01-15] FF Extension: Adblock Plus - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\045rdp04.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-25] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-14] Chrome: ======= CHR StartupUrls: Default -> "https://www.google.com/?trackid=sp-006" CHR Profile: C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-15] CHR Extension: (Google Drive) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-15] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-15] CHR Extension: (YouTube) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-15] CHR Extension: (Google-Suche) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-15] CHR Extension: (Google Tabellen) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-15] CHR Extension: (Avast Online Security) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-15] CHR Extension: (Google Wallet) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-18] CHR Extension: (Google Mail) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-15] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-15] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-15] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-01-15] (Avast Software) R2 BitBoxService; C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe [738304 2014-03-18] (Sirrix AG) [File not signed] S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593152 2014-01-29] (Samsung Electronics CO., LTD.) R2 ENI Server; C:\Program Files (x86)\3S Software\CoDeSys ENI Server\ENI.exe [651264 2009-01-20] (3S-Smart Software Solutions GmbH) [File not signed] R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-09-05] (ELAN Microelectronics Corp.) R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [243880 2015-01-16] (Foxit Software Inc.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation) R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation) R2 IntelliMemory; C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe [55720 2012-12-21] (Condusiv Technologies) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] () R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28848 2014-09-16] (Samsung Electronics Co., Ltd.) S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation) R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3000664 2015-01-06] (Samsung Electronics CO., LTD.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2015-01-15] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-01-15] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2014-07-21] (Advanced Micro Devices, Inc.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-15] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-15] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-15] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-15] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-15] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-15] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-15] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-15] () R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131328 2014-11-21] (Microsoft Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation) R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.) R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation) R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22832 2013-07-24] (ELAN Microelectronic Corp.) R1 intmfs; C:\Windows\System32\DRIVERS\intmfs.sys [29096 2012-12-21] (Condusiv Technologies) R0 intmsd; C:\Windows\System32\DRIVERS\intmsd.sys [104872 2012-12-21] (Condusiv Technologies) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation) R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation) R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider) R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [268976 2014-09-16] (Samsung Electronics Co., Ltd.) R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111280 2014-09-16] (Samsung Electronics Co., Ltd.) R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation) R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-01-15] (Avast Software) S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-01-15] (Microsoft Corporation) R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider) |
04.02.2015, 10:24 | #7 |
| Windows 8.1: Spyware? "Dynamo Combo" Add-on verursacht umleitung auf Werbung FRST.txt Teil2(nach dem deinstallieren): Code:
ATTFilter ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-04 10:01 - 2015-02-04 10:01 - 00027390 _____ () C:\Users\Nico\Desktop\FRST.txt 2015-02-04 10:00 - 2015-02-04 10:00 - 00000000 ____D () C:\Users\Nico\Desktop\Vor bereinigung 2015-02-04 09:59 - 2015-02-04 09:59 - 00002243 _____ () C:\Users\Nico\Desktop\mbam.txt 2015-02-04 09:59 - 2015-02-04 09:59 - 00000197 _____ () C:\WINDOWS\system32\2015-02-04-08-59-46.048-AvastVBoxSVC.exe-4012.log 2015-02-04 09:42 - 2015-02-04 09:58 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-02-04 09:42 - 2015-02-04 09:43 - 00000197 _____ () C:\WINDOWS\system32\2015-02-04-08-42-45.053-AvastVBoxSVC.exe-3852.log 2015-02-04 09:42 - 2015-02-04 09:42 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-04 09:42 - 2015-02-04 09:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-04 09:42 - 2015-02-04 09:42 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-04 09:42 - 2015-02-04 09:42 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-04 09:42 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-02-04 09:42 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-02-04 09:42 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-02-04 09:41 - 2015-02-04 09:41 - 00007061 _____ () C:\Users\Nico\Desktop\AdwCleaner[S0]_afterDelete.txt 2015-02-04 09:26 - 2015-02-04 09:27 - 00000168 _____ () C:\Users\Nico\Desktop\Anmerkung.txt 2015-02-04 09:23 - 2015-02-04 09:23 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Nico\Downloads\mbam-setup-2.0.4.1028.exe 2015-02-04 09:23 - 2015-02-04 09:23 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Nico\Desktop\mbam-setup-2.0.4.1028.exe 2015-02-04 09:22 - 2015-02-04 09:22 - 00000197 _____ () C:\WINDOWS\system32\2015-02-04-08-22-21.007-AvastVBoxSVC.exe-4012.log 2015-02-03 22:54 - 2015-02-03 22:54 - 00001506 _____ () C:\Users\Nico\Desktop\Zuhause ausdrucken!!! - Verknüpfung.lnk 2015-02-03 19:38 - 2014-10-20 21:09 - 820361873 _____ () C:\Users\Nico\Desktop\Hannes und der Bürgermeister Wanzen & Seelenwanderung.mp4 2015-02-03 17:13 - 2015-02-03 17:13 - 00002523 _____ () C:\Users\Public\Desktop\Evernote.lnk 2015-02-03 17:13 - 2015-02-03 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote 2015-02-03 12:59 - 2015-02-03 12:59 - 00000197 _____ () C:\WINDOWS\system32\2015-02-03-11-59-37.062-AvastVBoxSVC.exe-3880.log 2015-02-03 07:11 - 2015-02-03 07:11 - 00000197 _____ () C:\WINDOWS\system32\2015-02-03-06-11-27.000-AvastVBoxSVC.exe-3892.log 2015-02-03 00:33 - 2015-02-03 00:33 - 00000197 _____ () C:\WINDOWS\system32\2015-02-02-23-33-21.036-AvastVBoxSVC.exe-3252.log 2015-02-02 23:03 - 2015-02-02 23:03 - 00000247 _____ () C:\WINDOWS\system32\2015-02-02-22-03-47.032-aswFe.exe-7096.log 2015-02-02 22:59 - 2015-02-02 23:03 - 00000247 _____ () C:\WINDOWS\system32\2015-02-02-21-59-03.091-aswFe.exe-7080.log 2015-02-02 22:59 - 2015-02-02 22:59 - 00000197 _____ () C:\WINDOWS\system32\2015-02-02-21-59-02.072-AvastVBoxSVC.exe-7488.log 2015-02-02 22:39 - 2015-02-02 22:39 - 00029157 _____ () C:\Users\Nico\Desktop\Logfiles.zip 2015-02-02 21:30 - 2015-02-02 21:30 - 00000197 _____ () C:\WINDOWS\system32\2015-02-02-20-30-04.070-AvastVBoxSVC.exe-2668.log 2015-02-02 21:26 - 2015-02-02 21:26 - 00000197 _____ () C:\WINDOWS\system32\2015-02-02-20-26-20.004-AvastVBoxSVC.exe-3932.log 2015-02-02 21:14 - 2015-02-02 21:14 - 00380416 _____ () C:\Users\Nico\Downloads\Gmer-19357.exe 2015-02-02 21:14 - 2015-02-02 21:14 - 00380416 _____ () C:\Users\Nico\Desktop\Gmer-19357.exe 2015-02-02 21:09 - 2015-02-04 10:01 - 00000000 ____D () C:\FRST 2015-02-02 21:08 - 2015-02-02 21:08 - 02131456 _____ (Farbar) C:\Users\Nico\Downloads\FRST64.exe 2015-02-02 21:08 - 2015-02-02 21:08 - 02131456 _____ (Farbar) C:\Users\Nico\Desktop\FRST64.exe 2015-02-02 21:07 - 2015-02-02 21:07 - 00000000 _____ () C:\Users\Nico\defogger_reenable 2015-02-02 21:07 - 2015-02-02 21:06 - 00050477 _____ () C:\Users\Nico\Desktop\Defogger.exe 2015-02-02 21:06 - 2015-02-02 21:06 - 00050477 _____ () C:\Users\Nico\Downloads\Defogger.exe 2015-02-02 18:40 - 2015-02-04 09:39 - 00000000 ____D () C:\AdwCleaner 2015-02-02 18:39 - 2015-02-02 18:39 - 02194432 _____ () C:\Users\Nico\Downloads\adwcleaner_4.109.exe 2015-02-02 18:39 - 2015-02-02 18:39 - 02194432 _____ () C:\Users\Nico\Desktop\adwcleaner_4.109.exe 2015-02-02 07:27 - 2015-02-02 07:28 - 00000197 _____ () C:\WINDOWS\system32\2015-02-02-06-27-57.055-AvastVBoxSVC.exe-3956.log 2015-02-01 19:36 - 2015-02-04 09:58 - 00005140 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for Nico_Study-Nico Nico_Study 2015-02-01 19:36 - 2015-02-01 19:36 - 00000000 ____D () C:\Users\Nico\Documents\Benutzerdefinierte Office-Vorlagen 2015-02-01 18:39 - 2015-02-01 18:39 - 00002185 _____ () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk 2015-02-01 18:39 - 2015-02-01 18:39 - 00002132 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk 2015-02-01 18:39 - 2015-02-01 18:39 - 00002132 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk 2015-02-01 18:39 - 2015-02-01 18:39 - 00000000 ___RD () C:\Users\Nico\SkyDrive 2015-02-01 18:39 - 2015-02-01 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices 2015-02-01 18:39 - 2015-02-01 18:39 - 00000000 ____D () C:\ProgramData\Microsoft SkyDrive 2015-02-01 18:39 - 2015-02-01 18:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft SkyDrive 2015-02-01 18:36 - 2015-02-02 22:13 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2015-02-01 18:36 - 2015-02-01 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-02-01 18:35 - 2015-02-01 18:35 - 01064632 _____ (Microsoft Corporation) C:\Users\Nico\Downloads\Setup.X86.de-DE_O365HomePremRetail_69addc71-75e4-44ca-8fe2-b75fec0ab50a_TX_DB_.exe 2015-01-31 21:32 - 2015-01-31 21:32 - 00000666 _____ () C:\Users\Nico\Documents\Desktop - Verknüpfung.lnk 2015-01-31 20:25 - 2015-01-31 20:25 - 00084743 _____ () C:\Users\Nico\Downloads\Lohnsteuertabelle 2015.html 2015-01-31 11:45 - 2015-01-31 11:46 - 00000197 _____ () C:\WINDOWS\system32\2015-01-31-10-45-29.010-AvastVBoxSVC.exe-2208.log 2015-01-30 07:17 - 2015-01-30 07:17 - 00000197 _____ () C:\WINDOWS\system32\2015-01-30-06-17-00.090-AvastVBoxSVC.exe-3828.log 2015-01-29 07:35 - 2015-01-29 07:35 - 00000247 _____ () C:\WINDOWS\system32\2015-01-29-06-35-36.066-aswFe.exe-7372.log 2015-01-29 07:30 - 2015-01-29 07:35 - 00000247 _____ () C:\WINDOWS\system32\2015-01-29-06-30-54.071-aswFe.exe-6736.log 2015-01-29 07:30 - 2015-01-29 07:30 - 00000197 _____ () C:\WINDOWS\system32\2015-01-29-06-30-53.005-AvastVBoxSVC.exe-1236.log 2015-01-29 07:22 - 2015-01-29 07:22 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\BRT 2015-01-28 12:49 - 2015-01-28 12:50 - 00000197 _____ () C:\WINDOWS\system32\2015-01-28-11-49-54.090-AvastVBoxSVC.exe-1900.log 2015-01-28 07:25 - 2015-01-28 07:25 - 00000197 _____ () C:\WINDOWS\system32\2015-01-28-06-25-25.070-AvastVBoxSVC.exe-4116.log 2015-01-27 23:50 - 2015-01-27 23:50 - 00000197 _____ () C:\WINDOWS\system32\2015-01-27-22-50-04.045-AvastVBoxSVC.exe-3340.log 2015-01-27 22:00 - 2015-01-27 22:02 - 51621699 _____ () C:\Users\Nico\Downloads\fritzing.0.9.1b.64.pc_1.zip 2015-01-27 12:45 - 2015-01-27 12:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-25 11:13 - 2015-01-25 11:13 - 00000197 _____ () C:\WINDOWS\system32\2015-01-25-10-13-02.080-AvastVBoxSVC.exe-4020.log 2015-01-24 12:00 - 2015-01-24 12:00 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\PowerISO 2015-01-24 11:57 - 2015-01-24 11:57 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2015-01-24 11:55 - 2015-01-24 11:56 - 00000197 _____ () C:\WINDOWS\system32\2015-01-24-10-55-59.055-AvastVBoxSVC.exe-3480.log 2015-01-24 11:55 - 2015-01-24 11:55 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2015-01-24 00:31 - 2015-01-28 13:40 - 00003278 _____ () C:\WINDOWS\System32\Tasks\avastBCLRestartS-1-5-21-3589802351-439905089-1110981561-1001 2015-01-23 17:13 - 2015-01-23 17:14 - 00754216 _____ (DownloadAstro) C:\Users\Nico\Downloads\kmplayer.exe 2015-01-23 16:02 - 2015-01-23 16:02 - 00000197 _____ () C:\WINDOWS\system32\2015-01-23-15-02-14.017-AvastVBoxSVC.exe-3960.log 2015-01-23 15:51 - 2015-01-23 15:51 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader 2015-01-23 15:49 - 2015-01-23 18:59 - 00000000 ____D () C:\Users\Nico\AppData\Local\JDownloader v2.0 2015-01-23 07:18 - 2015-01-23 07:19 - 00000197 _____ () C:\WINDOWS\system32\2015-01-23-06-18-57.062-AvastVBoxSVC.exe-3996.log 2015-01-21 14:25 - 2015-01-21 14:25 - 00000000 ____D () C:\Users\Nico\AppData\Local\PDF24 2015-01-20 07:16 - 2015-01-20 07:17 - 00000197 _____ () C:\WINDOWS\system32\2015-01-20-06-16-31.052-AvastVBoxSVC.exe-3912.log 2015-01-20 07:15 - 2015-01-20 07:15 - 00000000 ____D () C:\ENI 2015-01-19 14:28 - 2015-01-19 14:28 - 00000000 ____D () C:\Program Files (x86)\Evernote 2015-01-19 14:23 - 2015-01-19 14:25 - 98672136 _____ (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\Nico\Downloads\Evernote_5.8.1.6061.exe 2015-01-19 13:39 - 2008-06-06 14:15 - 00016488 _____ (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\Drivers\SysDrv3S.sys 2015-01-19 13:38 - 2015-01-19 13:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3S Software 2015-01-19 13:38 - 2015-01-19 13:39 - 00000000 ____D () C:\Program Files (x86)\3S Software 2015-01-19 13:38 - 2015-01-19 13:39 - 00000000 ____D () C:\lm.dat 2015-01-19 13:38 - 2015-01-19 13:38 - 00000000 ____D () C:\WINDOWS\Gateway Files 2015-01-19 13:38 - 2015-01-19 13:38 - 00000000 ____D () C:\Users\Nico\AppData\Local\EvernoteNW 2015-01-19 13:38 - 2010-06-10 13:53 - 00225353 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\Gateway.exe 2015-01-19 13:38 - 2010-06-10 13:53 - 00217164 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\GDrvStd.dll 2015-01-19 13:38 - 2010-06-10 13:53 - 00192588 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\GClient.dll 2015-01-19 13:38 - 2010-06-10 13:53 - 00184396 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\GatewayDDE.exe 2015-01-19 13:38 - 2010-06-10 13:53 - 00147532 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\GSymbol.dll 2015-01-19 13:38 - 2010-06-10 13:53 - 00147528 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\GUtil.dll 2015-01-19 13:38 - 2010-06-10 13:53 - 00143436 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\GHandle.dll 2015-01-19 13:38 - 2010-06-10 13:53 - 00135258 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\GHandleStdcall.dll 2015-01-19 13:38 - 2010-06-10 13:53 - 00114766 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\GDrvBase.dll 2015-01-19 13:38 - 2010-06-10 13:53 - 00081993 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\CommUsr.dll 2015-01-19 13:38 - 2010-06-10 13:53 - 00040960 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\CAN_VCI.dll 2015-01-19 13:38 - 2010-06-10 13:53 - 00036937 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\CommSym.dll 2015-01-19 13:38 - 2010-06-10 13:53 - 00032768 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\PEAK_USB.dll 2015-01-19 13:38 - 2010-06-10 13:53 - 00032768 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\PEAK_DNG.dll 2015-01-19 13:38 - 2010-05-11 17:10 - 00483328 _____ (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\LMAPI.DLL 2015-01-19 13:38 - 2010-01-07 16:57 - 00081408 ____N (PEAK-System Technik GmbH) C:\WINDOWS\SysWOW64\PCAN_USB.dll 2015-01-19 13:38 - 2010-01-07 16:57 - 00069120 ____N (PEAK-System Technik GmbH) C:\WINDOWS\SysWOW64\PCAN_DNG.dll 2015-01-19 13:38 - 2009-01-20 08:45 - 00274432 _____ (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\ENIClient.dll 2015-01-19 13:38 - 2007-04-10 16:30 - 00088613 _____ () C:\WINDOWS\SysWOW64\gateway.chm 2015-01-19 13:38 - 2007-02-27 16:59 - 00139264 _____ (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\3SXMLParser.dll 2015-01-19 13:38 - 2000-11-10 08:38 - 00114688 _____ (Technosoftware AG) C:\WINDOWS\SysWOW64\OCSDAAuto.dll 2015-01-19 13:38 - 2000-11-10 08:38 - 00077824 _____ (OPC Foundation) C:\WINDOWS\SysWOW64\opcproxy.dll 2015-01-19 13:38 - 2000-11-10 08:38 - 00075264 _____ () C:\WINDOWS\SysWOW64\callrproxy.dll 2015-01-19 13:38 - 2000-11-10 08:38 - 00061440 _____ (OPC Foundation) C:\WINDOWS\SysWOW64\opccomn_ps.dll 2015-01-19 13:38 - 2000-11-10 08:38 - 00060416 _____ () C:\WINDOWS\SysWOW64\OPCENUM.EXE 2015-01-19 13:38 - 2000-11-10 08:38 - 00040960 _____ (Technosoftware AG) C:\WINDOWS\SysWOW64\OCSSpy_ps.dll 2015-01-19 13:35 - 2015-01-19 13:35 - 00000197 _____ () C:\WINDOWS\system32\2015-01-19-12-35-36.019-AvastVBoxSVC.exe-3620.log 2015-01-18 16:12 - 2015-01-18 16:12 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2010 2015-01-18 16:12 - 2015-01-18 16:12 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2010 2015-01-18 15:18 - 2015-01-18 15:18 - 00000197 _____ () C:\WINDOWS\system32\2015-01-18-14-18-08.028-AvastVBoxSVC.exe-3876.log 2015-01-18 15:11 - 2015-01-18 15:11 - 00000197 _____ () C:\WINDOWS\system32\2015-01-18-14-11-07.053-AvastVBoxSVC.exe-3680.log 2015-01-16 00:17 - 2015-01-16 00:17 - 00000247 _____ () C:\WINDOWS\system32\2015-01-15-23-17-19.029-aswFe.exe-5592.log 2015-01-16 00:07 - 2015-01-16 00:17 - 00000247 _____ () C:\WINDOWS\system32\2015-01-15-23-07-38.068-aswFe.exe-5112.log 2015-01-16 00:07 - 2015-01-16 00:07 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-23-07-05.000-AvastVBoxSVC.exe-5652.log 2015-01-15 22:41 - 2015-01-15 22:41 - 00000000 ____D () C:\WINDOWS\SysWOW64\1033 2015-01-15 22:41 - 2015-01-15 22:41 - 00000000 ____D () C:\WINDOWS\system32\RsFx 2015-01-15 22:41 - 2015-01-15 22:41 - 00000000 ____D () C:\WINDOWS\system32\1033 2015-01-15 22:41 - 2015-01-15 22:41 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0 2015-01-15 22:41 - 2009-07-21 01:42 - 00111640 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll 2015-01-15 22:41 - 2009-07-21 01:42 - 00079896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll 2015-01-15 22:41 - 2009-07-21 01:42 - 00078872 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2015-01-15 22:41 - 2009-07-21 01:42 - 00050200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2015-01-15 22:40 - 2015-01-15 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 2015-01-15 22:39 - 2015-01-15 22:41 - 00000000 ____D () C:\Program Files\Microsoft SQL Server 2015-01-15 22:39 - 2015-01-15 22:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server 2015-01-15 22:39 - 2015-01-15 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Sync Framework 2015-01-15 22:39 - 2015-01-15 22:39 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services 2015-01-15 22:39 - 2015-01-15 22:39 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework 2015-01-15 22:39 - 2015-01-15 22:39 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition 2015-01-15 22:39 - 2015-01-15 22:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services 2015-01-15 22:38 - 2015-01-15 22:38 - 00000000 ____D () C:\ProgramData\PreEmptive Solutions 2015-01-15 22:36 - 2015-01-15 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 3 SDK - Deutsch 2015-01-15 22:35 - 2015-01-15 22:35 - 00000000 ____D () C:\Users\Nico\Documents\Visual Studio 2008 2015-01-15 22:35 - 2015-01-15 22:35 - 00000000 ____D () C:\Program Files\IIS 2015-01-15 22:35 - 2015-01-15 22:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET 2015-01-15 22:35 - 2015-01-15 22:35 - 00000000 ____D () C:\Program Files (x86)\IIS 2015-01-15 22:34 - 2015-01-15 22:34 - 00000000 ____D () C:\Users\Nico\Documents\Visual Studio 2010 2015-01-15 22:32 - 2015-01-18 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 2015-01-15 22:32 - 2015-01-15 22:41 - 00000000 ____D () C:\WINDOWS\SysWOW64\1031 2015-01-15 22:32 - 2015-01-15 22:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0 2015-01-15 22:32 - 2015-01-15 22:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft F# 2015-01-15 22:32 - 2015-01-15 22:33 - 00000000 ____D () C:\Program Files (x86)\HTML Help Workshop 2015-01-15 22:31 - 2015-01-15 22:41 - 00000000 ____D () C:\WINDOWS\system32\1031 2015-01-15 22:31 - 2015-01-15 22:39 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 10.0 2015-01-15 22:31 - 2015-01-15 22:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs 2015-01-15 22:31 - 2015-01-15 22:31 - 00000000 ____D () C:\WINDOWS\symbols 2015-01-15 22:31 - 2015-01-15 22:31 - 00000000 ____D () C:\Program Files\Microsoft Help Viewer 2015-01-15 22:31 - 2015-01-15 22:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 9.0 2015-01-15 22:30 - 2015-01-15 22:30 - 00000000 ____D () C:\WINDOWS\PCHEALTH 2015-01-15 22:27 - 2015-01-21 14:33 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Windows Live Writer 2015-01-15 22:27 - 2015-01-15 22:27 - 00000000 ____D () C:\Users\Nico\AppData\Local\Windows Live Writer 2015-01-15 22:22 - 2015-01-15 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ELECTRA_250 2015-01-15 22:22 - 2015-01-15 22:22 - 00000000 ____D () C:\ProgramData\CP70vxDj0 2015-01-15 22:22 - 2015-01-15 22:22 - 00000000 ____D () C:\Program Files (x86)\ELECTRA_250 2015-01-15 22:21 - 2015-01-15 22:21 - 00000806 _____ () C:\Users\Nico\Downloads\#Ablage.lnk 2015-01-15 22:21 - 2015-01-15 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TARGET 3001! V17 pcb-pool 2015-01-15 22:21 - 2015-01-15 22:21 - 00000000 ____D () C:\Program Files (x86)\ibf 2015-01-15 22:13 - 2015-02-04 09:58 - 00000000 ___RD () C:\Users\Nico\Dropbox 2015-01-15 22:06 - 2015-01-15 22:06 - 00324136 _____ (Dropbox, Inc.) C:\Users\Nico\Downloads\DropboxInstaller.exe 2015-01-15 21:57 - 2015-01-15 21:57 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-20-57-11.022-AvastVBoxSVC.exe-3676.log 2015-01-15 21:55 - 2015-01-15 21:55 