|
Log-Analyse und Auswertung: Windows 8.1 Chrome öffnet sporadisch leere FensterWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
14.02.2015, 17:59 | #1 |
| Windows 8.1 Chrome öffnet sporadisch leere Fenster Hallo Trojaner-Board, Seit einigen Wochen öffnet Google Chrome sporadisch einfach neue Browser-Fenster. Die Fenster sind leer und es steht auch keine Webseite in der Adressleiste. Selbst wenn der Browser geschlossen ist, startet er (ebenso sporadisch) von alleine mit einem leeren Fenster. Ich habe testweise bereits alle Addons deaktiviert, aber das Problem trat weiterhin auf. Zuerst hatte ich einen Browserhijacker oder eine Toolbar vom letzten Javaupdate in Verdacht, aber selbst als Adblock-Plus deaktiviert war, wurde keine Werbeadresse oder Suchmaschine aufgerufen. Aber! Wenn Winamp im Focus ist, wird dort ebenfalls versucht den internen Browser zu starten, jedoch auch wieder ohne Adresse. Norton hat vor 4 Tagen bei softonicdownloader_for_exif-viewer.exe angeschlagen. (siehe LOG "Behobene Sicherheitsrisiken.txt") Aber auch das war leider nicht die Ursache. Dann hatte ich noch meine Funktastatur in Verdacht, dass von dieser eventuell die Kombination "Strg+N" gesendet wird, aber diese die Tastatur habe ich schon ohne Erfolg deaktiviert. Ich bin mit meinem Latein so ziemlich am Ende und hoffe ihr könnt mir weiter helfen ohne dass ich das System komplett neu aufsetzen muss. Hier sind meine bisherigen Logs, laut eurer Forenregeln und Anleitung: Behobene Sicherheitsrisiken.txt (von Norton in letzter Zeit behoben) Code:
ATTFilter Kategorie: Behobene Sicherheitsrisiken Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Pfad - Dateiname 14.02.2015 16:41:12,Hoch,one_player.exe (SAPE.Heur.ad1) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\christoph\downloads\one_player.exe 10.02.2015 21:19:28,Gering,softonicdownloader_for_exif-viewer.exe (Softonic) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\christoph\downloads\softonicdownloader_for_exif-viewer.exe Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 16:55 on 14/02/2015 (Christoph) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-02-2015 Ran by Christoph (administrator) on JUKEBOX on 14-02-2015 16:58:35 Running from C:\Users\Christoph\Downloads Loaded Profiles: Christoph (Available profiles: Christoph & ChristophAdm) Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AMD) C:\Windows\System32\atiesrxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (AMD) C:\Windows\System32\atieclxx.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe () C:\Program Files\Ditto\Ditto.exe (Dropbox, Inc.) C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe (Last.fm) C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe (Oracle Corporation) C:\Program Files\Java\jre1.8.0_31\bin\javaw.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (PortableApps.com) C:\Users\Christoph\SkyDrive\Dokumente\ThunderbirdPortable\ThunderbirdPortable.exe (Mozilla Corporation) C:\Users\Christoph\SkyDrive\Dokumente\ThunderbirdPortable\App\thunderbird\thunderbird.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Users\Christoph\Downloads\Defogger.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-3939742808-1999560202-1390110637-1001\...\Run: [Ditto] => C:\Program Files\Ditto\Ditto.exe [1880064 2014-06-06] () HKU\S-1-5-21-3939742808-1999560202-1390110637-1001\...\MountPoints2: {60ddcdea-bd35-11e3-825c-50e54937b7e4} - "H:\Startme.exe" Startup: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3939742808-1999560202-1390110637-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp HKU\S-1-5-21-3939742808-1999560202-1390110637-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.lovoo.com/ BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-03-15] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn [2015-02-14] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "https://www.facebook.com/", "hxxp://de.ogame.gameforge.com/", "hxxp://www.wunderlist.com/", "https://www.evernote.com/Login.action" CHR Profile: C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (ProxFlow) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-03-15] CHR Extension: (Google Docs) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-12] CHR Extension: (Google Drive) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-12] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-31] CHR Extension: (YouTube) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-12] CHR Extension: (Adblock Plus) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-12] CHR Extension: (Google-Suche) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-12] CHR Extension: (Search by Image (by Google)) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2014-03-12] CHR Extension: (Gmail™ Notifier) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjichoefijpinlfnjghokpkojhlhkgl [2015-01-02] CHR Extension: (Speed Dial) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi [2014-07-02] CHR Extension: (Google Kalender) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-03-12] CHR Extension: (Type Scout) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\fedokkaolmkkoeedicihicdeppjjeamj [2014-03-12] CHR Extension: (Wunderlist - To-do and Task list) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc [2014-03-12] CHR Extension: (LastPass: Free Password Manager) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-03-12] CHR Extension: (Last.fm Scrobbler) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhinaapppaileiechjoiifaancjggfjm [2014-03-17] CHR Extension: (World Weather) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\jefnaahehlimdapgicdacbgklnedgoje [2014-03-12] CHR Extension: (JDownloader Integration for Google Chrome™) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\laeghehalempfenbefbjbhccjcoakpmm [2014-03-12] CHR Extension: (AntiGameOrigin) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldbahlcmhmlpomdepooifmhnalokdhgm [2014-03-17] CHR Extension: (Lazarus: Form Recovery) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2014-03-12] CHR Extension: (Google Dictionary (by Google)) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-03-12] CHR Extension: (9kw.eu App) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\mogofncadgccpgdipbepfocfafpcohmp [2014-03-12] CHR Extension: (Google Wallet) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-12] CHR Extension: (ProxPrice) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nopgehbobniifpngnhmljfojnkkopbje [2014-05-14] CHR Extension: (Google Mail) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-12] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-03] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-03] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed] R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [777728 2014-10-30] (FileZilla Project) [File not signed] S3 MySQL56; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14243 2014-06-29] () [File not signed] R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation) S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37176 2014-04-09] (The OpenVPN Project) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\BASHDefs\20150203.001\BHDrvx64.sys [1622744 2015-02-03] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\IPSDefs\20150213.001\IDSvia64.sys [669400 2015-02-06] (Symantec Corporation) R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\VirusDefs\20150213.019\ENG64.SYS [129752 2015-01-20] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\VirusDefs\20150213.019\EX64.SYS [2137304 2015-01-20] (Symantec Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation ) S3 s0016bus; C:\Windows\System32\drivers\s0016bus.sys [115240 2008-05-16] (MCCI Corporation) S3 s0016mdfl; C:\Windows\system32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation) S3 s0016mdm; C:\Windows\system32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation) S3 s0016mgmt; C:\Windows\system32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation) S3 s0016nd5; C:\Windows\system32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation) S3 s0016obex; C:\Windows\system32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation) S3 s0016unic; C:\Windows\System32\drivers\s0016unic.sys [151592 2008-05-16] (MCCI Corporation) R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\N360x64\1506000.020\SymELAM.sys [23568 2013-10-30] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-13] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-14 16:58 - 2015-02-14 16:58 - 00022807 _____ () C:\Users\Christoph\Downloads\FRST.txt 2015-02-14 16:58 - 2015-02-14 16:58 - 00000000 ____D () C:\FRST 2015-02-14 16:57 - 2015-02-14 16:57 - 02134528 _____ (Farbar) C:\Users\Christoph\Downloads\frst64.exe 2015-02-14 16:55 - 2015-02-14 16:55 - 00000480 _____ () C:\Users\Christoph\Downloads\defogger_disable.log 2015-02-14 16:55 - 2015-02-14 16:55 - 00000000 _____ () C:\Users\Christoph\defogger_reenable 2015-02-14 16:54 - 2015-02-14 16:54 - 00050477 _____ () C:\Users\Christoph\Downloads\Defogger.exe 2015-02-14 11:29 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-02-14 11:29 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-02-13 21:21 - 2015-02-13 21:21 - 00000000 ____D () C:\Users\Christoph\Desktop\Lohnnachweise 2015-02-13 12:11 - 2015-02-14 16:47 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Thunderbird 2015-02-11 13:41 - 2015-02-11 13:41 - 00001592 _____ () C:\Users\Christoph\Desktop\Shopwings.txt 2015-02-11 12:25 - 2015-02-13 09:23 - 00001078 _____ () C:\Users\Christoph\Desktop\Dropbox.lnk 2015-02-11 11:44 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-02-11 11:44 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-02-11 11:44 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-02-11 11:44 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-02-11 11:44 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-02-11 11:44 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-02-11 11:44 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-02-11 11:44 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-02-11 11:44 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-02-11 11:44 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-02-11 11:44 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-02-11 11:44 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2015-02-11 11:44 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-11 11:44 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-02-11 11:44 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-02-11 11:44 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-02-11 11:44 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-02-11 11:44 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-02-11 11:44 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-02-11 11:44 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-02-11 11:44 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-02-11 11:44 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-02-11 11:44 