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Sirrix AG 2015-01-15 21:54 - 2015-01-15 21:54 - 00000000 ____D () C:\Users\Nico\AppData\Local\Cisco 2015-01-15 21:54 - 2015-01-15 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco 2015-01-15 21:54 - 2015-01-15 21:54 - 00000000 ____D () C:\ProgramData\Cisco 2015-01-15 21:54 - 2013-10-10 17:29 - 00112496 ____R (Cisco Systems, Inc.) C:\WINDOWS\system32\Drivers\acsock64.sys 2015-01-15 21:53 - 2015-01-15 21:53 - 00001275 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser in the Box.lnk 2015-01-15 21:53 - 2015-01-15 21:53 - 00000000 ____D () C:\ProgramData\Sirrix AG 2015-01-15 21:53 - 2015-01-15 21:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser in the Box 2015-01-15 21:53 - 2015-01-15 21:53 - 00000000 ____D () C:\Program Files (x86)\Sirrix AG 2015-01-15 21:50 - 2015-01-15 21:50 - 00000000 ____D () C:\Program Files\Oracle 2015-01-15 21:50 - 2014-01-10 22:49 - 00239376 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys 2015-01-15 21:50 - 2014-01-10 22:48 - 00119056 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys 2015-01-15 21:46 - 2015-01-15 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-01-15 21:45 - 2015-01-15 22:09 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-01-15 21:43 - 2015-02-04 09:59 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-15 21:43 - 2015-02-04 09:57 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-15 21:43 - 2015-01-15 21:54 - 00004112 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-01-15 21:43 - 2015-01-15 21:54 - 00003876 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-01-15 21:43 - 2015-01-15 21:46 - 00000000 ____D () C:\Users\Nico\AppData\Local\Google 2015-01-15 21:43 - 2015-01-15 21:46 - 00000000 ____D () C:\Program Files (x86)\Google 2015-01-15 21:42 - 2015-02-04 09:58 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Dropbox 2015-01-15 21:37 - 2015-01-15 21:37 - 00000000 ____D () C:\Users\Nico\AppData\Local\Evernote 2015-01-15 21:32 - 2015-01-18 15:59 - 00004062 _____ () C:\Users\Nico\AppData\Roaming\LTspiceIV.ini 2015-01-15 21:30 - 2015-01-15 21:30 - 00001211 _____ () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\LTspice IV.lnk 2015-01-15 21:30 - 2015-01-15 21:30 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Toastify 2015-01-15 21:29 - 2015-01-15 21:29 - 00000000 ____D () C:\Program Files (x86)\LTC 2015-01-15 21:20 - 2015-01-15 21:21 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-20-20-55.031-AvastVBoxSVC.exe-3124.log 2015-01-15 21:20 - 2015-01-15 21:20 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-01-15 21:20 - 2015-01-15 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-01-15 21:19 - 2015-01-15 21:19 - 00000844 _____ () C:\Users\Nico\Desktop\##Studium## - Verknüpfung.lnk 2015-01-15 21:19 - 2015-01-15 21:19 - 00000806 _____ () C:\Users\Nico\Desktop\#Ablage - Verknüpfung.lnk 2015-01-15 21:18 - 2015-01-15 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 2015-01-15 21:18 - 2015-01-15 21:18 - 00000000 ____D () C:\Program Files (x86)\PDF24 2015-01-15 21:17 - 2015-01-15 22:21 - 00000000 ____D () C:\Program Files (x86)\PhotoshopPortable 2015-01-15 21:16 - 2015-01-15 21:16 - 00000039 _____ () C:\Users\Nico\AppData\Roaming\SupportBox_MSUL.cfg 2015-01-15 21:16 - 2015-01-15 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO 2015-01-15 21:16 - 2015-01-15 21:16 - 00000000 ____D () C:\Program Files\PowerISO 2015-01-15 21:16 - 2014-03-30 07:26 - 00129944 _____ (Power Software Ltd) C:\WINDOWS\system32\Drivers\scdemu.sys 2015-01-15 21:15 - 2015-01-15 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes 2015-01-15 21:15 - 2015-01-15 21:15 - 00000000 ____D () C:\Program Files (x86)\Toastify 2015-01-15 21:15 - 2015-01-15 21:15 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes 2015-01-15 21:11 - 2015-02-03 17:15 - 00000000 ____D () C:\Users\Nico\AppData\Local\Spotify 2015-01-15 21:11 - 2015-01-15 21:11 - 00001794 _____ () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2015-01-15 21:11 - 2015-01-15 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2015-01-15 21:11 - 2015-01-15 21:11 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client 2015-01-15 21:10 - 2015-01-23 18:57 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\vlc 2015-01-15 21:10 - 2015-01-15 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2015-01-15 21:10 - 2015-01-15 21:10 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2015-01-15 21:09 - 2015-02-03 21:20 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Spotify 2015-01-15 21:09 - 2015-01-15 21:09 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2015-01-15 21:08 - 2015-01-15 21:08 - 00000000 ____D () C:\The KMPlayer 2015-01-15 21:06 - 2015-01-15 21:06 - 00001478 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk 2015-01-15 21:06 - 2015-01-15 21:06 - 00001329 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2015-01-15 21:06 - 2015-01-15 21:06 - 00000000 ____D () C:\WINDOWS\it 2015-01-15 21:06 - 2015-01-15 21:06 - 00000000 ____D () C:\WINDOWS\fr 2015-01-15 21:06 - 2015-01-15 21:06 - 00000000 ____D () C:\WINDOWS\de 2015-01-15 21:06 - 2015-01-15 21:06 - 00000000 ____D () C:\Program Files\Windows Live 2015-01-15 21:06 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll 2015-01-15 21:06 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll 2015-01-15 21:06 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll 2015-01-15 21:06 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll 2015-01-15 21:06 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll 2015-01-15 21:06 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll 2015-01-15 21:06 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll 2015-01-15 21:06 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll 2015-01-15 21:06 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll 2015-01-15 21:06 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll 2015-01-15 21:05 - 2015-01-22 07:22 - 00000000 ____D () C:\Users\Nico\AppData\Local\Windows Live 2015-01-15 21:05 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll 2015-01-15 21:05 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll 2015-01-15 21:03 - 2015-02-04 09:58 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Skype 2015-01-15 21:03 - 2015-01-15 21:20 - 00000000 ____D () C:\ProgramData\Skype 2015-01-15 21:03 - 2015-01-15 21:03 - 00000000 ____D () C:\Users\Nico\AppData\Local\Skype 2015-01-15 21:01 - 2015-01-15 21:08 - 92658088 _____ (Oracle Corporation) C:\Users\Nico\Downloads\jre-8u25-windows-x64.exe 2015-01-15 21:01 - 2015-01-15 21:03 - 29727656 _____ (Oracle Corporation) C:\Users\Nico\Downloads\jre-8u25-windows-i586.exe 2015-01-15 21:00 - 2015-01-15 21:09 - 00000000 ____D () C:\ProgramData\Oracle 2015-01-15 21:00 - 2015-01-15 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-01-15 21:00 - 2015-01-15 21:03 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe 2015-01-15 21:00 - 2015-01-15 21:03 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe 2015-01-15 21:00 - 2015-01-15 21:03 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe 2015-01-15 21:00 - 2015-01-15 21:03 - 00000000 ____D () C:\Program Files (x86)\Java 2015-01-15 21:00 - 2015-01-15 21:00 - 00000000 ____D () C:\ProgramData\Sun 2015-01-15 20:58 - 2015-01-28 21:18 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Foxit Software 2015-01-15 20:58 - 2015-01-15 20:58 - 00000000 ____D () C:\Users\Public\Foxit Software 2015-01-15 20:58 - 2015-01-15 20:58 - 00000000 ____D () C:\Program Files (x86)\Foxit Software 2015-01-15 20:57 - 2015-01-13 18:08 - 00001012 _____ () C:\Users\Nico\Desktop\DHBW.exe.lnk 2015-01-15 20:42 - 2015-01-15 20:42 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-19-42-31.087-AvastVBoxSVC.exe-2524.log 2015-01-15 20:40 - 2015-01-15 20:40 - 00000000 ____D () C:\WINDOWS\system32\RAPID 2015-01-15 20:40 - 2014-09-16 14:30 - 00268976 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\SamsungRapidDiskFltr.sys 2015-01-15 20:24 - 2015-01-15 20:24 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-19-24-13.000-AvastVBoxSVC.exe-2488.log 2015-01-15 20:17 - 2015-01-15 20:17 - 00003276 _____ () C:\WINDOWS\System32\Tasks\SamsungMagician 2015-01-15 20:17 - 2015-01-15 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician 2015-01-15 20:15 - 2015-01-15 20:15 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-19-15-31.060-AvastVBoxSVC.exe-2496.log 2015-01-15 20:11 - 2015-01-15 20:11 - 00000247 _____ () C:\WINDOWS\system32\2015-01-15-19-11-42.036-aswFe.exe-3816.log 2015-01-15 20:09 - 2015-01-15 20:11 - 00000247 _____ () C:\WINDOWS\system32\2015-01-15-19-09-56.093-aswFe.exe-3408.log 2015-01-15 20:09 - 2015-01-15 20:10 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-19-09-56.027-AvastVBoxSVC.exe-2432.log 2015-01-15 20:00 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll 2015-01-15 20:00 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll 2015-01-15 19:55 - 2014-11-15 20:05 - 00801584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2015-01-15 19:55 - 2014-11-15 07:29 - 00962216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2015-01-15 19:55 - 2014-11-14 15:36 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2015-01-15 19:55 - 2014-11-14 08:10 - 03558400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-01-15 19:55 - 2014-11-14 07:58 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2015-01-15 19:55 - 2014-11-14 07:57 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2015-01-15 19:55 - 2014-11-14 07:57 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2015-01-15 19:55 - 2014-11-14 07:54 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2015-01-15 19:55 - 2014-11-14 07:54 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2015-01-15 19:55 - 2014-11-14 07:53 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2015-01-15 19:55 - 2014-11-14 07:52 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2015-01-15 19:55 - 2014-11-14 06:04 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2015-01-15 19:55 - 2014-11-14 06:03 - 00885760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2015-01-15 19:55 - 2014-11-14 06:03 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2015-01-15 19:55 - 2014-11-14 06:01 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2015-01-15 19:55 - 2014-11-14 06:01 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2015-01-15 19:55 - 2014-11-11 01:39 - 22290560 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2015-01-15 19:55 - 2014-11-11 01:17 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2015-01-15 19:55 - 2014-11-10 19:06 - 02485056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2015-01-15 19:55 - 2014-11-10 19:06 - 00473408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys 2015-01-15 19:55 - 2014-11-10 19:06 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2015-01-15 19:55 - 2014-11-10 19:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys 2015-01-15 19:55 - 2014-11-10 03:57 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys 2015-01-15 19:55 - 2014-11-10 02:37 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL 2015-01-15 19:55 - 2014-11-10 02:34 - 01084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2015-01-15 19:55 - 2014-11-10 02:26 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL 2015-01-15 19:55 - 2014-11-10 02:20 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll 2015-01-15 19:55 - 2014-11-10 02:09 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL 2015-01-15 19:55 - 2014-11-10 02:08 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2015-01-15 19:55 - 2014-11-10 02:06 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll 2015-01-15 19:55 - 2014-11-10 01:57 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll 2015-01-15 19:55 - 2014-11-10 01:57 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll 2015-01-15 19:55 - 2014-11-08 11:42 - 01390928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2015-01-15 19:55 - 2014-11-08 11:23 - 01127976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2015-01-15 19:55 - 2014-11-08 05:00 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys 2015-01-15 19:55 - 2014-11-08 05:00 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys 2015-01-15 19:55 - 2014-11-08 04:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys 2015-01-15 19:55 - 2014-11-08 04:58 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys 2015-01-15 19:55 - 2014-11-08 04:56 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp 2015-01-15 19:55 - 2014-11-08 04:56 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll 2015-01-15 19:55 - 2014-11-08 04:56 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll 2015-01-15 19:55 - 2014-11-08 04:24 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll 2015-01-15 19:55 - 2014-11-08 04:13 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp 2015-01-15 19:55 - 2014-11-08 04:13 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll 2015-01-15 19:55 - 2014-11-08 04:13 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll 2015-01-15 19:55 - 2014-11-08 03:48 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll 2015-01-15 19:55 - 2014-11-08 03:38 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2015-01-15 19:55 - 2014-11-08 03:17 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2015-01-15 19:55 - 2014-11-08 03:09 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll 2015-01-15 19:55 - 2014-11-08 03:03 - 00733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll 2015-01-15 19:55 - 2014-11-08 02:59 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll 2015-01-15 19:55 - 2014-11-08 02:58 - 04837376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll 2015-01-15 19:55 - 2014-11-08 02:49 - 01154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe 2015-01-15 19:55 - 2014-11-07 04:58 - 00952896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2015-01-15 19:55 - 2014-11-07 04:20 - 00786120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2015-01-15 19:55 - 2014-11-05 03:12 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSHVHOST.DLL 2015-01-15 19:55 - 2014-11-05 03:12 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSVRMGMT.DLL 2015-01-15 19:55 - 2014-11-05 03:06 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll 2015-01-15 19:55 - 2014-11-05 02:44 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2015-01-15 19:55 - 2014-11-05 02:43 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2015-01-15 19:55 - 2014-11-05 02:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll 2015-01-15 19:55 - 2014-11-05 02:39 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSHVHOST.DLL 2015-01-15 19:55 - 2014-11-05 02:39 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSVRMGMT.DLL 2015-01-15 19:55 - 2014-11-05 02:33 - 00465408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll 2015-01-15 19:55 - 2014-11-05 02:21 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll 2015-01-15 19:55 - 2014-11-05 02:20 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2015-01-15 19:55 - 2014-11-05 02:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll 2015-01-15 19:55 - 2014-11-05 02:14 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll 2015-01-15 19:55 - 2014-11-05 02:06 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll 2015-01-15 19:55 - 2014-11-04 20:33 - 00058176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys 2015-01-15 19:55 - 2014-11-04 20:25 - 00059712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys 2015-01-15 19:55 - 2014-11-04 20:25 - 00051008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys 2015-01-15 19:55 - 2014-11-04 07:55 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys 2015-01-15 19:55 - 2014-11-04 07:54 - 00108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys 2015-01-15 19:55 - 2014-11-04 07:54 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys 2015-01-15 19:55 - 2014-11-04 07:54 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys 2015-01-15 19:55 - 2014-11-04 07:27 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe 2015-01-15 19:55 - 2014-11-04 06:01 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe 2015-01-15 19:55 - 2014-10-31 01:51 - 18823168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2015-01-15 19:55 - 2014-10-31 01:10 - 15158784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2015-01-15 19:55 - 2014-10-30 06:55 - 07473472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-01-15 19:55 - 2014-10-30 06:47 - 01499384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-01-15 19:55 - 2014-10-30 06:41 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-01-15 19:55 - 2014-10-29 04:05 - 00551232 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2015-01-15 19:55 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll 2015-01-15 19:55 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll 2015-01-15 19:55 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll 2015-01-15 19:55 - 2014-10-29 02:55 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll 2015-01-15 19:55 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll 2015-01-15 19:55 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll 2015-01-15 19:55 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe 2015-01-15 19:55 - 2014-10-29 02:13 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll 2015-01-15 19:55 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe 2015-01-15 19:55 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe 2015-01-15 19:55 - 2014-10-26 23:10 - 00390841 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2015-01-15 19:55 - 2014-10-21 02:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventcls.dll 2015-01-15 19:55 - 2014-10-21 02:19 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eventcls.dll 2015-01-15 19:55 - 2014-10-21 01:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll 2015-01-15 19:55 - 2014-10-21 01:31 - 01574400 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll 2015-01-15 19:55 - 2014-10-21 01:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll 2015-01-15 19:55 - 2014-10-21 01:30 - 01454080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe 2015-01-15 19:55 - 2014-10-21 01:20 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll 2015-01-15 19:55 - 2014-10-18 09:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2015-01-15 19:55 - 2014-10-18 09:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2015-01-15 19:55 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll 2015-01-15 19:55 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll 2015-01-15 19:55 - 2014-10-17 05:56 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2015-01-15 19:55 - 2014-10-17 05:56 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2015-01-15 19:55 - 2014-10-17 05:56 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys 2015-01-15 19:55 - 2014-10-17 04:35 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2015-01-15 19:54 - 2014-04-30 07:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys 2015-01-15 19:54 - 2014-04-30 07:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys 2015-01-15 19:52 - 2015-01-15 19:52 - 00000247 _____ () C:\WINDOWS\system32\2015-01-15-18-52-31.026-aswFe.exe-6052.log 2015-01-15 19:52 - 2015-01-15 19:52 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-18-52-30.013-AvastVBoxSVC.exe-4164.log 2015-01-15 19:48 - 2015-01-15 19:48 - 00000000 ____D () C:\WINDOWS\SysWOW64\vbox 2015-01-15 19:48 - 2015-01-15 19:48 - 00000000 ____D () C:\WINDOWS\system32\vbox 2015-01-15 19:48 - 2015-01-15 19:48 - 00000000 ____D () C:\ProgramData\ATI 2015-01-15 19:45 - 2015-01-15 19:45 - 03733666 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI 2015-01-15 19:45 - 2015-01-15 19:45 - 00000000 ____D () C:\WINDOWS\RSTLog 2015-01-15 19:45 - 2015-01-15 19:45 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Intel Corporation 2015-01-15 19:44 - 2015-01-15 19:44 - 00000000 ____D () C:\WINDOWS\SysWOW64\sda 2015-01-15 19:43 - 2013-07-26 15:07 - 00827096 _____ (Realtek ) C:\WINDOWS\system32\Drivers\Rt630x64.sys 2015-01-15 19:43 - 2013-07-26 15:07 - 00074456 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll 2015-01-15 19:42 - 2013-07-24 14:57 - 00022832 _____ (ELAN Microelectronic Corp.) C:\WINDOWS\system32\Drivers\ETDSMBus.sys 2015-01-15 19:39 - 2015-01-15 19:39 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2015-01-15 19:39 - 2015-01-15 19:39 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2015-01-15 19:38 - 2015-02-02 19:57 - 00000000 ____D () C:\#Data 2015-01-15 19:32 - 2015-01-15 19:32 - 00003936 _____ () C:\WINDOWS\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d 2015-01-15 19:32 - 2015-01-15 19:32 - 00003690 _____ () C:\WINDOWS\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon 2015-01-15 19:32 - 2015-01-15 19:32 - 00000000 _____ () C:\WINDOWS\SysWOW64\agent.log 2015-01-15 19:31 - 2015-01-15 19:31 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf 2015-01-15 19:26 - 2015-01-15 19:26 - 00061191 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201501151926091236.log 2015-01-15 19:26 - 2015-01-15 19:26 - 00001272 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerXpress.lnk 2015-01-15 19:26 - 2015-01-15 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2015-01-15 19:26 - 2015-01-15 19:26 - 00000000 ____D () C:\Program Files (x86)\AMD AVT 2015-01-15 19:25 - 2013-08-30 20:14 - 00156712 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll 2015-01-15 19:25 - 2013-08-30 20:14 - 00142792 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll 2015-01-15 19:25 - 2013-08-30 20:14 - 00141256 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll 2015-01-15 19:25 - 2013-08-30 20:14 - 00114488 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll 2015-01-15 19:25 - 2013-08-30 20:14 - 00097984 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll 2015-01-15 19:25 - 2013-08-30 20:14 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll 2015-01-15 19:25 - 2013-08-30 20:14 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll 2015-01-15 19:25 - 2013-08-30 20:14 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll 2015-01-15 19:25 - 2013-08-30 20:14 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll 2015-01-15 19:25 - 2013-08-30 20:13 - 09464840 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll 2015-01-15 19:25 - 2013-08-30 20:13 - 07256496 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll 2015-01-15 19:25 - 2013-08-30 20:13 - 06767240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll 2015-01-15 19:25 - 2013-08-30 20:13 - 06189416 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll 2015-01-15 19:25 - 2013-08-30 20:13 - 06176008 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll 2015-01-15 19:25 - 2013-08-30 20:13 - 01233080 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll 2015-01-15 19:25 - 2013-08-30 20:11 - 12528640 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys 2015-01-15 19:25 - 2013-08-30 20:05 - 00781312 _____ () C:\WINDOWS\system32\amdmiracast.dll 2015-01-15 19:25 - 2013-08-30 19:48 - 00229376 _____ () C:\WINDOWS\system32\clinfo.exe 2015-01-15 19:25 - 2013-08-30 19:48 - 00127488 _____ (AMD) C:\WINDOWS\system32\coinst_13.152.dll 2015-01-15 19:25 - 2013-08-30 19:47 - 28192256 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll 2015-01-15 19:25 - 2013-08-30 19:47 - 00098816 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\OpenVideo64.dll 2015-01-15 19:25 - 2013-08-30 19:47 - 00086528 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\OVDecode64.dll 2015-01-15 19:25 - 2013-08-30 19:47 - 00083456 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\OpenVideo.dll 2015-01-15 19:25 - 2013-08-30 19:47 - 00073216 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\OVDecode.dll 2015-01-15 19:25 - 2013-08-30 19:45 - 23760896 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll 2015-01-15 19:25 - 2013-08-30 19:43 - 00063488 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2015-01-15 19:25 - 2013-08-30 19:43 - 00057344 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2015-01-15 19:25 - 2013-08-30 19:35 - 25387520 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll 2015-01-15 19:25 - 2013-08-30 19:18 - 00530824 _____ () C:\WINDOWS\SysWOW64\atiapfxx.blb 2015-01-15 19:25 - 2013-08-30 19:18 - 00530824 _____ () C:\WINDOWS\system32\atiapfxx.blb 2015-01-15 19:25 - 2013-08-30 19:18 - 00368640 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe 2015-01-15 19:25 - 2013-08-30 19:18 - 00062464 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll 2015-01-15 19:25 - 2013-08-30 19:18 - 00055808 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll 2015-01-15 19:25 - 2013-08-30 19:18 - 00052224 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll 2015-01-15 19:25 - 2013-08-30 19:18 - 00049152 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll 2015-01-15 19:25 - 2013-08-30 19:17 - 15716352 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll 2015-01-15 19:25 - 2013-08-30 19:14 - 21400064 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll 2015-01-15 19:25 - 2013-08-30 19:14 - 14302208 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll 2015-01-15 19:25 - 2013-08-30 19:04 - 03388672 _____ () C:\WINDOWS\system32\atiumd6a.cap 2015-01-15 19:25 - 2013-08-30 18:59 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll 2015-01-15 19:25 - 2013-08-30 18:58 - 00571904 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe 2015-01-15 19:25 - 2013-08-30 18:58 - 00026112 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll 2015-01-15 19:25 - 2013-08-30 18:57 - 00239616 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe 2015-01-15 19:25 - 2013-08-30 18:56 - 00190976 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll 2015-01-15 19:25 - 2013-08-30 18:50 - 03422720 _____ () C:\WINDOWS\SysWOW64\atiumdva.cap 2015-01-15 19:25 - 2013-08-30 18:37 - 00096256 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll 2015-01-15 19:25 - 2013-08-30 18:37 - 00090624 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll 2015-01-15 19:25 - 2013-08-30 18:37 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll 2015-01-15 19:25 - 2013-08-30 18:37 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll 2015-01-15 19:25 - 2013-08-30 18:35 - 00134656 _____ () C:\WINDOWS\system32\amdhdl64.dll 2015-01-15 19:25 - 2013-08-30 18:34 - 00123392 _____ () C:\WINDOWS\SysWOW64\amdhdl32.dll 2015-01-15 19:25 - 2013-08-30 18:33 - 00784384 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll 2015-01-15 19:25 - 2013-08-30 18:33 - 00594944 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll 2015-01-15 19:25 - 2013-08-30 18:33 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll 2015-01-15 19:25 - 2013-08-30 18:33 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll 2015-01-15 19:25 - 2013-08-30 18:32 - 00618496 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys 2015-01-15 19:25 - 2013-08-30 18:32 - 00100352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll 2015-01-15 19:25 - 2013-08-30 18:32 - 00096768 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll 2015-01-15 19:25 - 2013-08-30 18:32 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll 2015-01-15 19:25 - 2013-08-30 18:32 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll 2015-01-15 19:25 - 2013-08-27 15:06 - 00233652 _____ () C:\WINDOWS\system32\ativvaxy_cik.dat 2015-01-15 19:25 - 2013-08-27 13:27 - 00082336 _____ () C:\WINDOWS\system32\ativce02.dat 2015-01-15 19:25 - 2013-08-07 13:22 - 00716208 _____ () C:\WINDOWS\system32\atiicdxx.dat 2015-01-15 19:25 - 2013-08-07 11:12 - 00231984 _____ () C:\WINDOWS\system32\ativvaxy_cik_nd.dat 2015-01-15 19:25 - 2013-05-04 15:22 - 00047164 _____ () C:\WINDOWS\atiogl.xml 2015-01-15 19:09 - 2015-01-15 19:09 - 00000000 ____D () C:\Program Files\DIFX 2015-01-15 18:45 - 2015-01-15 18:45 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2015-01-15 18:45 - 2015-01-15 18:45 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2015-01-15 18:45 - 2015-01-15 18:45 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll 2015-01-15 18:45 - 2015-01-15 18:45 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll 2015-01-15 18:44 - 2015-01-15 18:44 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2015-01-15 18:44 - 2015-01-15 18:44 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys 2015-01-15 18:44 - 2015-01-15 18:44 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2015-01-15 18:44 - 2015-01-15 18:44 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll 2015-01-15 18:44 - 2015-01-15 18:44 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll 2015-01-15 18:42 - 2015-01-15 18:42 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2015-01-15 18:42 - 2015-01-15 18:42 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2015-01-15 18:41 - 2015-01-15 18:41 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll 2015-01-15 18:41 - 2015-01-15 18:41 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll 2015-01-15 18:28 - 2015-01-15 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-01-15 18:27 - 2015-01-15 18:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-01-15 18:27 - 2015-01-15 18:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2015-01-15 18:25 - 2015-01-15 18:25 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2015-01-15 18:23 - 2014-07-21 22:03 - 00036096 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdkmpfd.sys 2015-01-15 18:22 - 2015-01-15 18:22 - 00001450 _____ () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-15 18:22 - 2015-01-15 18:22 - 00000451 _____ () C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat 2015-01-15 18:22 - 2015-01-15 18:22 - 00000020 ___SH () C:\Users\Nico\ntuser.ini 2015-01-15 18:22 - 2015-01-15 18:22 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\ATI 2015-01-15 18:22 - 2015-01-15 18:22 - 00000000 ____D () C:\Users\Nico\AppData\Local\ATI 2015-01-15 18:20 - 2015-02-04 09:58 - 01535108 _____ () C:\WINDOWS\WindowsUpdate.log 2015-01-15 18:20 - 2015-01-15 18:20 - 00022960 _____ () C:\WINDOWS\system32\emptyregdb.dat 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\Vorlagen 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\Startmenü 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\Druckumgebung 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Programme 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\ProgramData\Vorlagen 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\ProgramData\Startmenü 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\ProgramData\Dokumente 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Dokumente und Einstellungen 2015-01-15 18:18 - 2015-01-15 18:18 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-01-15 18:17 - 2015-02-02 21:07 - 00000000 ____D () C:\Users\Nico 2015-01-15 18:17 - 2015-01-15 18:20 - 00020958 _____ () C:\WINDOWS\diagwrn.xml 2015-01-15 18:17 - 2015-01-15 18:20 - 00020958 _____ () C:\WINDOWS\diagerr.xml 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\Vorlagen 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\Startmenü 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\Netzwerkumgebung 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\Lokale Einstellungen 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\Eigene Dateien 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\Druckumgebung 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\Documents\Eigene Musik 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\Documents\Eigene Bilder 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\AppData\Local\Verlauf 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\AppData\Local\Anwendungsdaten 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\Anwendungsdaten 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 ___RD () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate 2015-01-15 18:17 - 2014-11-21 11:52 - 00000000 ___RD () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-15 18:17 - 2014-11-21 11:52 - 00000000 ___RD () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-01-15 18:17 - 2014-11-21 04:42 - 00000369 _____ () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-01-15 18:17 - 2014-11-21 04:42 - 00000369 _____ () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-01-15 18:17 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-01-15 18:15 - 2015-01-15 18:15 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2015-01-15 18:15 - 2015-01-15 18:15 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_SensorsAlsDriver_01_11_00.Wdf 2015-01-15 18:15 - 2015-01-15 18:15 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_iBtFltCoex_01009.Wdf 2015-01-15 18:15 - 2015-01-15 18:15 - 00000000 ____H () C:\ProgramData\DP45977C.lfl 2015-01-15 18:15 - 2015-01-15 18:15 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM 2015-01-15 18:15 - 2015-01-15 18:15 - 00000000 ____D () C:\WINDOWS\system32\SRSLabs 2015-01-15 18:15 - 2015-01-15 18:15 - 00000000 ____D () C:\Program Files\Realtek 2015-01-15 18:14 - 2015-01-15 19:46 - 00000000 ____D () C:\Program Files (x86)\Intel 2015-01-15 18:14 - 2015-01-15 18:14 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies 2015-01-15 18:14 - 2015-01-15 18:14 - 00000000 ____D () C:\Program Files\AMD 2015-01-15 18:14 - 2015-01-15 18:14 - 00000000 ____D () C:\AMD 2015-01-15 18:13 - 2015-01-15 19:46 - 00000000 ____D () C:\Program Files\Elantech 2015-01-15 18:13 - 2015-01-15 18:22 - 00000000 ___DC () C:\WINDOWS\Panther 2015-01-15 18:13 - 2015-01-15 18:13 - 00000000 __SHD () C:\Recovery 2015-01-15 18:12 - 2015-01-15 18:12 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-01-15 18:12 - 2015-01-15 18:12 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-01-15 18:12 - 2015-01-15 18:12 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-01-15 18:12 - 2015-01-15 18:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2015-01-15 18:12 - 2015-01-15 18:12 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2015-01-15 18:12 - 2015-01-15 18:12 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-01-15 18:12 - 2015-01-15 18:12 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-01-15 18:11 - 2015-01-19 23:25 - 00000000 ____D () C:\WINDOWS\en-GB 2015-01-15 18:11 - 2015-01-15 18:11 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2015-01-15 18:11 - 2015-01-15 18:11 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll 2015-01-15 18:11 - 2015-01-15 18:11 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2015-01-15 18:11 - 2015-01-15 18:11 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2015-01-15 18:11 - 2015-01-15 18:11 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2015-01-15 18:11 - 2015-01-15 18:11 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll 2015-01-15 18:11 - 2015-01-15 18:11 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe 2015-01-15 18:11 - 2015-01-15 18:11 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll 2015-01-15 18:05 - 2015-01-15 18:05 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2015-01-15 18:05 - 2015-01-15 18:05 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2015-01-15 18:05 - 2015-01-15 18:05 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-01-15 18:05 - 2015-01-15 18:05 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-01-15 18:04 - 2015-01-15 18:04 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2015-01-15 18:04 - 2015-01-15 18:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2015-01-15 18:04 - 2015-01-15 18:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-01-15 18:01 - 2015-01-15 18:01 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff 2015-01-15 18:01 - 2015-01-15 18:01 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-01-15 18:01 - 2015-01-15 18:01 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2015-01-15 18:01 - 2015-01-15 18:01 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-01-15 18:01 - 2015-01-15 18:01 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2015-01-15 18:01 - 2015-01-15 18:01 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-01-15 18:01 - 2015-01-15 18:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll 2015-01-15 18:01 - 2015-01-15 18:01 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll 2015-01-15 18:00 - 2015-01-19 23:25 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer 2015-01-15 18:00 - 2015-01-15 22:37 - 00000000 ____D () C:\Program Files\MSBuild 2015-01-15 18:00 - 2015-01-15 22:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2015-01-15 18:00 - 2015-01-15 18:00 - 00000000 ____D () C:\Program Files\Reference Assemblies 2015-01-15 18:00 - 2015-01-15 18:00 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies 2015-01-15 18:00 - 2013-08-03 05:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2015-01-15 18:00 - 2013-08-03 05:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2015-01-15 18:00 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2015-01-15 18:00 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-01-15 17:54 - 2015-01-15 18:20 - 00006611 _____ () C:\WINDOWS\comsetup.log 2015-01-15 17:32 - 2014-07-21 21:28 - 04016216 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys 2015-01-15 17:32 - 2014-07-21 13:52 - 01279373 _____ () C:\WINDOWS\system32\Drivers\RTAIODAT.DAT 2015-01-15 17:32 - 2014-07-18 18:10 - 02810736 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll 2015-01-15 17:32 - 2014-07-18 14:22 - 00955096 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll 2015-01-15 17:32 - 2014-07-16 14:36 - 67245056 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat 2015-01-15 17:32 - 2014-07-07 19:55 - 00000008 _____ () C:\WINDOWS\system32\Drivers\rtkhdaud.dat 2015-01-15 17:32 - 2014-07-07 14:07 - 02860760 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll 2015-01-15 17:32 - 2014-07-04 11:07 - 01024728 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll 2015-01-15 17:32 - 2014-06-17 13:32 - 01286872 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll 2015-01-15 17:32 - 2014-05-09 11:17 - 00628952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll 2015-01-15 17:32 - 2014-04-10 12:19 - 14863448 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek64.dll 2015-01-15 17:32 - 2014-04-10 12:19 - 02101848 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll 2015-01-15 17:32 - 2014-04-10 12:19 - 02041432 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll 2015-01-15 17:32 - 2014-03-06 16:35 - 01959128 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl 2015-01-15 17:32 - 2014-02-06 11:28 - 05804772 _____ () C:\WINDOWS\system32\Drivers\rtvienna.dat 2015-01-15 17:32 - 2013-10-11 11:31 - 00947760 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll 2015-01-15 17:32 - 2013-08-14 15:36 - 00662784 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll 2015-01-15 17:32 - 2012-08-31 19:18 - 07164176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll 2015-01-15 17:32 - 2012-08-31 19:17 - 00434960 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll 2015-01-15 17:32 - 2012-08-31 19:17 - 00141584 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll 2015-01-15 17:32 - 2012-08-31 19:17 - 00124176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll 2015-01-15 17:32 - 2012-08-31 19:17 - 00075024 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll 2015-01-15 17:32 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll 2015-01-15 17:32 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll 2015-01-15 17:32 - 2011-09-02 14:21 - 00221024 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll 2015-01-15 17:32 - 2011-09-02 14:21 - 00081248 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll 2015-01-15 17:32 - 2011-09-02 14:21 - 00078688 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll 2015-01-15 17:32 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll 2015-01-15 17:32 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll 2015-01-15 17:32 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll 2015-01-15 17:32 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll 2015-01-15 17:32 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll 2015-01-15 17:32 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll 2015-01-15 17:32 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll 2015-01-15 17:32 - 2010-07-22 16:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll 2015-01-15 17:32 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll 2015-01-15 17:32 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll 2015-01-15 17:32 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll 2015-01-15 17:32 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll 2015-01-15 17:31 - 2015-01-15 19:44 - 00000194 _____ () C:\Setup.log 2015-01-15 17:31 - 2014-06-09 10:59 - 00560328 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll 2015-01-15 17:31 - 2014-05-19 10:47 - 02080472 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll 2015-01-15 17:31 - 2014-04-10 12:19 - 01063512 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll 2015-01-15 17:31 - 2014-04-07 16:03 - 06218072 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll 2015-01-15 17:31 - 2014-04-07 16:03 - 01939800 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll 2015-01-15 17:31 - 2014-04-07 16:03 - 00315736 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll 2015-01-15 17:31 - 2014-04-07 16:03 - 00261464 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll 2015-01-15 17:31 - 2014-02-18 17:04 - 02770976 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll 2015-01-15 17:31 - 2013-10-11 12:47 - 00113576 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll 2015-01-15 17:31 - 2013-08-14 15:35 - 00663296 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll 2015-01-15 17:31 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll 2015-01-15 17:31 - 2011-08-23 17:00 - 00603984 _____ (Knowles Acoustics ) C:\WINDOWS\system32\KAAPORT64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 01756264 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 01568360 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 01486952 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 00728680 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 00712296 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 00693352 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 00491112 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 00432744 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 00428648 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 00241768 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll 2015-01-15 17:31 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll 2015-01-15 16:47 - 2015-01-15 16:47 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Samsung 2015-01-15 16:33 - 2015-01-15 16:33 - 00002970 _____ () C:\WINDOWS\System32\Tasks\SamsungLinkPC 2015-01-15 09:48 - 2015-01-15 09:48 - 00003126 _____ () C:\WINDOWS\System32\Tasks\advRecovery 2015-01-15 09:46 - 2015-01-15 09:46 - 00000000 ____D () C:\iBTWU 2015-01-15 09:34 - 2015-01-15 09:34 - 00003434 _____ () C:\WINDOWS\System32\Tasks\Settings 2015-01-14 23:08 - 2015-01-23 07:23 - 00003718 _____ () C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 2015-01-14 15:10 - 2015-01-14 15:10 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Macromedia 2015-01-14 15:10 - 2015-01-14 15:10 - 00000000 ____D () C:\Users\Nico\AppData\Local\Macromedia 2015-01-14 15:09 - 2015-02-03 21:17 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-01-14 15:09 - 2015-01-25 11:17 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-01-14 15:08 - 2015-01-27 07:39 - 00000000 ____D () C:\Users\Nico\AppData\Local\Adobe 2015-01-14 15:03 - 2015-01-14 15:03 - 00003476 _____ () C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon 2015-01-14 15:03 - 2015-01-14 15:03 - 00000000 ____D () C:\ProgramData\Intel(R) Update Manager 2015-01-14 14:59 - 2015-01-15 18:24 - 00000000 ____D () C:\WINDOWS\system32\AutoUpdateLicense 2015-01-14 14:58 - 2015-01-14 14:59 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-01-14 14:58 - 2014-12-31 13:12 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-01-14 14:40 - 2015-01-15 21:54 - 00000000 ____D () C:\Program Files (x86)\Cisco 2015-01-14 14:40 - 2015-01-14 14:40 - 00000000 ____D () C:\Program Files\Common Files\Intel 2015-01-14 14:35 - 2014-10-22 04:34 - 00010777 ____N () C:\WINDOWS\system32\AutoconfigV2.cab 2015-01-14 14:01 - 2013-05-04 05:51 - 00014848 ____N (Microsoft) C:\WINDOWS\system32\rars.rs 2015-01-14 14:01 - 2013-05-04 05:10 - 00014848 ____N (Microsoft) C:\WINDOWS\SysWOW64\rars.rs 2015-01-14 13:08 - 2015-01-14 13:08 - 00000000 _____ () C:\Users\Nico\agent.log 2015-01-14 13:01 - 2015-01-15 19:40 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2015-01-14 13:01 - 2015-01-15 19:39 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys 2015-01-14 13:01 - 2015-01-15 19:39 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys 2015-01-14 12:54 - 2015-01-14 12:54 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Mozilla 2015-01-14 12:54 - 2015-01-14 12:54 - 00000000 ____D () C:\Users\Nico\AppData\Local\Mozilla 2015-01-14 12:53 - 2015-01-27 23:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-14 12:53 - 2015-01-24 00:34 - 00001151 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-01-14 12:53 - 2015-01-14 12:53 - 00000000 ____D () C:\ProgramData\Mozilla 2015-01-14 12:49 - 2015-02-03 12:59 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update 2015-01-14 12:49 - 2015-01-15 19:39 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2015-01-14 12:49 - 2015-01-15 19:39 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2015-01-14 12:49 - 2015-01-15 19:39 - 00083280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2015-01-14 12:49 - 2015-01-15 19:39 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2015-01-14 12:49 - 2015-01-15 19:39 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys 2015-01-14 12:49 - 2015-01-14 12:49 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\AVAST Software 2015-01-14 12:49 - 2015-01-14 12:49 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-01-14 12:49 - 2015-01-14 12:49 - 00000000 ____D () C:\Program Files\AVAST Software 2015-01-14 12:29 - 2015-01-15 18:46 - 00008400 _____ () C:\WINDOWS\wsusofflineupdate.log 2015-01-14 12:28 - 2015-02-04 09:50 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3589802351-439905089-1110981561-1001 2015-01-14 12:28 - 2015-01-14 12:28 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\WinRAR 2015-01-14 12:28 - 2015-01-14 12:28 - 00000000 ____D () C:\Users\Nico\AppData\Local\bitcasa 2015-01-14 12:27 - 2015-01-15 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-01-14 12:27 - 2015-01-15 18:17 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-01-14 12:27 - 2015-01-15 17:40 - 00000000 ____D () C:\Program Files\WinRAR 2015-01-14 12:24 - 2015-01-15 20:25 - 00000000 ____D () C:\Users\Nico\AppData\Local\Samsung 2015-01-14 12:23 - 2015-01-31 12:09 - 00005347 _____ () C:\Users\Nico\AppData\Roaming\AbsoluteReminder.xml 2015-01-14 12:23 - 2015-01-14 12:23 - 00001249 _____ () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RtkGUI.lnk 2015-01-14 12:23 - 2015-01-14 12:23 - 00001202 _____ () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S Agent.lnk 2015-01-14 12:23 - 2015-01-14 12:23 - 00000000 ____D () C:\Users\Nico\AppData\Local\Absolute_Software 2015-01-14 12:23 - 2015-01-14 12:23 - 00000000 _____ () C:\WINDOWS\system32\Drivers\144D_SAMSUNG_na_870Z5E_P05A.mrk 2015-01-14 12:22 - 2015-02-01 18:36 - 00000000 ____D () C:\Users\Nico\AppData\Local\VirtualStore 2015-01-14 12:22 - 2015-01-23 15:50 - 00000000 ____D () C:\Users\Nico\AppData\Local\Packages 2015-01-14 12:22 - 2015-01-14 12:22 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Intel 2015-01-14 12:22 - 2015-01-14 12:22 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Adobe 2015-01-14 12:22 - 2013-02-27 18:08 - 139490760 _____ () C:\WINDOWS\[0407]SamsungStory01_ger.scr ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-04 10:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-04 10:00 - 2013-04-15 22:37 - 00000000 ____D () C:\ProgramData\WinClon 2015-02-04 09:57 - 2014-11-20 19:24 - 00029874 _____ () C:\WINDOWS\PFRO.log 2015-02-04 09:57 - 2013-08-22 15:46 - 00313675 _____ () C:\WINDOWS\setupact.log 2015-02-04 09:57 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-04 09:45 - 2014-11-21 04:35 - 01963610 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-02-04 09:45 - 2014-11-21 03:45 - 00831932 _____ () C:\WINDOWS\system32\perfh007.dat 2015-02-04 09:45 - 2014-11-21 03:45 - 00184304 _____ () C:\WINDOWS\system32\perfc007.dat 2015-02-04 09:20 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2015-02-02 07:26 - 2013-08-22 15:44 - 00533664 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-02-01 18:09 - 2013-08-22 14:25 - 00000194 _____ () C:\WINDOWS\win.ini 2015-01-28 08:00 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-01-24 21:20 - 2014-11-21 12:01 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-01-24 21:20 - 2014-11-21 12:01 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-24 11:57 - 2013-04-15 21:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2015-01-24 00:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy 2015-01-23 15:55 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-01-23 07:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-01-22 18:55 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports 2015-01-19 23:25 - 2014-11-21 04:13 - 00000000 ____D () C:\Program Files\Windows Journal 2015-01-19 23:25 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\winrm 2015-01-19 23:25 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN 2015-01-19 23:25 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\slmgr 2015-01-19 23:25 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\Printing_Admin_Scripts 2015-01-19 23:25 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\system32\winrm 2015-01-19 23:25 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\system32\WCN 2015-01-19 23:25 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\system32\slmgr 2015-01-19 23:25 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\system32\Printing_Admin_Scripts 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ___SD () C:\WINDOWS\system32\dsc 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\MUI 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\Com 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\IME 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Help 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2015-01-19 23:25 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe 2015-01-19 23:25 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism 2015-01-19 23:25 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep 2015-01-19 23:25 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\oobe 2015-01-19 23:25 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Dism 2015-01-19 23:25 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\servicing 2015-01-19 13:38 - 2013-04-15 21:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-15 22:41 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-01-15 22:39 - 2013-04-15 22:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2015-01-15 21:06 - 2013-04-15 22:41 - 00001398 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2015-01-15 21:06 - 2013-04-15 22:41 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2015-01-15 21:05 - 2013-04-15 22:41 - 00001653 _____ () C:\WINDOWS\DirectX.log 2015-01-15 20:39 - 2013-04-15 21:50 - 00000000 ____D () C:\Program Files (x86)\Samsung 2015-01-15 20:17 - 2013-04-15 22:38 - 00000000 ____D () C:\ProgramData\Samsung 2015-01-15 20:07 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2015-01-15 20:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup 2015-01-15 20:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS 2015-01-15 20:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS 2015-01-15 20:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\setup 2015-01-15 19:45 - 2013-04-15 21:48 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2015-01-15 19:45 - 2013-04-15 21:48 - 00000000 ____D () C:\ProgramData\Intel 2015-01-15 19:45 - 2013-04-15 21:48 - 00000000 ____D () C:\Program Files\Intel 2015-01-15 19:44 - 2013-04-15 21:48 - 00000000 ____D () C:\Program Files (x86)\Realtek 2015-01-15 19:42 - 2013-04-15 21:49 - 00028034 _____ () C:\WINDOWS\DPINST.LOG 2015-01-15 19:36 - 2013-08-22 15:46 - 00000262 _____ () C:\WINDOWS\setuperr.log 2015-01-15 19:36 - 2013-04-15 22:46 - 00019318 _____ () C:\WINDOWS\system32\results.xml 2015-01-15 19:26 - 2013-04-15 22:34 - 00000000 ____D () C:\ProgramData\AMD 2015-01-15 19:25 - 2013-04-15 22:33 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies 2015-01-15 19:25 - 2013-04-15 21:49 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-15 18:46 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-01-15 18:46 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-01-15 18:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\restore 2015-01-15 18:20 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Registration 2015-01-15 18:20 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows NT 2015-01-15 18:20 - 2013-08-22 14:36 - 00000000 __RHD () C:\Users\Default 2015-01-15 18:19 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media 2015-01-15 18:19 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries 2015-01-15 18:18 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep 2015-01-15 18:18 - 2013-08-22 16:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker 2015-01-15 18:18 - 2013-08-22 16:37 - 00005217 _____ () C:\WINDOWS\DtcInstall.log 2015-01-15 18:18 - 2013-08-22 16:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar 2015-01-15 18:18 - 2013-08-22 16:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar 2015-01-15 18:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz 2015-01-15 18:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME 2015-01-15 18:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns 2015-01-15 18:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\spool 2015-01-15 18:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\IME 2015-01-15 18:18 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI 2015-01-15 18:18 - 2013-08-22 14:25 - 00008192 ___SH () C:\WINDOWS\system32\config\ELAM 2015-01-15 18:18 - 2013-04-15 22:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 10 2015-01-15 18:18 - 2013-04-15 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitcasa 2015-01-15 18:18 - 2013-04-15 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games 2015-01-15 18:18 - 2013-04-15 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Absolute Software 2015-01-15 18:18 - 2013-04-15 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation 2015-01-15 18:18 - 2012-08-05 22:11 - 00000000 ____D () C:\ProgramData\PRICache 2015-01-15 18:18 - 2012-07-26 06:37 - 00000000 ____D () C:\Users\Default.migrated 2015-01-15 18:17 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery 2015-01-15 18:12 - 2013-08-22 16:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template 2015-01-15 18:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager 2015-01-15 17:58 - 2013-04-15 21:49 - 01771989 _____ () C:\WINDOWS\WindowsUpdate (1).log 2015-01-15 17:56 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent 2015-01-15 17:32 - 2013-04-15 21:48 - 00002787 _____ () C:\RHDSetup.log 2015-01-15 17:32 - 2013-04-15 21:48 - 00000000 ___HD () C:\Program Files (x86)\Temp 2015-01-15 13:07 - 2013-04-15 22:38 - 00000000 ____D () C:\ProgramData\Temp 2015-01-15 09:48 - 2013-04-15 21:50 - 00000000 ____D () C:\Program Files\Samsung 2015-01-14 14:40 - 2013-04-15 22:38 - 00000000 ____D () C:\Users\EasySurvey 2015-01-14 14:39 - 2013-04-15 21:48 - 00000000 ____D () C:\Intel 2015-01-14 12:48 - 2013-04-15 22:36 - 00000000 ____D () C:\ProgramData\Norton 2015-01-14 12:46 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP ==================== Files in the root of some directories ======= 2015-01-14 12:23 - 2015-01-31 12:09 - 0005347 _____ () C:\Users\Nico\AppData\Roaming\AbsoluteReminder.xml 2015-01-15 21:32 - 2015-01-18 15:59 - 0004062 _____ () C:\Users\Nico\AppData\Roaming\LTspiceIV.ini 2015-01-15 21:16 - 2015-01-15 21:16 - 0000039 _____ () C:\Users\Nico\AppData\Roaming\SupportBox_MSUL.cfg 2015-01-15 18:15 - 2015-01-15 18:15 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2013-04-15 22:43 - 2013-02-19 08:34 - 2064264 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe 2013-04-15 22:43 - 2013-01-12 15:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml Files to move or delete: ==================== C:\ProgramData\MakeMarkerFile.exe C:\Users\EasySurvey\EasySurvey.exe Some content of TEMP: ==================== C:\Users\Nico\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfub0ih.dll C:\Users\Nico\AppData\Local\Temp\Quarantine.exe C:\Users\Nico\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-04 09:50 ==================== End Of Log ============================ So, das sollten nun alle 4 logs sein. Ja richtig, die Löschen-funktion des adwcleaner hatte ich vor dem post in diesem forum noch nicht ausgeführt, nur den scan, da ich angst hatte evtl. wichtige datein dabei mit zu löschen.. Ich hoffe das hilft weiter Und wie zuvor danke für die schnelle Antwort! Gruß Nico |
04.02.2015, 23:41 | #8 |
Ruhe in Frieden † 2019 | Windows 8.1: Spyware? "Dynamo Combo" Add-on verursacht umleitung auf Werbung Hallo Nico, hast du denn nun noch Probleme? Schritt 1 Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern ESET Online Scanner
Schritt 2 Starte noch einmal FRST.
|
05.02.2015, 17:07 | #9 |
| Windows 8.1: Spyware? "Dynamo Combo" Add-on verursacht umleitung auf Werbung Hallo, was die Symptome angeht, ist alles wieder in Ordnung, habe keine Probleme mehr. Ich hab wie epfohlen den scan mit ESET gemacht und er hat 15 Verdächtige Datein gefunden. Darunter auch die Datein die in der Quarantäne vom adwcleaner liegen. Soll ich die Datein aus der quarantäne löschen? Log.txt von ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=ec6b6cbe52b8b548897b7bc185e2a215 # engine=22317 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-02-05 08:16:23 # local_time=2015-02-05 09:16:23 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='avast! Antivirus' # compatibility_mode=783 16777213 71 95 728845 1891601 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 1421469 48005476 0 0 # scanned=310317 # found=15 # cleaned=0 # scan_time=5807 sh=1C1691D53A24A5184AE315A00AC461767ADEDC20 ft=1 fh=5b79596457e5e7ad vn="Variante von Win32/Conduit.SearchProtect.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir" sh=8743F255E80C6A0A95A94CC668553686FF170120 ft=1 fh=0e8260637ee8e1d9 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\RN32.dll.vir" sh=A704B6A7928A66851D5D0C251F975B52F6755053 ft=1 fh=3a141fdd6276f642 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe.vir" sh=AAB44C79899999D77D4BC45AC1FC31746EE01C39 ft=1 fh=f19b2f7682fe88c5 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32.dll.vir" sh=3010A616F191A1AB67BAA394F95094E43E1B0F05 ft=1 fh=1d4eab4a3a54531e vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll.vir" sh=CFD6E953ACB4E21B22DD6D2BBD7360C353AA5049 ft=1 fh=65b60511f931799f vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64.dll.vir" sh=275F649C7C4613C61B59BD33393AA245AD3D3816 ft=1 fh=ecf7e3ee1d6b314e vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll.vir" sh=B46AC89336EE49AE7D475F54C6A0847EAA8A174F ft=1 fh=d456ecb0103eab2f vn="Variante von Win32/Conduit.SearchProtect.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir" sh=DF7B974F73F65FDF917E9C3AB8B8EC9FD97FC2A0 ft=1 fh=0e3a711fc1c46ea8 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ProtectService.exe.vir" sh=606D4414333C04E362F60B505926C78BB0B6C694 ft=1 fh=2f7c44d7fdd8d932 vn="Variante von Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\SupTab.dll.vir" sh=AF36570D737043FEBEC5FA3DDB416A4CF5FDFBE9 ft=1 fh=c71c0011100f33aa vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir" sh=7028F239FAC673EE7DC7772ACC75D759EA73837D ft=1 fh=e769f095fe49f653 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nico\AppData\Local\Microsoft\Windows\INetCache\IE\4EE80OXF\spstub[1].exe" sh=683CF1A501F326FFCB1FE6A393EB7735F60AA1B9 ft=1 fh=307bbd67644818ae vn="Variante von Win32/BrowseFox.O evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nico\AppData\Local\Microsoft\Windows\INetCache\IE\87D2HB3X\DynamoCombo[1].dll" sh=DE07A45DB8E9DB4B0B8B99DDEE6A0D7FE78C74FA ft=1 fh=0f0d85be27aea62e vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nico\AppData\Local\Microsoft\Windows\INetCache\IE\87D2HB3X\Setup[1].exe" sh=828F79E473250D33A8285963B54305A04F0E811D ft=1 fh=192a6aeb7d1c9ee9 vn="Variante von Win32/InstallCore.WC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nico\Downloads\kmplayer.exe" Das weiter FRST.txt (Teil 1): Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01 Ran by Nico (administrator) on NICO_STUDY on 05-02-2015 17:00:38 Running from C:\Users\Nico\Desktop Loaded Profiles: Nico (Available profiles: Nico) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Condusiv Technologies) C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Sirrix AG) C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (3S-Smart Software Solutions GmbH) C:\Program Files (x86)\3S Software\CoDeSys ENI Server\ENI.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe (Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Spotify Ltd) C:\Users\Nico\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Dropbox, Inc.) C:\Users\Nico\AppData\Roaming\Dropbox\bin\Dropbox.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894152 2013-11-04] (ELAN Microelectronics Corp.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13674712 2014-07-16] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1389936 2014-07-18] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_SRSSA] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1389936 2014-07-18] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281776 2014-09-16] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310640 2013-03-07] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.) HKLM-x32\...\Run: [ENISysTray] => C:\Program Files (x86)\3S Software\CoDeSys ENI Server\ENISysTray.exe [245760 2009-01-20] (3S-Smart Software Solutions GmbH) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3589802351-439905089-1110981561-1001\...\Run: [Quick Starter] => C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe [2358064 2014-07-15] (Samsung Electronics CO., LTD.) HKU\S-1-5-21-3589802351-439905089-1110981561-1001\...\Run: [Spotify] => C:\Users\Nico\AppData\Roaming\Spotify\Spotify.exe [6737976 2015-01-15] (Spotify Ltd) HKU\S-1-5-21-3589802351-439905089-1110981561-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30873192 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-3589802351-439905089-1110981561-1001\...\Run: [Spotify Web Helper] => C:\Users\Nico\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-15] (Spotify Ltd) HKU\S-1-5-21-3589802351-439905089-1110981561-1001\...\MountPoints2: {5978b983-9cee-11e4-be94-b4b6769c136d} - "E:\autorun.exe" Startup: C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Nico\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {75EE9A76-CCF7-47D7-BAA3-573E905D5109} => C:\windows\SYSTEM32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [BitcasaIconOverlay] -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll (Bitcasa, Inc) ShellIconOverlayIdentifiers: [BitcasaProgressOverlay] -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll (Bitcasa, Inc) ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {75EE9A76-CCF7-47D7-BAA3-573E905D5109} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) AutoConfigURL: [S-1-5-21-3589802351-439905089-1110981561-1001] => file://C:\Program Files (x86)\Dynamo Combo\bin\Pac9064.js HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3589802351-439905089-1110981561-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms} HKU\S-1-5-21-3589802351-439905089-1110981561-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3589802351-439905089-1110981561-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006 SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3589802351-439905089-1110981561-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\045rdp04.default FF DefaultSearchEngine: Google (avast) FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006 FF Keyword.URL: https://www.google.com/search/?trackid=sp-006 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\045rdp04.default\searchplugins\google-avast.xml FF Extension: YouTube Unblocker - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\045rdp04.default\Extensions\youtubeunblocker@unblocker.yt [2015-01-15] FF Extension: Adblock Plus - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\045rdp04.