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-02-11 11:44 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-02-11 11:44 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-02-11 11:44 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-02-11 11:43 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-02-11 11:43 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-02-11 11:43 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-02-11 11:43 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-02-11 11:43 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-02-11 11:43 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-02-11 11:43 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll 2015-02-11 11:43 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-02-11 11:43 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-02-11 11:43 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-02-11 11:43 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-02-11 11:43 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-02-11 11:43 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-02-11 11:43 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-02-11 11:43 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-02-11 11:43 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-02-11 11:43 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-02-11 11:43 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-02-11 11:43 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-02-11 11:43 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-02-11 11:43 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-02-11 11:43 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-02-11 11:43 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-02-11 11:43 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-02-11 11:43 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-02-11 11:43 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-02-11 11:43 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-02-11 11:43 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2015-02-11 11:43 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-02-11 11:43 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2015-02-11 11:43 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-02-11 11:43 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-02-11 11:43 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-02-11 11:43 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-02-11 11:43 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-02-11 11:43 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-02-11 11:43 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-02-11 11:43 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-02-11 11:43 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-02-11 11:43 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-02-11 11:43 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-02-11 11:43 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-11 11:43 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2015-02-11 11:43 - 2014-12-09 00:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml 2015-02-11 11:42 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-11 11:41 - 2015-02-14 11:25 - 00001955 _____ () C:\Windows\setupact.log 2015-02-11 11:41 - 2015-02-11 11:41 - 00000000 _____ () C:\Windows\setuperr.log 2015-02-10 21:01 - 2015-02-10 21:01 - 00001130 _____ () C:\Users\Christoph\Desktop\StarCitizen.lnk 2015-02-10 21:01 - 2015-02-10 21:01 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCitizen 2015-02-10 21:00 - 2015-02-10 21:04 - 00000000 ____D () C:\Users\Christoph\Documents\StarCitizen 2015-02-10 20:36 - 2015-02-10 20:36 - 00010123 _____ () C:\Windows\DirectX.log 2015-02-10 20:36 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll 2015-02-10 20:36 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2015-02-10 20:36 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll 2015-02-10 20:36 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll 2015-02-10 20:36 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2015-02-10 20:36 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll 2015-02-10 20:36 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2015-02-10 20:36 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll 2015-02-10 20:36 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll 2015-02-10 20:36 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll 2015-02-10 20:36 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll 2015-02-10 20:36 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll 2015-02-10 20:36 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll 2015-02-10 20:36 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll 2015-02-10 20:36 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll 2015-02-10 20:36 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll 2015-02-10 20:36 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll 2015-02-10 20:36 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll 2015-02-10 20:36 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll 2015-02-10 20:36 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll 2015-02-10 20:36 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll 2015-02-10 20:36 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll 2015-02-10 20:36 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll 2015-02-10 20:36 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll 2015-02-10 20:36 