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-25] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-14] Chrome: ======= CHR StartupUrls: Default -> "https://www.google.com/?trackid=sp-006" CHR Profile: C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-15] CHR Extension: (Google Drive) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-15] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-15] CHR Extension: (YouTube) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-15] CHR Extension: (Google-Suche) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-15] CHR Extension: (Google Tabellen) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-15] CHR Extension: (Avast Online Security) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-15] CHR Extension: (Google Wallet) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-18] CHR Extension: (Google Mail) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-15] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-15] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-15] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-01-15] (Avast Software) R2 BitBoxService; C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe [738304 2014-03-18] (Sirrix AG) [File not signed] S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593152 2014-01-29] (Samsung Electronics CO., LTD.) R2 ENI Server; C:\Program Files (x86)\3S Software\CoDeSys ENI Server\ENI.exe [651264 2009-01-20] (3S-Smart Software Solutions GmbH) [File not signed] R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-09-05] (ELAN Microelectronics Corp.) R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [243880 2015-01-16] (Foxit Software Inc.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation) R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation) R2 IntelliMemory; C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe [55720 2012-12-21] (Condusiv Technologies) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] () R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28848 2014-09-16] (Samsung Electronics Co., Ltd.) S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation) R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3000664 2015-01-06] (Samsung Electronics CO., LTD.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2015-01-15] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-01-15] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2014-07-21] (Advanced Micro Devices, Inc.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-15] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-15] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-15] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-15] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-15] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-15] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-15] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-15] () R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131328 2014-11-21] (Microsoft Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation) R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.) R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation) R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22832 2013-07-24] (ELAN Microelectronic Corp.) R1 intmfs; C:\Windows\System32\DRIVERS\intmfs.sys [29096 2012-12-21] (Condusiv Technologies) R0 intmsd; C:\Windows\System32\DRIVERS\intmsd.sys [104872 2012-12-21] (Condusiv Technologies) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation) R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation) R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider) R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [268976 2014-09-16] (Samsung Electronics Co., Ltd.) R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111280 2014-09-16] (Samsung Electronics Co., Ltd.) R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation) R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-01-15] (Avast Software) S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-01-15] (Microsoft Corporation) R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider) |
05.02.2015, 17:08 | #10 |
| Windows 8.1: Spyware? "Dynamo Combo" Add-on verursacht umleitung auf Werbung FRST.txt (Teil 2): Code:
ATTFilter ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-05 17:00 - 2015-02-05 17:00 - 00000000 ____D () C:\Users\Nico\Desktop\FRST-OlderVersion 2015-02-05 07:30 - 2015-02-05 07:30 - 02347384 _____ (ESET) C:\Users\Nico\Downloads\esetsmartinstaller_deu.exe 2015-02-05 07:17 - 2015-02-05 07:17 - 00000197 _____ () C:\WINDOWS\system32\2015-02-05-06-17-55.065-AvastVBoxSVC.exe-3988.log 2015-02-04 10:02 - 2015-02-04 10:03 - 00045040 _____ () C:\Users\Nico\Desktop\Addition.txt 2015-02-04 10:01 - 2015-02-05 17:00 - 00027390 _____ () C:\Users\Nico\Desktop\FRST.txt 2015-02-04 10:00 - 2015-02-04 10:00 - 00000000 ____D () C:\Users\Nico\Desktop\Vor bereinigung 2015-02-04 09:59 - 2015-02-04 09:59 - 00002243 _____ () C:\Users\Nico\Desktop\mbam.txt 2015-02-04 09:59 - 2015-02-04 09:59 - 00000197 _____ () C:\WINDOWS\system32\2015-02-04-08-59-46.048-AvastVBoxSVC.exe-4012.log 2015-02-04 09:42 - 2015-02-04 09:58 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-02-04 09:42 - 2015-02-04 09:43 - 00000197 _____ () C:\WINDOWS\system32\2015-02-04-08-42-45.053-AvastVBoxSVC.exe-3852.log 2015-02-04 09:42 - 2015-02-04 09:42 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-04 09:42 - 2015-02-04 09:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-04 09:42 - 2015-02-04 09:42 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-04 09:42 - 2015-02-04 09:42 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-04 09:42 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-02-04 09:42 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-02-04 09:42 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-02-04 09:41 - 2015-02-04 09:41 - 00007061 _____ () C:\Users\Nico\Desktop\AdwCleaner[S0]_afterDelete.txt 2015-02-04 09:26 - 2015-02-04 09:27 - 00000168 _____ () C:\Users\Nico\Desktop\Anmerkung.txt 2015-02-04 09:23 - 2015-02-04 09:23 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Nico\Downloads\mbam-setup-2.0.4.1028.exe 2015-02-04 09:23 - 2015-02-04 09:23 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Nico\Desktop\mbam-setup-2.0.4.1028.exe 2015-02-04 09:22 - 2015-02-04 09:22 - 00000197 _____ () C:\WINDOWS\system32\2015-02-04-08-22-21.007-AvastVBoxSVC.exe-4012.log 2015-02-03 22:54 - 2015-02-03 22:54 - 00001506 _____ () C:\Users\Nico\Desktop\Zuhause ausdrucken!!! - Verknüpfung.lnk 2015-02-03 19:38 - 2014-10-20 21:09 - 820361873 _____ () C:\Users\Nico\Desktop\Hannes und der Bürgermeister Wanzen & Seelenwanderung.mp4 2015-02-03 17:13 - 2015-02-03 17:13 - 00002523 _____ () C:\Users\Public\Desktop\Evernote.lnk 2015-02-03 17:13 - 2015-02-03 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote 2015-02-03 12:59 - 2015-02-03 12:59 - 00000197 _____ () C:\WINDOWS\system32\2015-02-03-11-59-37.062-AvastVBoxSVC.exe-3880.log 2015-02-03 07:11 - 2015-02-03 07:11 - 00000197 _____ () C:\WINDOWS\system32\2015-02-03-06-11-27.000-AvastVBoxSVC.exe-3892.log 2015-02-03 00:33 - 2015-02-03 00:33 - 00000197 _____ () C:\WINDOWS\system32\2015-02-02-23-33-21.036-AvastVBoxSVC.exe-3252.log 2015-02-02 23:03 - 2015-02-02 23:03 - 00000247 _____ () C:\WINDOWS\system32\2015-02-02-22-03-47.032-aswFe.exe-7096.log 2015-02-02 22:59 - 2015-02-02 23:03 - 00000247 _____ () C:\WINDOWS\system32\2015-02-02-21-59-03.091-aswFe.exe-7080.log 2015-02-02 22:59 - 2015-02-02 22:59 - 00000197 _____ () C:\WINDOWS\system32\2015-02-02-21-59-02.072-AvastVBoxSVC.exe-7488.log 2015-02-02 22:39 - 2015-02-02 22:39 - 00029157 _____ () C:\Users\Nico\Desktop\Logfiles.zip 2015-02-02 21:30 - 2015-02-02 21:30 - 00000197 _____ () C:\WINDOWS\system32\2015-02-02-20-30-04.070-AvastVBoxSVC.exe-2668.log 2015-02-02 21:26 - 2015-02-02 21:26 - 00000197 _____ () C:\WINDOWS\system32\2015-02-02-20-26-20.004-AvastVBoxSVC.exe-3932.log 2015-02-02 21:14 - 2015-02-02 21:14 - 00380416 _____ () C:\Users\Nico\Downloads\Gmer-19357.exe 2015-02-02 21:14 - 2015-02-02 21:14 - 00380416 _____ () C:\Users\Nico\Desktop\Gmer-19357.exe 2015-02-02 21:09 - 2015-02-05 17:00 - 00000000 ____D () C:\FRST 2015-02-02 21:08 - 2015-02-05 17:00 - 02131968 _____ (Farbar) C:\Users\Nico\Desktop\FRST64.exe 2015-02-02 21:08 - 2015-02-02 21:08 - 02131456 _____ (Farbar) C:\Users\Nico\Downloads\FRST64.exe 2015-02-02 21:07 - 2015-02-02 21:07 - 00000000 _____ () C:\Users\Nico\defogger_reenable 2015-02-02 21:07 - 2015-02-02 21:06 - 00050477 _____ () C:\Users\Nico\Desktop\Defogger.exe 2015-02-02 21:06 - 2015-02-02 21:06 - 00050477 _____ () C:\Users\Nico\Downloads\Defogger.exe 2015-02-02 18:40 - 2015-02-04 09:39 - 00000000 ____D () C:\AdwCleaner 2015-02-02 18:39 - 2015-02-02 18:39 - 02194432 _____ () C:\Users\Nico\Downloads\adwcleaner_4.109.exe 2015-02-02 18:39 - 2015-02-02 18:39 - 02194432 _____ () C:\Users\Nico\Desktop\adwcleaner_4.109.exe 2015-02-02 07:27 - 2015-02-02 07:28 - 00000197 _____ () C:\WINDOWS\system32\2015-02-02-06-27-57.055-AvastVBoxSVC.exe-3956.log 2015-02-01 19:36 - 2015-02-05 08:15 - 00005140 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for Nico_Study-Nico Nico_Study 2015-02-01 19:36 - 2015-02-01 19:36 - 00000000 ____D () C:\Users\Nico\Documents\Benutzerdefinierte Office-Vorlagen 2015-02-01 18:39 - 2015-02-01 18:39 - 00002185 _____ () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk 2015-02-01 18:39 - 2015-02-01 18:39 - 00002132 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk 2015-02-01 18:39 - 2015-02-01 18:39 - 00002132 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk 2015-02-01 18:39 - 2015-02-01 18:39 - 00000000 ___RD () C:\Users\Nico\SkyDrive 2015-02-01 18:39 - 2015-02-01 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices 2015-02-01 18:39 - 2015-02-01 18:39 - 00000000 ____D () C:\ProgramData\Microsoft SkyDrive 2015-02-01 18:39 - 2015-02-01 18:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft SkyDrive 2015-02-01 18:36 - 2015-02-02 22:13 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2015-02-01 18:36 - 2015-02-01 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-02-01 18:35 - 2015-02-01 18:35 - 01064632 _____ (Microsoft Corporation) C:\Users\Nico\Downloads\Setup.X86.de-DE_O365HomePremRetail_69addc71-75e4-44ca-8fe2-b75fec0ab50a_TX_DB_.exe 2015-01-31 21:32 - 2015-01-31 21:32 - 00000666 _____ () C:\Users\Nico\Documents\Desktop - Verknüpfung.lnk 2015-01-31 20:25 - 2015-01-31 20:25 - 00084743 _____ () C:\Users\Nico\Downloads\Lohnsteuertabelle 2015.html 2015-01-31 11:45 - 2015-01-31 11:46 - 00000197 _____ () C:\WINDOWS\system32\2015-01-31-10-45-29.010-AvastVBoxSVC.exe-2208.log 2015-01-30 07:17 - 2015-01-30 07:17 - 00000197 _____ () C:\WINDOWS\system32\2015-01-30-06-17-00.090-AvastVBoxSVC.exe-3828.log 2015-01-29 07:35 - 2015-01-29 07:35 - 00000247 _____ () C:\WINDOWS\system32\2015-01-29-06-35-36.066-aswFe.exe-7372.log 2015-01-29 07:30 - 2015-01-29 07:35 - 00000247 _____ () C:\WINDOWS\system32\2015-01-29-06-30-54.071-aswFe.exe-6736.log 2015-01-29 07:30 - 2015-01-29 07:30 - 00000197 _____ () C:\WINDOWS\system32\2015-01-29-06-30-53.005-AvastVBoxSVC.exe-1236.log 2015-01-29 07:22 - 2015-01-29 07:22 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\BRT 2015-01-28 12:49 - 2015-01-28 12:50 - 00000197 _____ () C:\WINDOWS\system32\2015-01-28-11-49-54.090-AvastVBoxSVC.exe-1900.log 2015-01-28 07:25 - 2015-01-28 07:25 - 00000197 _____ () C:\WINDOWS\system32\2015-01-28-06-25-25.070-AvastVBoxSVC.exe-4116.log 2015-01-27 23:50 - 2015-01-27 23:50 - 00000197 _____ () C:\WINDOWS\system32\2015-01-27-22-50-04.045-AvastVBoxSVC.exe-3340.log 2015-01-27 22:00 - 2015-01-27 22:02 - 51621699 _____ () C:\Users\Nico\Downloads\fritzing.0.9.1b.64.pc_1.zip 2015-01-27 12:45 - 2015-01-27 12:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-25 11:13 - 2015-01-25 11:13 - 00000197 _____ () C:\WINDOWS\system32\2015-01-25-10-13-02.080-AvastVBoxSVC.exe-4020.log 2015-01-24 12:00 - 2015-01-24 12:00 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\PowerISO 2015-01-24 11:57 - 2015-01-24 11:57 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2015-01-24 11:55 - 2015-01-24 11:56 - 00000197 _____ () C:\WINDOWS\system32\2015-01-24-10-55-59.055-AvastVBoxSVC.exe-3480.log 2015-01-24 11:55 - 2015-01-24 11:55 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2015-01-24 00:31 - 2015-01-28 13:40 - 00003278 _____ () C:\WINDOWS\System32\Tasks\avastBCLRestartS-1-5-21-3589802351-439905089-1110981561-1001 2015-01-23 17:13 - 2015-01-23 17:14 - 00754216 _____ (DownloadAstro) C:\Users\Nico\Downloads\kmplayer.exe 2015-01-23 16:02 - 2015-01-23 16:02 - 00000197 _____ () C:\WINDOWS\system32\2015-01-23-15-02-14.017-AvastVBoxSVC.exe-3960.log 2015-01-23 15:51 - 2015-01-23 15:51 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader 2015-01-23 15:49 - 2015-01-23 18:59 - 00000000 ____D () C:\Users\Nico\AppData\Local\JDownloader v2.0 2015-01-23 07:18 - 2015-01-23 07:19 - 00000197 _____ () C:\WINDOWS\system32\2015-01-23-06-18-57.062-AvastVBoxSVC.exe-3996.log 2015-01-21 14:25 - 2015-01-21 14:25 - 00000000 ____D () C:\Users\Nico\AppData\Local\PDF24 2015-01-20 07:16 - 2015-01-20 07:17 - 00000197 _____ () C:\WINDOWS\system32\2015-01-20-06-16-31.052-AvastVBoxSVC.exe-3912.log 2015-01-20 07:15 - 2015-01-20 07:15 - 00000000 ____D () C:\ENI 2015-01-19 14:28 - 2015-01-19 14:28 - 00000000 ____D () C:\Program Files (x86)\Evernote 2015-01-19 14:23 - 2015-01-19 14:25 - 98672136 _____ (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\Nico\Downloads\Evernote_5.8.1.6061.exe 2015-01-19 13:39 - 2008-06-06 14:15 - 00016488 _____ (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\Drivers\SysDrv3S.sys 2015-01-19 13:38 - 2015-01-19 13:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3S Software 2015-01-19 13:38 - 2015-01-19 13:39 - 00000000 ____D () C:\Program Files (x86)\3S Software 2015-01-19 13:38 - 2015-01-19 13:39 - 00000000 ____D () C:\lm.dat 2015-01-19 13:38 - 2015-01-19 13:38 - 00000000 ____D () C:\WINDOWS\Gateway Files 2015-01-19 13:38 - 2015-01-19 13:38 - 00000000 ____D () C:\Users\Nico\AppData\Local\EvernoteNW 2015-01-19 13:38 - 2010-06-10 13:53 - 00225353 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\Gateway.exe 2015-01-19 13:38 - 2010-06-10 13:53 - 00217164 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\GDrvStd.dll 2015-01-19 13:38 - 2010-06-10 13:53 - 00192588 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\GClient.dll 2015-01-19 13:38 - 2010-06-10 13:53 - 00184396 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\GatewayDDE.exe 2015-01-19 13:38 - 2010-06-10 13:53 - 00147532 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\GSymbol.dll 2015-01-19 13:38 - 2010-06-10 13:53 - 00147528 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\GUtil.dll 2015-01-19 13:38 - 2010-06-10 13:53 - 00143436 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\GHandle.dll 2015-01-19 13:38 - 2010-06-10 13:53 - 00135258 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\GHandleStdcall.dll 2015-01-19 13:38 - 2010-06-10 13:53 - 00114766 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\GDrvBase.dll 2015-01-19 13:38 - 2010-06-10 13:53 - 00081993 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\CommUsr.dll 2015-01-19 13:38 - 2010-06-10 13:53 - 00040960 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\CAN_VCI.dll 2015-01-19 13:38 - 2010-06-10 13:53 - 00036937 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\CommSym.dll 2015-01-19 13:38 - 2010-06-10 13:53 - 00032768 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\PEAK_USB.dll 2015-01-19 13:38 - 2010-06-10 13:53 - 00032768 ____N (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\PEAK_DNG.dll 2015-01-19 13:38 - 2010-05-11 17:10 - 00483328 _____ (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\LMAPI.DLL 2015-01-19 13:38 - 2010-01-07 16:57 - 00081408 ____N (PEAK-System Technik GmbH) C:\WINDOWS\SysWOW64\PCAN_USB.dll 2015-01-19 13:38 - 2010-01-07 16:57 - 00069120 ____N (PEAK-System Technik GmbH) C:\WINDOWS\SysWOW64\PCAN_DNG.dll 2015-01-19 13:38 - 2009-01-20 08:45 - 00274432 _____ (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\ENIClient.dll 2015-01-19 13:38 - 2007-04-10 16:30 - 00088613 _____ () C:\WINDOWS\SysWOW64\gateway.chm 2015-01-19 13:38 - 2007-02-27 16:59 - 00139264 _____ (3S-Smart Software Solutions GmbH) C:\WINDOWS\SysWOW64\3SXMLParser.dll 2015-01-19 13:38 - 2000-11-10 08:38 - 00114688 _____ (Technosoftware AG) C:\WINDOWS\SysWOW64\OCSDAAuto.dll 2015-01-19 13:38 - 2000-11-10 08:38 - 00077824 _____ (OPC Foundation) C:\WINDOWS\SysWOW64\opcproxy.dll 2015-01-19 13:38 - 2000-11-10 08:38 - 00075264 _____ () C:\WINDOWS\SysWOW64\callrproxy.dll 2015-01-19 13:38 - 2000-11-10 08:38 - 00061440 _____ (OPC Foundation) C:\WINDOWS\SysWOW64\opccomn_ps.dll 2015-01-19 13:38 - 2000-11-10 08:38 - 00060416 _____ () C:\WINDOWS\SysWOW64\OPCENUM.EXE 2015-01-19 13:38 - 2000-11-10 08:38 - 00040960 _____ (Technosoftware AG) C:\WINDOWS\SysWOW64\OCSSpy_ps.dll 2015-01-19 13:35 - 2015-01-19 13:35 - 00000197 _____ () C:\WINDOWS\system32\2015-01-19-12-35-36.019-AvastVBoxSVC.exe-3620.log 2015-01-18 16:12 - 2015-01-18 16:12 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2010 2015-01-18 16:12 - 2015-01-18 16:12 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2010 2015-01-18 15:18 - 2015-01-18 15:18 - 00000197 _____ () C:\WINDOWS\system32\2015-01-18-14-18-08.028-AvastVBoxSVC.exe-3876.log 2015-01-18 15:11 - 2015-01-18 15:11 - 00000197 _____ () C:\WINDOWS\system32\2015-01-18-14-11-07.053-AvastVBoxSVC.exe-3680.log 2015-01-16 00:17 - 2015-01-16 00:17 - 00000247 _____ () C:\WINDOWS\system32\2015-01-15-23-17-19.029-aswFe.exe-5592.log 2015-01-16 00:07 - 2015-01-16 00:17 - 00000247 _____ () C:\WINDOWS\system32\2015-01-15-23-07-38.068-aswFe.exe-5112.log 2015-01-16 00:07 - 2015-01-16 00:07 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-23-07-05.000-AvastVBoxSVC.exe-5652.log 2015-01-15 22:41 - 2015-01-15 22:41 - 00000000 ____D () C:\WINDOWS\SysWOW64\1033 2015-01-15 22:41 - 2015-01-15 22:41 - 00000000 ____D () C:\WINDOWS\system32\RsFx 2015-01-15 22:41 - 2015-01-15 22:41 - 00000000 ____D () C:\WINDOWS\system32\1033 2015-01-15 22:41 - 2015-01-15 22:41 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0 2015-01-15 22:41 - 2009-07-21 01:42 - 00111640 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll 2015-01-15 22:41 - 2009-07-21 01:42 - 00079896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll 2015-01-15 22:41 - 2009-07-21 01:42 - 00078872 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2015-01-15 22:41 - 2009-07-21 01:42 - 00050200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2015-01-15 22:40 - 2015-01-15 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 2015-01-15 22:39 - 2015-01-15 22:41 - 00000000 ____D () C:\Program Files\Microsoft SQL Server 2015-01-15 22:39 - 2015-01-15 22:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server 2015-01-15 22:39 - 2015-01-15 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Sync Framework 2015-01-15 22:39 - 2015-01-15 22:39 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services 2015-01-15 22:39 - 2015-01-15 22:39 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework 2015-01-15 22:39 - 2015-01-15 22:39 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition 2015-01-15 22:39 - 2015-01-15 22:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services 2015-01-15 22:38 - 2015-01-15 22:38 - 00000000 ____D () C:\ProgramData\PreEmptive Solutions 2015-01-15 22:36 - 2015-01-15 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 3 SDK - Deutsch 2015-01-15 22:35 - 2015-01-15 22:35 - 00000000 ____D () C:\Users\Nico\Documents\Visual Studio 2008 2015-01-15 22:35 - 2015-01-15 22:35 - 00000000 ____D () C:\Program Files\IIS 2015-01-15 22:35 - 2015-01-15 22:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET 2015-01-15 22:35 - 2015-01-15 22:35 - 00000000 ____D () C:\Program Files (x86)\IIS 2015-01-15 22:34 - 2015-01-15 22:34 - 00000000 ____D () C:\Users\Nico\Documents\Visual Studio 2010 2015-01-15 22:32 - 2015-01-18 16:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 2015-01-15 22:32 - 2015-01-15 22:41 - 00000000 ____D () C:\WINDOWS\SysWOW64\1031 2015-01-15 22:32 - 2015-01-15 22:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0 2015-01-15 22:32 - 2015-01-15 22:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft F# 2015-01-15 22:32 - 2015-01-15 22:33 - 00000000 ____D () C:\Program Files (x86)\HTML Help Workshop 2015-01-15 22:31 - 2015-01-15 22:41 - 00000000 ____D () C:\WINDOWS\system32\1031 2015-01-15 22:31 - 2015-01-15 22:39 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 10.0 2015-01-15 22:31 - 2015-01-15 22:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs 2015-01-15 22:31 - 2015-01-15 22:31 - 00000000 ____D () C:\WINDOWS\symbols 2015-01-15 22:31 - 2015-01-15 22:31 - 00000000 ____D () C:\Program Files\Microsoft Help Viewer 2015-01-15 22:31 - 2015-01-15 22:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 9.0 2015-01-15 22:30 - 2015-01-15 22:30 - 00000000 ____D () C:\WINDOWS\PCHEALTH 2015-01-15 22:27 - 2015-01-21 14:33 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Windows Live Writer 2015-01-15 22:27 - 2015-01-15 22:27 - 00000000 ____D () C:\Users\Nico\AppData\Local\Windows Live Writer 2015-01-15 22:22 - 2015-01-15 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ELECTRA_250 2015-01-15 22:22 - 2015-01-15 22:22 - 00000000 ____D () C:\ProgramData\CP70vxDj0 2015-01-15 22:22 - 2015-01-15 22:22 - 00000000 ____D () C:\Program Files (x86)\ELECTRA_250 2015-01-15 22:21 - 2015-01-15 22:21 - 00000806 _____ () C:\Users\Nico\Downloads\#Ablage.lnk 2015-01-15 22:21 - 2015-01-15 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TARGET 3001! V17 pcb-pool 2015-01-15 22:21 - 2015-01-15 22:21 - 00000000 ____D () C:\Program Files (x86)\ibf 2015-01-15 22:13 - 2015-02-05 07:17 - 00000000 ___RD () C:\Users\Nico\Dropbox 2015-01-15 22:06 - 2015-01-15 22:06 - 00324136 _____ (Dropbox, Inc.) C:\Users\Nico\Downloads\DropboxInstaller.exe 2015-01-15 21:57 - 2015-01-15 21:57 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-20-57-11.022-AvastVBoxSVC.exe-3676.log 2015-01-15 21:55 - 2015-01-15 21:55 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Sirrix AG 2015-01-15 21:54 - 2015-01-15 21:54 - 00000000 ____D () C:\Users\Nico\AppData\Local\Cisco 2015-01-15 21:54 - 2015-01-15 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco 2015-01-15 21:54 - 2015-01-15 21:54 - 00000000 ____D () C:\ProgramData\Cisco 2015-01-15 21:54 - 2013-10-10 17:29 - 00112496 ____R (Cisco Systems, Inc.) C:\WINDOWS\system32\Drivers\acsock64.sys 2015-01-15 21:53 - 2015-01-15 21:53 - 00001275 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser in the Box.lnk 2015-01-15 21:53 - 2015-01-15 21:53 - 00000000 ____D () C:\ProgramData\Sirrix AG 2015-01-15 21:53 - 2015-01-15 21:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser in the Box 2015-01-15 21:53 - 2015-01-15 21:53 - 00000000 ____D () C:\Program Files (x86)\Sirrix AG 2015-01-15 21:50 - 2015-01-15 21:50 - 00000000 ____D () C:\Program Files\Oracle 2015-01-15 21:50 - 2014-01-10 22:49 - 00239376 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys 2015-01-15 21:50 - 2014-01-10 22:48 - 00119056 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys 2015-01-15 21:46 - 2015-01-15 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-01-15 21:45 - 2015-01-15 22:09 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-01-15 21:43 - 2015-02-05 16:05 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-15 21:43 - 2015-02-05 07:16 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-15 21:43 - 2015-02-04 18:00 - 00004112 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-01-15 21:43 - 2015-02-04 18:00 - 00003876 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-01-15 21:43 - 2015-01-15 21:46 - 00000000 ____D () C:\Users\Nico\AppData\Local\Google 2015-01-15 21:43 - 2015-01-15 21:46 - 00000000 ____D () C:\Program Files (x86)\Google 2015-01-15 21:42 - 2015-02-05 07:17 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Dropbox 2015-01-15 21:37 - 2015-01-15 21:37 - 00000000 ____D () C:\Users\Nico\AppData\Local\Evernote 2015-01-15 21:32 - 2015-01-18 15:59 - 00004062 _____ () C:\Users\Nico\AppData\Roaming\LTspiceIV.ini 2015-01-15 21:30 - 2015-01-15 21:30 - 00001211 _____ () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\LTspice IV.lnk 2015-01-15 21:30 - 2015-01-15 21:30 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Toastify 2015-01-15 21:29 - 2015-01-15 21:29 - 00000000 ____D () C:\Program Files (x86)\LTC 2015-01-15 21:20 - 2015-01-15 21:21 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-20-20-55.031-AvastVBoxSVC.exe-3124.log 2015-01-15 21:20 - 2015-01-15 21:20 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-01-15 21:20 - 2015-01-15 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-01-15 21:19 - 2015-01-15 21:19 - 00000844 _____ () C:\Users\Nico\Desktop\##Studium## - Verknüpfung.lnk 2015-01-15 21:19 - 2015-01-15 21:19 - 00000806 _____ () C:\Users\Nico\Desktop\#Ablage - Verknüpfung.lnk 2015-01-15 21:18 - 2015-01-15 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 2015-01-15 21:18 - 2015-01-15 21:18 - 00000000 ____D () C:\Program Files (x86)\PDF24 2015-01-15 21:17 - 2015-01-15 22:21 - 00000000 ____D () C:\Program Files (x86)\PhotoshopPortable 2015-01-15 21:16 - 2015-01-15 21:16 - 00000039 _____ () C:\Users\Nico\AppData\Roaming\SupportBox_MSUL.cfg 2015-01-15 21:16 - 2015-01-15 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO 2015-01-15 21:16 - 2015-01-15 21:16 - 00000000 ____D () C:\Program Files\PowerISO 2015-01-15 21:16 - 2014-03-30 07:26 - 00129944 _____ (Power Software Ltd) C:\WINDOWS\system32\Drivers\scdemu.sys 2015-01-15 21:15 - 2015-01-15 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes 2015-01-15 21:15 - 2015-01-15 21:15 - 00000000 ____D () C:\Program Files (x86)\Toastify 2015-01-15 21:15 - 2015-01-15 21:15 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes 2015-01-15 21:11 - 2015-02-04 18:51 - 00000000 ____D () C:\Users\Nico\AppData\Local\Spotify 2015-01-15 21:11 - 2015-01-15 21:11 - 00001794 _____ () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2015-01-15 21:11 - 2015-01-15 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2015-01-15 21:11 - 2015-01-15 21:11 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client 2015-01-15 21:10 - 2015-01-23 18:57 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\vlc 2015-01-15 21:10 - 2015-01-15 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2015-01-15 21:10 - 2015-01-15 21:10 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2015-01-15 21:09 - 2015-02-04 18:56 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Spotify 2015-01-15 21:09 - 2015-01-15 21:09 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2015-01-15 21:08 - 2015-01-15 21:08 - 00000000 ____D () C:\The KMPlayer 2015-01-15 21:06 - 2015-01-15 21:06 - 00001478 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk 2015-01-15 21:06 - 2015-01-15 21:06 - 00001329 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2015-01-15 21:06 - 2015-01-15 21:06 - 00000000 ____D () C:\WINDOWS\it 2015-01-15 21:06 - 2015-01-15 21:06 - 00000000 ____D () C:\WINDOWS\fr 2015-01-15 21:06 - 2015-01-15 21:06 - 00000000 ____D () C:\WINDOWS\de 2015-01-15 21:06 - 2015-01-15 21:06 - 00000000 ____D () C:\Program Files\Windows Live 2015-01-15 21:06 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll 2015-01-15 21:06 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll 2015-01-15 21:06 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll 2015-01-15 21:06 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll 2015-01-15 21:06 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll 2015-01-15 21:06 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll 2015-01-15 21:06 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll 2015-01-15 21:06 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll 2015-01-15 21:06 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll 2015-01-15 21:06 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll 2015-01-15 21:05 - 2015-01-22 07:22 - 00000000 ____D () C:\Users\Nico\AppData\Local\Windows Live 2015-01-15 21:05 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll 2015-01-15 21:05 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll 2015-01-15 21:03 - 2015-02-05 07:30 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Skype 2015-01-15 21:03 - 2015-01-15 21:20 - 00000000 ____D () C:\ProgramData\Skype 2015-01-15 21:03 - 2015-01-15 21:03 - 00000000 ____D () C:\Users\Nico\AppData\Local\Skype 2015-01-15 21:01 - 2015-01-15 21:08 - 92658088 _____ (Oracle Corporation) C:\Users\Nico\Downloads\jre-8u25-windows-x64.exe 2015-01-15 21:01 - 2015-01-15 21:03 - 29727656 _____ (Oracle Corporation) C:\Users\Nico\Downloads\jre-8u25-windows-i586.exe 2015-01-15 21:00 - 2015-01-15 21:09 - 00000000 ____D () C:\ProgramData\Oracle 2015-01-15 21:00 - 2015-01-15 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-01-15 21:00 - 2015-01-15 21:03 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe 2015-01-15 21:00 - 2015-01-15 21:03 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe 2015-01-15 21:00 - 2015-01-15 21:03 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe 2015-01-15 21:00 - 2015-01-15 21:03 - 00000000 ____D () C:\Program Files (x86)\Java 2015-01-15 21:00 - 2015-01-15 21:00 - 00000000 ____D () C:\ProgramData\Sun 2015-01-15 20:58 - 2015-01-28 21:18 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Foxit Software 2015-01-15 20:58 - 2015-01-15 20:58 - 00000000 ____D () C:\Users\Public\Foxit Software 2015-01-15 20:58 - 2015-01-15 20:58 - 00000000 ____D () C:\Program Files (x86)\Foxit Software 2015-01-15 20:57 - 2015-01-13 18:08 - 00001012 _____ () C:\Users\Nico\Desktop\DHBW.exe.lnk 2015-01-15 20:42 - 2015-01-15 20:42 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-19-42-31.087-AvastVBoxSVC.exe-2524.log 2015-01-15 20:40 - 2015-01-15 20:40 - 00000000 ____D () C:\WINDOWS\system32\RAPID 2015-01-15 20:40 - 2014-09-16 14:30 - 00268976 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\SamsungRapidDiskFltr.sys 2015-01-15 20:24 - 2015-01-15 20:24 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-19-24-13.000-AvastVBoxSVC.exe-2488.log 2015-01-15 20:17 - 2015-01-15 20:17 - 00003276 _____ () C:\WINDOWS\System32\Tasks\SamsungMagician 2015-01-15 20:17 - 2015-01-15 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician 2015-01-15 20:15 - 2015-01-15 20:15 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-19-15-31.060-AvastVBoxSVC.exe-2496.log 2015-01-15 20:11 - 2015-01-15 20:11 - 00000247 _____ () C:\WINDOWS\system32\2015-01-15-19-11-42.036-aswFe.exe-3816.log 2015-01-15 20:09 - 2015-01-15 20:11 - 00000247 _____ () C:\WINDOWS\system32\2015-01-15-19-09-56.093-aswFe.exe-3408.log 2015-01-15 20:09 - 2015-01-15 20:10 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-19-09-56.027-AvastVBoxSVC.exe-2432.log 2015-01-15 20:00 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll 2015-01-15 20:00 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll 2015-01-15 19:55 - 2014-11-15 20:05 - 00801584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2015-01-15 19:55 - 2014-11-15 07:29 - 00962216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2015-01-15 19:55 - 2014-11-14 15:36 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2015-01-15 19:55 - 2014-11-14 08:10 - 03558400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-01-15 19:55 - 2014-11-14 07:58 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2015-01-15 19:55 - 2014-11-14 07:57 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2015-01-15 19:55 - 2014-11-14 07:57 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2015-01-15 19:55 - 2014-11-14 07:54 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2015-01-15 19:55 - 2014-11-14 07:54 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2015-01-15 19:55 - 2014-11-14 07:53 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2015-01-15 19:55 - 2014-11-14 07:52 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2015-01-15 19:55 - 2014-11-14 06:04 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2015-01-15 19:55 - 2014-11-14 06:03 - 00885760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2015-01-15 19:55 - 2014-11-14 06:03 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2015-01-15 19:55 - 2014-11-14 06:01 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2015-01-15 19:55 - 2014-11-14 06:01 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2015-01-15 19:55 - 2014-11-11 01:39 - 22290560 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2015-01-15 19:55 - 2014-11-11 01:17 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2015-01-15 19:55 - 2014-11-10 19:06 - 02485056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2015-01-15 19:55 - 2014-11-10 19:06 - 00473408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys 2015-01-15 19:55 - 2014-11-10 19:06 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2015-01-15 19:55 - 2014-11-10 19:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys 2015-01-15 19:55 - 2014-11-10 03:57 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys 2015-01-15 19:55 - 2014-11-10 02:37 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL 2015-01-15 19:55 - 2014-11-10 02:34 - 01084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2015-01-15 19:55 - 2014-11-10 02:26 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL 2015-01-15 19:55 - 2014-11-10 02:20 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll 2015-01-15 19:55 - 2014-11-10 02:09 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL 2015-01-15 19:55 - 2014-11-10 02:08 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2015-01-15 19:55 - 2014-11-10 02:06 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll 2015-01-15 19:55 - 2014-11-10 01:57 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll 2015-01-15 19:55 - 2014-11-10 01:57 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll 2015-01-15 19:55 - 2014-11-08 11:42 - 01390928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2015-01-15 19:55 - 2014-11-08 11:23 - 01127976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2015-01-15 19:55 - 2014-11-08 05:00 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys 2015-01-15 19:55 - 2014-11-08 05:00 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys 2015-01-15 19:55 - 2014-11-08 04:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys 2015-01-15 19:55 - 2014-11-08 04:58 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys 2015-01-15 19:55 - 2014-11-08 04:56 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp 2015-01-15 19:55 - 2014-11-08 04:56 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll 2015-01-15 19:55 - 2014-11-08 04:56 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll 2015-01-15 19:55 - 2014-11-08 04:24 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll 2015-01-15 19:55 - 2014-11-08 04:13 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp 2015-01-15 19:55 - 2014-11-08 04:13 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll 2015-01-15 19:55 - 2014-11-08 04:13 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll 2015-01-15 19:55 - 2014-11-08 03:48 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll 2015-01-15 19:55 - 2014-11-08 03:38 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2015-01-15 19:55 - 2014-11-08 03:17 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2015-01-15 19:55 - 2014-11-08 03:09 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll 2015-01-15 19:55 - 2014-11-08 03:03 - 00733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll 2015-01-15 19:55 - 2014-11-08 02:59 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll 2015-01-15 19:55 - 2014-11-08 02:58 - 04837376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll 2015-01-15 19:55 - 2014-11-08 02:49 - 01154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe 2015-01-15 19:55 - 2014-11-07 04:58 - 00952896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2015-01-15 19:55 - 2014-11-07 04:20 - 00786120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2015-01-15 19:55 - 2014-11-05 03:12 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSHVHOST.DLL 2015-01-15 19:55 - 2014-11-05 03:12 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSVRMGMT.DLL 2015-01-15 19:55 - 2014-11-05 03:06 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll 2015-01-15 19:55 - 2014-11-05 02:44 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2015-01-15 19:55 - 2014-11-05 02:43 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2015-01-15 19:55 - 2014-11-05 02:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll 2015-01-15 19:55 - 2014-11-05 02:39 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSHVHOST.DLL 2015-01-15 19:55 - 2014-11-05 02:39 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSVRMGMT.DLL 2015-01-15 19:55 - 2014-11-05 02:33 - 00465408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll 2015-01-15 19:55 - 2014-11-05 02:21 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll 2015-01-15 19:55 - 2014-11-05 02:20 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2015-01-15 19:55 - 2014-11-05 02:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll 2015-01-15 19:55 - 2014-11-05 02:14 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll 2015-01-15 19:55 - 2014-11-05 02:06 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll 2015-01-15 19:55 - 2014-11-04 20:33 - 00058176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys 2015-01-15 19:55 - 2014-11-04 20:25 - 00059712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys 2015-01-15 19:55 - 2014-11-04 20:25 - 00051008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys 2015-01-15 19:55 - 2014-11-04 07:55 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys 2015-01-15 19:55 - 2014-11-04 07:54 - 00108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys 2015-01-15 19:55 - 2014-11-04 07:54 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys 2015-01-15 19:55 - 2014-11-04 07:54 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys 2015-01-15 19:55 - 2014-11-04 07:27 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe 2015-01-15 19:55 - 2014-11-04 06:01 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe 2015-01-15 19:55 - 2014-10-31 01:51 - 18823168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2015-01-15 19:55 - 2014-10-31 01:10 - 15158784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2015-01-15 19:55 - 2014-10-30 06:55 - 07473472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-01-15 19:55 - 2014-10-30 06:47 - 01499384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-01-15 19:55 - 2014-10-30 06:41 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-01-15 19:55 - 2014-10-29 04:05 - 00551232 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2015-01-15 19:55 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll 2015-01-15 19:55 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll 2015-01-15 19:55 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll 2015-01-15 19:55 - 2014-10-29 02:55 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll 2015-01-15 19:55 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll 2015-01-15 19:55 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll 2015-01-15 19:55 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe 2015-01-15 19:55 - 2014-10-29 02:13 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll 2015-01-15 19:55 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe 2015-01-15 19:55 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe 2015-01-15 19:55 - 2014-10-26 23:10 - 00390841 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2015-01-15 19:55 - 2014-10-21 02:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventcls.dll 2015-01-15 19:55 - 2014-10-21 02:19 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eventcls.dll 2015-01-15 19:55 - 2014-10-21 01:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll 2015-01-15 19:55 - 2014-10-21 01:31 - 01574400 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll 2015-01-15 19:55 - 2014-10-21 01:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll 2015-01-15 19:55 - 2014-10-21 01:30 - 01454080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe 2015-01-15 19:55 - 2014-10-21 01:20 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll 2015-01-15 19:55 - 2014-10-18 09:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2015-01-15 19:55 - 2014-10-18 09:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2015-01-15 19:55 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll 2015-01-15 19:55 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll 2015-01-15 19:55 - 2014-10-17 05:56 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2015-01-15 19:55 - 2014-10-17 05:56 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2015-01-15 19:55 - 2014-10-17 05:56 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys 2015-01-15 19:55 - 2014-10-17 04:35 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2015-01-15 19:54 - 2014-04-30 07:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys 2015-01-15 19:54 - 2014-04-30 07:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys 2015-01-15 19:52 - 2015-01-15 19:52 - 00000247 _____ () C:\WINDOWS\system32\2015-01-15-18-52-31.026-aswFe.exe-6052.log 2015-01-15 19:52 - 2015-01-15 19:52 - 00000197 _____ () C:\WINDOWS\system32\2015-01-15-18-52-30.013-AvastVBoxSVC.exe-4164.log 2015-01-15 19:48 - 2015-01-15 19:48 - 00000000 ____D () C:\WINDOWS\SysWOW64\vbox 2015-01-15 19:48 - 2015-01-15 19:48 - 00000000 ____D () C:\WINDOWS\system32\vbox 2015-01-15 19:48 - 2015-01-15 19:48 - 00000000 ____D () C:\ProgramData\ATI 2015-01-15 19:45 - 2015-01-15 19:45 - 03733666 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI 2015-01-15 19:45 - 2015-01-15 19:45 - 00000000 ____D () C:\WINDOWS\RSTLog 2015-01-15 19:45 - 2015-01-15 19:45 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Intel Corporation 2015-01-15 19:44 - 2015-01-15 19:44 - 00000000 ____D () C:\WINDOWS\SysWOW64\sda 2015-01-15 19:43 - 2013-07-26 15:07 - 00827096 _____ (Realtek ) C:\WINDOWS\system32\Drivers\Rt630x64.sys 2015-01-15 19:43 - 2013-07-26 15:07 - 00074456 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll 2015-01-15 19:42 - 2013-07-24 14:57 - 00022832 _____ (ELAN Microelectronic Corp.) C:\WINDOWS\system32\Drivers\ETDSMBus.sys 2015-01-15 19:39 - 2015-01-15 19:39 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2015-01-15 19:39 - 2015-01-15 19:39 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2015-01-15 19:38 - 2015-02-02 19:57 - 00000000 ____D () C:\#Data 2015-01-15 19:32 - 2015-01-15 19:32 - 00003936 _____ () C:\WINDOWS\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d 2015-01-15 19:32 - 2015-01-15 19:32 - 00003690 _____ () C:\WINDOWS\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon 2015-01-15 19:32 - 2015-01-15 19:32 - 00000000 _____ () C:\WINDOWS\SysWOW64\agent.log 2015-01-15 19:31 - 2015-01-15 19:31 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf 2015-01-15 19:26 - 2015-01-15 19:26 - 00061191 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201501151926091236.log 2015-01-15 19:26 - 2015-01-15 19:26 - 00001272 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerXpress.lnk 2015-01-15 19:26 - 2015-01-15 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2015-01-15 19:26 - 2015-01-15 19:26 - 00000000 ____D () C:\Program Files (x86)\AMD AVT 2015-01-15 19:25 - 2013-08-30 20:14 - 00156712 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll 2015-01-15 19:25 - 2013-08-30 20:14 - 00142792 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll 2015-01-15 19:25 - 2013-08-30 20:14 - 00141256 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll 2015-01-15 19:25 - 2013-08-30 20:14 - 00114488 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll 2015-01-15 19:25 - 2013-08-30 20:14 - 00097984 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll 2015-01-15 19:25 - 2013-08-30 20:14 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll 2015-01-15 19:25 - 2013-08-30 20:14 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll 2015-01-15 19:25 - 2013-08-30 20:14 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll 2015-01-15 19:25 - 2013-08-30 20:14 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll 2015-01-15 19:25 - 2013-08-30 20:13 - 09464840 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll 2015-01-15 19:25 - 2013-08-30 20:13 - 07256496 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll 2015-01-15 19:25 - 2013-08-30 20:13 - 06767240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll 2015-01-15 19:25 - 2013-08-30 20:13 - 06189416 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll 2015-01-15 19:25 - 2013-08-30 20:13 - 06176008 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll 2015-01-15 19:25 - 2013-08-30 20:13 - 01233080 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll 2015-01-15 19:25 - 2013-08-30 20:11 - 12528640 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys 2015-01-15 19:25 - 2013-08-30 20:05 - 00781312 _____ () C:\WINDOWS\system32\amdmiracast.dll 2015-01-15 19:25 - 2013-08-30 19:48 - 00229376 _____ () C:\WINDOWS\system32\clinfo.exe 2015-01-15 19:25 - 2013-08-30 19:48 - 00127488 _____ (AMD) C:\WINDOWS\system32\coinst_13.152.dll 2015-01-15 19:25 - 2013-08-30 19:47 - 28192256 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll 2015-01-15 19:25 - 2013-08-30 19:47 - 00098816 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\OpenVideo64.dll 2015-01-15 19:25 - 2013-08-30 19:47 - 00086528 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\OVDecode64.dll 2015-01-15 19:25 - 2013-08-30 19:47 - 00083456 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\OpenVideo.dll 2015-01-15 19:25 - 2013-08-30 19:47 - 00073216 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\OVDecode.dll 2015-01-15 19:25 - 2013-08-30 19:45 - 23760896 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll 2015-01-15 19:25 - 2013-08-30 19:43 - 00063488 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2015-01-15 19:25 - 2013-08-30 19:43 - 00057344 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2015-01-15 19:25 - 2013-08-30 19:35 - 25387520 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll 2015-01-15 19:25 - 2013-08-30 19:18 - 00530824 _____ () C:\WINDOWS\SysWOW64\atiapfxx.blb 2015-01-15 19:25 - 2013-08-30 19:18 - 00530824 _____ () C:\WINDOWS\system32\atiapfxx.blb 2015-01-15 19:25 - 2013-08-30 19:18 - 00368640 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe 2015-01-15 19:25 - 2013-08-30 19:18 - 00062464 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll 2015-01-15 19:25 - 2013-08-30 19:18 - 00055808 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll 2015-01-15 19:25 - 2013-08-30 19:18 - 00052224 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll 2015-01-15 19:25 - 2013-08-30 19:18 - 00049152 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll 2015-01-15 19:25 - 2013-08-30 19:17 - 15716352 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll 2015-01-15 19:25 - 2013-08-30 19:14 - 21400064 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll 2015-01-15 19:25 - 2013-08-30 19:14 - 14302208 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll 2015-01-15 19:25 - 2013-08-30 19:04 - 03388672 _____ () C:\WINDOWS\system32\atiumd6a.cap 2015-01-15 19:25 - 2013-08-30 18:59 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll 2015-01-15 19:25 - 2013-08-30 18:58 - 00571904 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe 2015-01-15 19:25 - 2013-08-30 18:58 - 00026112 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll 2015-01-15 19:25 - 2013-08-30 18:57 - 00239616 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe 2015-01-15 19:25 - 2013-08-30 18:56 - 00190976 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll 2015-01-15 19:25 - 2013-08-30 18:50 - 03422720 _____ () C:\WINDOWS\SysWOW64\atiumdva.cap 2015-01-15 19:25 - 2013-08-30 18:37 - 00096256 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll 2015-01-15 19:25 - 2013-08-30 18:37 - 00090624 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll 2015-01-15 19:25 - 2013-08-30 18:37 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll 2015-01-15 19:25 - 2013-08-30 18:37 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll 2015-01-15 19:25 - 2013-08-30 18:35 - 00134656 _____ () C:\WINDOWS\system32\amdhdl64.dll 2015-01-15 19:25 - 2013-08-30 18:34 - 00123392 _____ () C:\WINDOWS\SysWOW64\amdhdl32.dll 2015-01-15 19:25 - 2013-08-30 18:33 - 00784384 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll 2015-01-15 19:25 - 2013-08-30 18:33 - 00594944 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll 2015-01-15 19:25 - 2013-08-30 18:33 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll 2015-01-15 19:25 - 2013-08-30 18:33 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll 2015-01-15 19:25 - 2013-08-30 18:32 - 00618496 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys 2015-01-15 19:25 - 2013-08-30 18:32 - 00100352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll 2015-01-15 19:25 - 2013-08-30 18:32 - 00096768 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll 2015-01-15 19:25 - 2013-08-30 18:32 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll 2015-01-15 19:25 - 2013-08-30 18:32 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll 2015-01-15 19:25 - 2013-08-27 15:06 - 00233652 _____ () C:\WINDOWS\system32\ativvaxy_cik.dat 2015-01-15 19:25 - 2013-08-27 13:27 - 00082336 _____ () C:\WINDOWS\system32\ativce02.dat 2015-01-15 19:25 - 2013-08-07 13:22 - 00716208 _____ () C:\WINDOWS\system32\atiicdxx.dat 2015-01-15 19:25 - 2013-08-07 11:12 - 00231984 _____ () C:\WINDOWS\system32\ativvaxy_cik_nd.dat 2015-01-15 19:25 - 2013-05-04 15:22 - 00047164 _____ () C:\WINDOWS\atiogl.xml 2015-01-15 19:09 - 2015-01-15 19:09 - 00000000 ____D () C:\Program Files\DIFX 2015-01-15 18:45 - 2015-01-15 18:45 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2015-01-15 18:45 - 2015-01-15 18:45 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2015-01-15 18:45 - 2015-01-15 18:45 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll 2015-01-15 18:45 - 2015-01-15 18:45 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll 2015-01-15 18:44 - 2015-01-15 18:44 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2015-01-15 18:44 - 2015-01-15 18:44 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys 2015-01-15 18:44 - 2015-01-15 18:44 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2015-01-15 18:44 - 2015-01-15 18:44 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll 2015-01-15 18:44 - 2015-01-15 18:44 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll 2015-01-15 18:42 - 2015-01-15 18:42 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2015-01-15 18:42 - 2015-01-15 18:42 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2015-01-15 18:41 - 2015-01-15 18:41 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll 2015-01-15 18:41 - 2015-01-15 18:41 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll 2015-01-15 18:28 - 2015-01-15 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-01-15 18:27 - 2015-01-15 18:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-01-15 18:27 - 2015-01-15 18:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2015-01-15 18:25 - 2015-01-15 18:25 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2015-01-15 18:23 - 2014-07-21 22:03 - 00036096 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdkmpfd.sys 2015-01-15 18:22 - 2015-01-15 18:22 - 00001450 _____ () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-15 18:22 - 2015-01-15 18:22 - 00000451 _____ () C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat 2015-01-15 18:22 - 2015-01-15 18:22 - 00000020 ___SH () C:\Users\Nico\ntuser.ini 2015-01-15 18:22 - 2015-01-15 18:22 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\ATI 2015-01-15 18:22 - 2015-01-15 18:22 - 00000000 ____D () C:\Users\Nico\AppData\Local\ATI 2015-01-15 18:20 - 2015-02-05 13:28 - 02012389 _____ () C:\WINDOWS\WindowsUpdate.log 2015-01-15 18:20 - 2015-01-15 18:20 - 00022960 _____ () C:\WINDOWS\system32\emptyregdb.dat 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\Vorlagen 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\Startmenü 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\Druckumgebung 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Programme 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\ProgramData\Vorlagen 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\ProgramData\Startmenü 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\ProgramData\Dokumente 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien 2015-01-15 18:20 - 2015-01-15 18:20 - 00000000 _SHDL () C:\Dokumente und Einstellungen 2015-01-15 18:18 - 2015-01-15 18:18 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-01-15 18:17 - 2015-02-02 21:07 - 00000000 ____D () C:\Users\Nico 2015-01-15 18:17 - 2015-01-15 18:20 - 00020958 _____ () C:\WINDOWS\diagwrn.xml 2015-01-15 18:17 - 2015-01-15 18:20 - 00020958 _____ () C:\WINDOWS\diagerr.xml 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\Vorlagen 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\Startmenü 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\Netzwerkumgebung 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\Lokale Einstellungen 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\Eigene Dateien 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\Druckumgebung 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\Documents\Eigene Musik 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\Documents\Eigene Bilder 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\AppData\Local\Verlauf 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\AppData\Local\Anwendungsdaten 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 _SHDL () C:\Users\Nico\Anwendungsdaten 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 ___RD () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-01-15 18:17 - 2015-01-15 18:17 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate 2015-01-15 18:17 - 2014-11-21 11:52 - 00000000 ___RD () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-15 18:17 - 2014-11-21 11:52 - 00000000 ___RD () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-01-15 18:17 - 2014-11-21 04:42 - 00000369 _____ () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-01-15 18:17 - 2014-11-21 04:42 - 00000369 _____ () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-01-15 18:17 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-01-15 18:15 - 2015-01-15 18:15 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2015-01-15 18:15 - 2015-01-15 18:15 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_SensorsAlsDriver_01_11_00.Wdf 2015-01-15 18:15 - 2015-01-15 18:15 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_iBtFltCoex_01009.Wdf 2015-01-15 18:15 - 2015-01-15 18:15 - 00000000 ____H () C:\ProgramData\DP45977C.lfl 2015-01-15 18:15 - 2015-01-15 18:15 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM 2015-01-15 18:15 - 2015-01-15 18:15 - 00000000 ____D () C:\WINDOWS\system32\SRSLabs 2015-01-15 18:15 - 2015-01-15 18:15 - 00000000 ____D () C:\Program Files\Realtek 2015-01-15 18:14 - 2015-01-15 19:46 - 00000000 ____D () C:\Program Files (x86)\Intel 2015-01-15 18:14 - 2015-01-15 18:14 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies 2015-01-15 18:14 - 2015-01-15 18:14 - 00000000 ____D () C:\Program Files\AMD 2015-01-15 18:14 - 2015-01-15 18:14 - 00000000 ____D () C:\AMD 2015-01-15 18:13 - 2015-01-15 19:46 - 00000000 ____D () C:\Program Files\Elantech 2015-01-15 18:13 - 2015-01-15 18:22 - 00000000 ___DC () C:\WINDOWS\Panther 2015-01-15 18:13 - 2015-01-15 18:13 - 00000000 __SHD () C:\Recovery 2015-01-15 18:12 - 2015-01-15 18:12 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-01-15 18:12 - 2015-01-15 18:12 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-01-15 18:12 - 2015-01-15 18:12 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-01-15 18:12 - 2015-01-15 18:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2015-01-15 18:12 - 2015-01-15 18:12 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2015-01-15 18:12 - 2015-01-15 18:12 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-01-15 18:12 - 2015-01-15 18:12 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-01-15 18:12 - 2015-01-15 18:12 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-01-15 18:11 - 2015-01-19 23:25 - 00000000 ____D () C:\WINDOWS\en-GB 2015-01-15 18:11 - 2015-01-15 18:11 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2015-01-15 18:11 - 2015-01-15 18:11 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll 2015-01-15 18:11 - 2015-01-15 18:11 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2015-01-15 18:11 - 2015-01-15 18:11 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2015-01-15 18:11 - 2015-01-15 18:11 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe 2015-01-15 18:11 - 2015-01-15 18:11 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll 2015-01-15 18:11 - 2015-01-15 18:11 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe 2015-01-15 18:11 - 2015-01-15 18:11 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll 2015-01-15 18:05 - 2015-01-15 18:05 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2015-01-15 18:05 - 2015-01-15 18:05 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2015-01-15 18:05 - 2015-01-15 18:05 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-01-15 18:05 - 2015-01-15 18:05 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-01-15 18:04 - 2015-01-15 18:04 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2015-01-15 18:04 - 2015-01-15 18:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2015-01-15 18:04 - 2015-01-15 18:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-01-15 18:01 - 2015-01-15 18:01 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff 2015-01-15 18:01 - 2015-01-15 18:01 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-01-15 18:01 - 2015-01-15 18:01 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2015-01-15 18:01 - 2015-01-15 18:01 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-01-15 18:01 - 2015-01-15 18:01 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2015-01-15 18:01 - 2015-01-15 18:01 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-01-15 18:01 - 2015-01-15 18:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll 2015-01-15 18:01 - 2015-01-15 18:01 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll 2015-01-15 18:00 - 2015-01-19 23:25 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer 2015-01-15 18:00 - 2015-01-15 22:37 - 00000000 ____D () C:\Program Files\MSBuild 2015-01-15 18:00 - 2015-01-15 22:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2015-01-15 18:00 - 2015-01-15 18:00 - 00000000 ____D () C:\Program Files\Reference Assemblies 2015-01-15 18:00 - 2015-01-15 18:00 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies 2015-01-15 18:00 - 2013-08-03 05:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2015-01-15 18:00 - 2013-08-03 05:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2015-01-15 18:00 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2015-01-15 18:00 - 2013-08-03 05:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-01-15 17:54 - 2015-01-15 18:20 - 00006611 _____ () C:\WINDOWS\comsetup.log 2015-01-15 17:32 - 2014-07-21 21:28 - 04016216 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys 2015-01-15 17:32 - 2014-07-21 13:52 - 01279373 _____ () C:\WINDOWS\system32\Drivers\RTAIODAT.DAT 2015-01-15 17:32 - 2014-07-18 18:10 - 02810736 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll 2015-01-15 17:32 - 2014-07-18 14:22 - 00955096 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll 2015-01-15 17:32 - 2014-07-16 14:36 - 67245056 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat 2015-01-15 17:32 - 2014-07-07 19:55 - 00000008 _____ () C:\WINDOWS\system32\Drivers\rtkhdaud.dat 2015-01-15 17:32 - 2014-07-07 14:07 - 02860760 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll 2015-01-15 17:32 - 2014-07-04 11:07 - 01024728 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll 2015-01-15 17:32 - 2014-06-17 13:32 - 01286872 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll 2015-01-15 17:32 - 2014-05-09 11:17 - 00628952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll 2015-01-15 17:32 - 2014-04-10 12:19 - 14863448 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek64.dll 2015-01-15 17:32 - 2014-04-10 12:19 - 02101848 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll 2015-01-15 17:32 - 2014-04-10 12:19 - 02041432 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll 2015-01-15 17:32 - 2014-03-06 16:35 - 01959128 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl 2015-01-15 17:32 - 2014-02-06 11:28 - 05804772 _____ () C:\WINDOWS\system32\Drivers\rtvienna.dat 2015-01-15 17:32 - 2013-10-11 11:31 - 00947760 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll 2015-01-15 17:32 - 2013-08-14 15:36 - 00662784 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll 2015-01-15 17:32 - 2012-08-31 19:18 - 07164176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll 2015-01-15 17:32 - 2012-08-31 19:17 - 00434960 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll 2015-01-15 17:32 - 2012-08-31 19:17 - 00141584 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll 2015-01-15 17:32 - 2012-08-31 19:17 - 00124176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll 2015-01-15 17:32 - 2012-08-31 19:17 - 00075024 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll 2015-01-15 17:32 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll 2015-01-15 17:32 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll 2015-01-15 17:32 - 2011-09-02 14:21 - 00221024 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll 2015-01-15 17:32 - 2011-09-02 14:21 - 00081248 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll 2015-01-15 17:32 - 2011-09-02 14:21 - 00078688 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll 2015-01-15 17:32 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll 2015-01-15 17:32 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll 2015-01-15 17:32 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll 2015-01-15 17:32 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll 2015-01-15 17:32 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll 2015-01-15 17:32 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll 2015-01-15 17:32 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll 2015-01-15 17:32 - 2010-07-22 16:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll 2015-01-15 17:32 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll 2015-01-15 17:32 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll 2015-01-15 17:32 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll 2015-01-15 17:32 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll 2015-01-15 17:31 - 2015-01-15 19:44 - 00000194 _____ () C:\Setup.log 2015-01-15 17:31 - 2014-06-09 10:59 - 00560328 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll 2015-01-15 17:31 - 2014-05-19 10:47 - 02080472 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll 2015-01-15 17:31 - 2014-04-10 12:19 - 01063512 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll 2015-01-15 17:31 - 2014-04-07 16:03 - 06218072 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll 2015-01-15 17:31 - 2014-04-07 16:03 - 01939800 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll 2015-01-15 17:31 - 2014-04-07 16:03 - 00315736 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll 2015-01-15 17:31 - 2014-04-07 16:03 - 00261464 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll 2015-01-15 17:31 - 2014-02-18 17:04 - 02770976 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll 2015-01-15 17:31 - 2013-10-11 12:47 - 00113576 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll 2015-01-15 17:31 - 2013-08-14 15:35 - 00663296 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll 2015-01-15 17:31 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll 2015-01-15 17:31 - 2011-08-23 17:00 - 00603984 _____ (Knowles Acoustics ) C:\WINDOWS\system32\KAAPORT64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 01756264 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 01568360 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 01486952 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 00728680 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 00712296 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 00693352 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 00491112 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 00432744 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 00428648 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll 2015-01-15 17:31 - 2011-05-31 09:42 - 00241768 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll 2015-01-15 17:31 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll 2015-01-15 16:47 - 2015-01-15 16:47 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Samsung 2015-01-15 16:33 - 2015-01-15 16:33 - 00002970 _____ () C:\WINDOWS\System32\Tasks\SamsungLinkPC 2015-01-15 09:48 - 2015-01-15 09:48 - 00003126 _____ () C:\WINDOWS\System32\Tasks\advRecovery 2015-01-15 09:46 - 2015-01-15 09:46 - 00000000 ____D () C:\iBTWU 2015-01-15 09:34 - 2015-01-15 09:34 - 00003434 _____ () C:\WINDOWS\System32\Tasks\Settings 2015-01-14 23:08 - 2015-01-23 07:23 - 00003718 _____ () C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 2015-01-14 15:10 - 2015-01-14 15:10 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Macromedia 2015-01-14 15:10 - 2015-01-14 15:10 - 00000000 ____D () C:\Users\Nico\AppData\Local\Macromedia 2015-01-14 15:09 - 2015-02-05 16:17 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-01-14 15:09 - 2015-02-04 23:17 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-01-14 15:08 - 2015-01-27 07:39 - 00000000 ____D () C:\Users\Nico\AppData\Local\Adobe 2015-01-14 15:03 - 2015-01-14 15:03 - 00003476 _____ () C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon 2015-01-14 15:03 - 