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll 2015-02-10 20:36 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll 2015-02-10 20:36 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll 2015-02-10 20:36 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll 2015-02-10 20:36 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll 2015-02-10 20:36 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll 2015-02-10 20:36 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll 2015-02-10 20:36 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll 2015-02-10 20:36 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll 2015-02-10 20:36 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll 2015-02-10 20:36 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll 2015-02-10 20:36 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll 2015-02-10 20:36 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll 2015-02-10 20:36 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll 2015-02-10 20:36 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll 2015-02-10 20:36 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll 2015-02-10 20:36 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll 2015-02-10 20:36 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll 2015-02-10 20:36 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll 2015-02-10 20:36 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll 2015-02-10 20:36 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll 2015-02-10 20:36 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll 2015-02-10 20:36 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll 2015-02-10 20:36 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll 2015-02-10 20:36 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll 2015-02-10 20:36 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll 2015-02-10 20:36 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll 2015-02-10 20:36 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll 2015-02-10 20:36 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll 2015-02-10 20:36 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll 2015-02-10 20:36 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll 2015-02-10 20:36 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll 2015-02-10 20:36 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll 2015-02-10 20:36 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll 2015-02-10 20:36 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll 2015-02-10 20:36 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll 2015-02-10 20:36 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll 2015-02-10 20:36 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll 2015-02-10 20:36 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll 2015-02-10 20:36 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll 2015-02-10 20:36 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll 2015-02-10 20:36 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll 2015-02-10 20:36 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll 2015-02-10 20:36 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll 2015-02-10 20:36 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll 2015-02-10 20:36 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll 2015-02-10 20:36 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll 2015-02-10 20:36 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll 2015-02-10 20:36 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll 2015-02-10 20:36 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll 2015-02-10 20:36 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll 2015-02-10 20:36 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll 2015-02-10 20:36 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll 2015-02-10 20:36 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll 2015-02-10 20:36 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll 2015-02-10 20:36 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll 2015-02-10 20:36 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll 2015-02-10 20:36 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll 2015-02-10 20:36 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll 2015-02-10 20:36 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll 2015-02-10 20:36 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll 2015-02-10 20:36 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll 2015-02-10 20:36 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll 2015-02-10 20:36 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll 2015-02-10 20:36 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll 2015-02-10 20:36 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll 2015-02-10 20:36 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll 2015-02-10 20:36 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll 2015-02-10 20:36 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll 2015-02-10 20:36 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll 2015-02-10 20:36 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll 2015-02-10 20:36 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll 2015-02-10 20:36 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll 2015-02-10 20:36 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll 2015-02-10 20:36 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll 2015-02-10 20:36 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll 2015-02-10 20:36 