2015-01-14 15:03 - 00000000 ____D () C:\ProgramData\Intel(R) Update Manager 2015-01-14 14:59 - 2015-01-15 18:24 - 00000000 ____D () C:\WINDOWS\system32\AutoUpdateLicense 2015-01-14 14:58 - 2015-01-14 14:59 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-01-14 14:58 - 2014-12-31 13:12 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-01-14 14:40 - 2015-01-15 21:54 - 00000000 ____D () C:\Program Files (x86)\Cisco 2015-01-14 14:40 - 2015-01-14 14:40 - 00000000 ____D () C:\Program Files\Common Files\Intel 2015-01-14 14:35 - 2014-10-22 04:34 - 00010777 ____N () C:\WINDOWS\system32\AutoconfigV2.cab 2015-01-14 14:01 - 2013-05-04 05:51 - 00014848 ____N (Microsoft) C:\WINDOWS\system32\rars.rs 2015-01-14 14:01 - 2013-05-04 05:10 - 00014848 ____N (Microsoft) C:\WINDOWS\SysWOW64\rars.rs 2015-01-14 13:08 - 2015-01-14 13:08 - 00000000 _____ () C:\Users\Nico\agent.log 2015-01-14 13:01 - 2015-01-15 19:40 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2015-01-14 13:01 - 2015-01-15 19:39 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys 2015-01-14 13:01 - 2015-01-15 19:39 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys 2015-01-14 12:54 - 2015-01-14 12:54 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Mozilla 2015-01-14 12:54 - 2015-01-14 12:54 - 00000000 ____D () C:\Users\Nico\AppData\Local\Mozilla 2015-01-14 12:53 - 2015-01-27 23:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-14 12:53 - 2015-01-24 00:34 - 00001151 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-01-14 12:53 - 2015-01-14 12:53 - 00000000 ____D () C:\ProgramData\Mozilla 2015-01-14 12:49 - 2015-02-03 12:59 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update 2015-01-14 12:49 - 2015-01-15 19:39 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys 2015-01-14 12:49 - 2015-01-15 19:39 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2015-01-14 12:49 - 2015-01-15 19:39 - 00083280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2015-01-14 12:49 - 2015-01-15 19:39 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys 2015-01-14 12:49 - 2015-01-15 19:39 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys 2015-01-14 12:49 - 2015-01-14 12:49 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\AVAST Software 2015-01-14 12:49 - 2015-01-14 12:49 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-01-14 12:49 - 2015-01-14 12:49 - 00000000 ____D () C:\Program Files\AVAST Software 2015-01-14 12:29 - 2015-01-15 18:46 - 00008400 _____ () C:\WINDOWS\wsusofflineupdate.log 2015-01-14 12:28 - 2015-02-05 07:45 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3589802351-439905089-1110981561-1001 2015-01-14 12:28 - 2015-01-14 12:28 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\WinRAR 2015-01-14 12:28 - 2015-01-14 12:28 - 00000000 ____D () C:\Users\Nico\AppData\Local\bitcasa 2015-01-14 12:27 - 2015-01-15 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-01-14 12:27 - 2015-01-15 18:17 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-01-14 12:27 - 2015-01-15 17:40 - 00000000 ____D () C:\Program Files\WinRAR 2015-01-14 12:24 - 2015-01-15 20:25 - 00000000 ____D () C:\Users\Nico\AppData\Local\Samsung 2015-01-14 12:23 - 2015-01-31 12:09 - 00005347 _____ () C:\Users\Nico\AppData\Roaming\AbsoluteReminder.xml 2015-01-14 12:23 - 2015-01-14 12:23 - 00001249 _____ () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RtkGUI.lnk 2015-01-14 12:23 - 2015-01-14 12:23 - 00001202 _____ () C:\Users\Nico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S Agent.lnk 2015-01-14 12:23 - 2015-01-14 12:23 - 00000000 ____D () C:\Users\Nico\AppData\Local\Absolute_Software 2015-01-14 12:23 - 2015-01-14 12:23 - 00000000 _____ () C:\WINDOWS\system32\Drivers\144D_SAMSUNG_na_870Z5E_P05A.mrk 2015-01-14 12:22 - 2015-02-01 18:36 - 00000000 ____D () C:\Users\Nico\AppData\Local\VirtualStore 2015-01-14 12:22 - 2015-01-23 15:50 - 00000000 ____D () C:\Users\Nico\AppData\Local\Packages 2015-01-14 12:22 - 2015-01-14 12:22 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Intel 2015-01-14 12:22 - 2015-01-14 12:22 - 00000000 ____D () C:\Users\Nico\AppData\Roaming\Adobe 2015-01-14 12:22 - 2013-02-27 18:08 - 139490760 _____ () C:\WINDOWS\[0407]SamsungStory01_ger.scr ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-05 17:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-05 07:20 - 2014-11-21 04:35 - 01963610 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-02-05 07:20 - 2014-11-21 03:45 - 00831932 _____ () C:\WINDOWS\system32\perfh007.dat 2015-02-05 07:20 - 2014-11-21 03:45 - 00184304 _____ () C:\WINDOWS\system32\perfc007.dat 2015-02-05 07:19 - 2013-04-15 22:37 - 00000000 ____D () C:\ProgramData\WinClon 2015-02-05 07:15 - 2014-11-20 19:24 - 00030220 _____ () C:\WINDOWS\PFRO.log 2015-02-05 07:15 - 2013-08-22 15:46 - 00314291 _____ () C:\WINDOWS\setupact.log 2015-02-05 07:15 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-04 09:20 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2015-02-02 07:26 - 2013-08-22 15:44 - 00533664 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-02-01 18:09 - 2013-08-22 14:25 - 00000194 _____ () C:\WINDOWS\win.ini 2015-01-28 08:00 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-01-24 21:20 - 2014-11-21 12:01 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-01-24 21:20 - 2014-11-21 12:01 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-24 11:57 - 2013-04-15 21:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2015-01-24 00:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy 2015-01-23 15:55 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-01-23 07:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-01-22 18:55 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports 2015-01-19 23:25 - 2014-11-21 04:13 - 00000000 ____D () C:\Program Files\Windows Journal 2015-01-19 23:25 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\winrm 2015-01-19 23:25 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN 2015-01-19 23:25 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\slmgr 2015-01-19 23:25 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\Printing_Admin_Scripts 2015-01-19 23:25 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\system32\winrm 2015-01-19 23:25 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\system32\WCN 2015-01-19 23:25 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\system32\slmgr 2015-01-19 23:25 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\system32\Printing_Admin_Scripts 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ___SD () C:\WINDOWS\system32\dsc 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\MUI 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\Com 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\IME 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Help 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer 2015-01-19 23:25 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2015-01-19 23:25 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe 2015-01-19 23:25 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism 2015-01-19 23:25 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep 2015-01-19 23:25 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\oobe 2015-01-19 23:25 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Dism 2015-01-19 23:25 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\servicing 2015-01-19 13:38 - 2013-04-15 21:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-15 22:41 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-01-15 22:39 - 2013-04-15 22:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2015-01-15 21:06 - 2013-04-15 22:41 - 00001398 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2015-01-15 21:06 - 2013-04-15 22:41 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2015-01-15 21:05 - 2013-04-15 22:41 - 00001653 _____ () C:\WINDOWS\DirectX.log 2015-01-15 20:39 - 2013-04-15 21:50 - 00000000 ____D () C:\Program Files (x86)\Samsung 2015-01-15 20:17 - 2013-04-15 22:38 - 00000000 ____D () C:\ProgramData\Samsung 2015-01-15 20:07 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2015-01-15 20:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup 2015-01-15 20:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS 2015-01-15 20:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS 2015-01-15 20:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\setup 2015-01-15 19:45 - 2013-04-15 21:48 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2015-01-15 19:45 - 2013-04-15 21:48 - 00000000 ____D () C:\ProgramData\Intel 2015-01-15 19:45 - 2013-04-15 21:48 - 00000000 ____D () C:\Program Files\Intel 2015-01-15 19:44 - 2013-04-15 21:48 - 00000000 ____D () C:\Program Files (x86)\Realtek 2015-01-15 19:42 - 2013-04-15 21:49 - 00028034 _____ () C:\WINDOWS\DPINST.LOG 2015-01-15 19:36 - 2013-08-22 15:46 - 00000262 _____ () C:\WINDOWS\setuperr.log 2015-01-15 19:36 - 2013-04-15 22:46 - 00019318 _____ () C:\WINDOWS\system32\results.xml 2015-01-15 19:26 - 2013-04-15 22:34 - 00000000 ____D () C:\ProgramData\AMD 2015-01-15 19:25 - 2013-04-15 22:33 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies 2015-01-15 19:25 - 2013-04-15 21:49 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-15 18:46 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-01-15 18:46 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-01-15 18:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\restore 2015-01-15 18:20 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Registration 2015-01-15 18:20 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows NT 2015-01-15 18:20 - 2013-08-22 14:36 - 00000000 __RHD () C:\Users\Default 2015-01-15 18:19 - 2013-08-22 16:36 - 00000000 __RSD () C:\WINDOWS\Media 2015-01-15 18:19 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries 2015-01-15 18:18 - 2014-11-21 03:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep 2015-01-15 18:18 - 2013-08-22 16:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker 2015-01-15 18:18 - 2013-08-22 16:37 - 00005217 _____ () C:\WINDOWS\DtcInstall.log 2015-01-15 18:18 - 2013-08-22 16:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar 2015-01-15 18:18 - 2013-08-22 16:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar 2015-01-15 18:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz 2015-01-15 18:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME 2015-01-15 18:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns 2015-01-15 18:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\spool 2015-01-15 18:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\IME 2015-01-15 18:18 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI 2015-01-15 18:18 - 2013-08-22 14:25 - 00008192 ___SH () C:\WINDOWS\system32\config\ELAM 2015-01-15 18:18 - 2013-04-15 22:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 10 2015-01-15 18:18 - 2013-04-15 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitcasa 2015-01-15 18:18 - 2013-04-15 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games 2015-01-15 18:18 - 2013-04-15 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Absolute Software 2015-01-15 18:18 - 2013-04-15 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation 2015-01-15 18:18 - 2012-08-05 22:11 - 00000000 ____D () C:\ProgramData\PRICache 2015-01-15 18:18 - 2012-07-26 06:37 - 00000000 ____D () C:\Users\Default.migrated 2015-01-15 18:17 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery 2015-01-15 18:12 - 2013-08-22 16:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template 2015-01-15 18:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager 2015-01-15 17:58 - 2013-04-15 21:49 - 01771989 _____ () C:\WINDOWS\WindowsUpdate (1).log 2015-01-15 17:56 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent 2015-01-15 17:32 - 2013-04-15 21:48 - 00002787 _____ () C:\RHDSetup.log 2015-01-15 17:32 - 2013-04-15 21:48 - 00000000 ___HD () C:\Program Files (x86)\Temp 2015-01-15 13:07 - 2013-04-15 22:38 - 00000000 ____D () C:\ProgramData\Temp 2015-01-15 09:48 - 2013-04-15 21:50 - 00000000 ____D () C:\Program Files\Samsung 2015-01-14 14:40 - 2013-04-15 22:38 - 00000000 ____D () C:\Users\EasySurvey 2015-01-14 14:39 - 2013-04-15 21:48 - 00000000 ____D () C:\Intel 2015-01-14 12:48 - 2013-04-15 22:36 - 00000000 ____D () C:\ProgramData\Norton 2015-01-14 12:46 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP ==================== Files in the root of some directories ======= 2015-01-14 12:23 - 2015-01-31 12:09 - 0005347 _____ () C:\Users\Nico\AppData\Roaming\AbsoluteReminder.xml 2015-01-15 21:32 - 2015-01-18 15:59 - 0004062 _____ () C:\Users\Nico\AppData\Roaming\LTspiceIV.ini 2015-01-15 21:16 - 2015-01-15 21:16 - 0000039 _____ () C:\Users\Nico\AppData\Roaming\SupportBox_MSUL.cfg 2015-01-15 18:15 - 2015-01-15 18:15 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2013-04-15 22:43 - 2013-02-19 08:34 - 2064264 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe 2013-04-15 22:43 - 2013-01-12 15:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml Files to move or delete: ==================== C:\ProgramData\MakeMarkerFile.exe C:\Users\EasySurvey\EasySurvey.exe Some content of TEMP: ==================== C:\Users\Nico\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjvrxsp.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-04 10:09 ==================== End Of Log ============================ Gruß Nico |
06.02.2015, 00:00 | #11 |
Ruhe in Frieden † 2019 | Windows 8.1: Spyware? "Dynamo Combo" Add-on verursacht umleitung auf Werbung Hallo Nico, nee die Quarantänen löschen wir gleich alle und den Rest jetzt Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Nico\AppData\Local\Microsoft\Windows\INetCache\IE\4EE80OXF\spstub[1].exe C:\Users\Nico\AppData\Local\Microsoft\Windows\INetCache\IE\87D2HB3X\DynamoCombo[1].dll C:\Users\Nico\AppData\Local\Microsoft\Windows\INetCache\IE\87D2HB3X\Setup[1].exe C:\Users\Nico\Downloads\kmplayer.exe Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
OK So wie ich es sehe, haben wir damit alles Schadhafte entfernt. Deine Logs sind sauber. Abschließend räumen wir noch etwas auf, führen Updates durch und dann bekommst du noch etwas Lesestoff von mir. Schritt 1 Falls Du Malwarebytes-Antimalware und den ESET-Onlinescan nicht mehr benötigst, kannst Du beide Programme einfach über die Programmdeinstallation deinstallieren. Ich empfehle Dir aber zumindest Malwarebytes zu behalten, und damit einmal die Woche einen Kontrollscan zu machen. Downloade dir bitte delfix auf deinen Desktop.
Updates / Programme aktualisieren
Stelle sicher, dass dein FlashPlayer nach Updates sucht. Den FlashPlayer kann man direkt bei der Installation so konfigurieren, dass er nach Updates automatisch sucht, nachträglich kann man das über folgenden Link machen: Adobe - Flash Player: Einstellungsmanager - Globale Benachrichtigungseinstellungen
Deinstalliere Deinen Reader und lade Dir die neueste Version von hier herunter. Schaue, ob sich noch etwas mit installieren möchte und entferne den Haken gegebenenfalls.
Java ist eine große Sicherheitslücke auf deinem System, es werden immer wieder neue Schwachstellen entdeckt, die ausgenutzt werden um Rechner zu infizieren. Sofern du Java nicht zwingend benötigst, solltest du es komplett deinstallieren. Windows XP Gehe auf: Start --> Systemsteuerung --> Software --> Javaversionen auswählen --> entfernen Windows Vista Gehe auf: Start --> Systemsteuerung -- > Programme --> Programme deinstallieren --> Javaversionen suchen --> entfernen Windows 7 Dazu gehe auf: den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Javaversionen auswählen --> entfernen Windows 8 Dazu drücke auf: Windowstaste und X dann: Programme und Funktionen -->Javaversionen auswählen --> entfernen Falls du Java doch unbedingt benötigst, dann
und sorge dafür, dass Java automatisch updated. Dazu:
Hier findest du eine Anleitung dazu. Nun zum Schluss noch ein paar Tipps zur Absicherung deines Systems. Ändere regelmäßig alle deine Passwörter, jetzt, nach der Bereinigung ist ein idealer Zeitpunkt dafür
Aktualität des Systems Es ist extrem wichtig, dass sowohl dein System als auch die darauf installierte sicherheitsrelevante Software (Flash Player, PDF-Reader und besonders Java, sofern vorhanden) aktuell sind.
Antivirensoftware
Zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der Internet Explorer, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Systemleistung Lösche regelmäßig deine temporären Dateien. Ich empfehle hierzu die Datenträgerbereinigung von Windows. Windows Vista
Windows 7
Windows 8
Halte dich fern von jeglichen Registry Cleanern. Diese schaden deinem System mehr als dass sie es schneller machen. Verhaltensregeln zum sichereren Surfen
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind. Falls Du Lob oder Kritik abgeben möchtest, kannst Du das sehr gerne hier tun. Wenn Du etwas für das Forum und unsere Arbeit spenden möchtest, so kannst Du das hier tun. |
08.02.2015, 21:17 | #12 |
| Windows 8.1: Spyware? "Dynamo Combo" Add-on verursacht umleitung auf Werbung Hallo, so mittlerweile hab ich zeit gefunden die Fixlog.txt zu erstellen -> s. Unten. Delfix hab ich erfolgreich ausgeführt. Beim aktualisieren des ActiveX flash player im internetexplorer gibt es ein Problem. Hab den shockwave player deinstalliert. Als ich anschließend dem Link von dir zur aktualisierung des flashplayers gefolgt bin, stand dort nur, dass der flash player bei windows 8 im internetexplorer schon installiert ist. Weiter unten konnte ich die aktuelle version vom flashplayer für windows 8.1 64-bit und 32-bit downloaden, leider lieferte eine Fehlermeldung die Meldung, dass das Update nicht für mein Windows geeignet sei, wieso auch immer. Was mach ich da nun am besten? Ich benutze den Internet-Explorer ohnehin nie - kann man ihn vielleicht einfach deinstallieren? Adobe Reader hab ich bei Programme&Features deinstalliert und anhand deines Links den Reader geladen und installiert - ohne Probleme. Java hab ich nun mal ganz deinstalliert. Falls ichs brauchen sollte, schau ich mir dann nochmal deinen Beitrag und die Tipps an. Fixlog.txt: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-02-2015 Ran by Nico at 2015-02-06 07:41:40 Run:1 Running from C:\Users\Nico\Desktop Loaded Profiles: Nico (Available profiles: Nico) Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Users\Nico\AppData\Local\Microsoft\Windows\INetCache\IE\4EE80OXF\spstub[1].exe C:\Users\Nico\AppData\Local\Microsoft\Windows\INetCache\IE\87D2HB3X\DynamoCombo[1].dll C:\Users\Nico\AppData\Local\Microsoft\Windows\INetCache\IE\87D2HB3X\Setup[1].exe C:\Users\Nico\Downloads\kmplayer.exe ***************** "C:\Users\Nico\AppData\Local\Microsoft\Windows\INetCache\IE\4EE80OXF\spstub[1].exe" => File/Directory not found. "C:\Users\Nico\AppData\Local\Microsoft\Windows\INetCache\IE\87D2HB3X\DynamoCombo[1].dll" => File/Directory not found. "C:\Users\Nico\AppData\Local\Microsoft\Windows\INetCache\IE\87D2HB3X\Setup[1].exe" => File/Directory not found. "C:\Users\Nico\Downloads\kmplayer.exe" => File/Directory not found. ==== End of Fixlog 07:41:41 ==== Dann müsste ich jetzt nur noch die Quarantäne löschen oder? Soll ich das einfach selbst machen oder gibts da auch ne Anleitung? Nicht, dass ich jetzt noch was falsch mache |
09.02.2015, 23:15 | #13 | ||
Ruhe in Frieden † 2019 | Windows 8.1: Spyware? "Dynamo Combo" Add-on verursacht umleitung auf Werbung Hallo, kannst du dir bitte FRST nochmal runterladen löschen und den Fix nochmal ausführen... irgendwie hat der nicht funktioniert. Unsere Quarantäne wird mitsamt den Tools mittels Delfix gelöscht, und Dateien in der Quarantäne sind nicht weiter wild, die sind da tot. Zitat:
Zitat:
|
16.02.2015, 12:58 | #14 |
| Windows 8.1: Spyware? "Dynamo Combo" Add-on verursacht umleitung auf Werbung Hallo, bin leider erst jetzt wieder dazu gekommen, mich wieder hierum zu kümmern. Ich hab jetzt nochmal FRST runtergeladen die Fixlog erstellt (s.Unten). Und delfix ausgeführt. Ich hoffe ich hab deinen letzten Post damit richtig verstanden? Also im internet Explorer steht nach wie vor, dass der Flash Player bei windows 8 schon vorinstalliert ist und unter dem Hilfelink den du mir gepostet hast, steht im IE sowie in Firefox und Chrome steht jeweils, dass die aktuelle Version installiert ist, das sollte also passen. Java hab ich inzwischen wieder installiert da ich es wohl benötige.. hier die Fixlog.txt: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015 Ran by Nico at 2015-02-16 12:50:05 Run:1 Running from C:\Users\Nico\Desktop Loaded Profiles: Nico (Available profiles: Nico) Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Users\Nico\AppData\Local\Microsoft\Windows\INetCache\IE\4EE80OXF\spstub[1].exe C:\Users\Nico\AppData\Local\Microsoft\Windows\INetCache\IE\87D2HB3X\DynamoCombo[1].dll C:\Users\Nico\AppData\Local\Microsoft\Windows\INetCache\IE\87D2HB3X\Setup[1].exe C:\Users\Nico\Downloads\kmplayer.exe ***************** "C:\Users\Nico\AppData\Local\Microsoft\Windows\INetCache\IE\4EE80OXF\spstub[1].exe" => File/Directory not found. "C:\Users\Nico\AppData\Local\Microsoft\Windows\INetCache\IE\87D2HB3X\DynamoCombo[1].dll" => File/Directory not found. "C:\Users\Nico\AppData\Local\Microsoft\Windows\INetCache\IE\87D2HB3X\Setup[1].exe" => File/Directory not found. "C:\Users\Nico\Downloads\kmplayer.exe" => File/Directory not found. ==== End of Fixlog 12:50:05 ==== Ist mein Rechner denn nun soweit clean? Gruß Nico |
17.02.2015, 00:02 | #15 |
Ruhe in Frieden † 2019 | Windows 8.1: Spyware? "Dynamo Combo" Add-on verursacht umleitung auf Werbung Hallo, dazu ein klares Jein da sind noch so ein paar nebensächliche Sachen. Öffne mal den Internetexplorer und drücke dann gleichzeitig die Umschalttaste, Strg und dann entfernen, es öffnet sich ein Fenster, verändere nichts an den Einstellungen und klicke auf OK. Dann guck bitte, ob du im Ordner: C:\Users\Nico\Downloads\ die Datei kmplayer.exe findest und lösche diese. Ansonsten sind wir aber durch |