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll 2015-02-10 20:36 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll 2015-02-10 20:36 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll 2015-02-10 20:36 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll 2015-02-10 20:36 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll 2015-02-10 20:36 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll 2015-02-10 20:36 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll 2015-02-10 20:36 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll 2015-02-10 20:36 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll 2015-02-10 20:36 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll 2015-02-10 20:36 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll 2015-02-10 20:36 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll 2015-02-10 20:36 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll 2015-02-10 20:36 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll 2015-02-10 20:36 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll 2015-02-10 20:36 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll 2015-02-10 20:36 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll 2015-02-10 20:36 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll 2015-02-10 20:36 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll 2015-02-10 20:36 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll 2015-02-10 20:36 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll 2015-02-10 20:36 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll 2015-02-10 20:36 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll 2015-02-10 20:36 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2015-02-10 20:36 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll 2015-02-10 20:36 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll 2015-02-10 20:36 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll 2015-02-10 20:36 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll 2015-02-10 20:36 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll 2015-02-10 20:36 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll 2015-02-10 20:36 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll 2015-02-10 20:36 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll 2015-02-10 20:36 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll 2015-02-10 20:36 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll 2015-02-10 20:36 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll 2015-02-10 20:36 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll 2015-02-10 20:36 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll 2015-02-10 20:36 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll 2015-02-10 20:36 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll 2015-02-10 20:36 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll 2015-02-10 20:36 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll 2015-02-10 20:36 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll 2015-02-10 20:36 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll 2015-02-10 20:36 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll 2015-02-10 20:36 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll 2015-02-10 20:36 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll 2015-02-10 20:36 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll 2015-02-10 20:36 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll 2015-02-10 20:36 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll 2015-02-10 20:36 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll 2015-02-10 20:36 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll 2015-02-10 20:36 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2015-02-10 20:36 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll 2015-02-10 20:36 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2015-02-10 20:36 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll 2015-02-10 20:36 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2015-02-10 20:36 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll 2015-02-10 20:36 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll 2015-02-10 20:36 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll 2015-02-10 20:36 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll 2015-02-10 20:36 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll 2015-02-10 20:36 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2015-02-10 20:36 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll 2015-02-10 20:36 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll 2015-02-10 20:36 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll 2015-02-10 20:36 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll 2015-02-10 20:36 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll 2015-02-10 20:36 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll 2015-02-10 20:36 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll 2015-02-10 20:36 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll 2015-02-10 20:36 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll 2015-02-10 20:36 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll 2015-02-10 20:36 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll 2015-02-10 20:31 - 2015-02-10 20:36 - 00000000 ____D () C:\Windows\SysWOW64\directx 2015-02-10 20:07 - 2015-02-10 20:07 - 32802904 _____ () C:\Users\Christoph\Downloads\StarCitizenInstaller.exe 2015-01-30 13:02 - 2015-01-30 13:02 - 00010415 _____ () C:\Users\Christoph\AppData\Local\recently-used.xbel 2015-01-29 21:40 - 2015-01-29 21:40 - 00000557 _____ () C:\Users\Christoph\Downloads\qr_code.zip 2015-01-23 15:01 - 2015-02-06 21:11 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-01-23 15:01 - 2015-01-23 15:01 - 00880784 _____ (Google Inc.) C:\Users\Christoph\Downloads\ChromeSetup (2).exe 2015-01-23 15:00 - 2015-02-14 16:10 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-23 15:00 - 2015-02-14 11:25 - 00001130 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-23 15:00 - 2015-02-06 21:05 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-01-23 15:00 - 2015-02-06 21:05 - 00003870 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-01-23 14:57 - 2015-01-23 14:57 - 00880784 _____ (Google Inc.) C:\Users\Christoph\Downloads\ChromeSetup (1).exe 2015-01-23 14:56 - 2015-01-23 14:56 - 00880784 _____ (Google Inc.) C:\Users\Christoph\Downloads\ChromeSetup.exe 2015-01-23 14:16 - 2015-01-23 14:16 - 00000000 ____D () C:\NPE 2015-01-23 14:15 - 2015-01-23 14:15 - 03077776 ____N (Symantec Corporation) C:\Users\Christoph\Downloads\NPE.exe 2015-01-20 14:58 - 2015-01-20 14:58 - 00044748 _____ () C:\Users\Christoph\Downloads\schufaauskunft (1).zip 2015-01-20 14:56 - 2015-01-20 14:56 - 00044748 _____ () C:\Users\Christoph\Downloads\schufaauskunft.zip 2015-01-19 16:36 - 2015-01-19 16:36 - 00907595 _____ () C:\Users\Christoph\Downloads\Rasterbator_Standalone_1.21.zip 2015-01-17 18:26 - 2015-01-17 18:26 - 01179936 _____ () C:\Users\Christoph\Downloads\OpenOffice Kalendervorlagen 2015 - CHIP-Installer.exe 2015-01-17 18:26 - 2015-01-17 18:26 - 00156786 _____ () C:\Users\Christoph\Downloads\Openoffice_Kalender_2015.zip 2015-01-17 00:56 - 2015-01-17 00:56 - 00048640 _____ () C:\Users\Christoph\Downloads\kalender-2015-berlin-querformat.xls ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-14 16:58 - 2014-03-17 00:10 - 00000000 ____D () C:\Users\Christoph\AppData\Local\Last.fm 2015-02-14 16:55 - 2014-03-12 22:38 - 00000000 ____D () C:\Users\Christoph 2015-02-14 16:55 - 2014-03-12 22:26 - 01971284 _____ () C:\Windows\WindowsUpdate.log 2015-02-14 16:47 - 2014-07-12 14:19 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Ditto 2015-02-14 16:43 - 2014-03-12 23:10 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\ClassicShell 2015-02-14 16:39 - 2014-03-15 13:46 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\vlc 2015-02-14 16:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru 2015-02-14 14:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache 2015-02-14 13:48 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-02-14 11:31 - 2014-03-12 22:43 - 01778432 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-14 11:31 - 2013-08-23 00:24 - 00764802 _____ () C:\Windows\system32\perfh007.dat 2015-02-14 11:31 - 2013-08-23 00:24 - 00159332 _____ () C:\Windows\system32\perfc007.dat 2015-02-14 11:28 - 2014-03-12 22:44 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{09058031-F821-49D3-B323-B5D8123D26DE} 2015-02-14 11:28 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2015-02-14 11:25 - 2014-06-30 21:41 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-02-14 11:25 - 2014-03-14 01:53 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Dropbox 2015-02-14 11:25 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-13 21:52 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-02-13 18:18 - 2014-03-12 22:46 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3939742808-1999560202-1390110637-1001 2015-02-13 17:53 - 2014-09-18 05:44 - 00000872 _____ () C:\Windows\system32\TeamViewer9_Hooks.log 2015-02-13 17:53 - 2014-08-19 21:36 - 00001118 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2015-02-13 09:23 - 2014-03-14 01:53 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-02-13 09:22 - 2014-03-12 22:19 - 00510756 _____ () C:\Windows\PFRO.log 2015-02-13 09:22 - 2013-08-22 15:44 - 00362848 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-12 22:10 - 2014-12-11 03:27 - 00000000 ____D () C:\Windows\system32\appraiser 2015-02-12 22:10 - 2014-07-09 23:51 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-02-12 22:10 - 2014-03-19 01:46 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-12 22:08 - 2014-03-19 01:46 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-02-12 11:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-02-11 13:10 - 2014-03-14 13:11 - 02966016 ___SH () C:\Users\Christoph\Desktop\Thumbs.db 2015-02-11 00:46 - 2014-03-17 18:41 - 00000000 ____D () C:\Windows\Minidump 2015-02-10 20:13 - 2014-03-17 00:05 - 00658432 ___SH () C:\Users\Christoph\Downloads\Thumbs.db 2015-02-05 20:13 - 2014-03-16 22:26 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Notepad++ 2015-02-04 20:03 - 2014-05-11 19:18 - 00000000 ____D () C:\Users\Christoph\Desktop\Exes 2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-30 13:02 - 2014-04-16 09:23 - 00000000 ____D () C:\Users\Christoph\.gimp-2.8 2015-01-25 16:11 - 2014-03-17 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2015-01-25 02:25 - 2014-03-19 16:17 - 00000000 ____D () C:\Program Files (x86)\Media Center Master 2015-01-23 18:51 - 2014-04-16 10:09 - 00000000 ____D () C:\Users\Christoph\AppData\Local\gtk-2.0 2015-01-23 15:01 - 2014-03-12 22:51 - 00000000 ____D () C:\Program Files (x86)\Google 2015-01-23 14:26 - 2014-03-17 01:54 - 00000000 ____D () C:\Users\Christoph\AppData\Local\NPE 2015-01-23 14:26 - 2014-03-15 14:01 - 00000000 ____D () C:\Program Files (x86)\Winamp Backup Tool 2015-01-23 01:35 - 2014-03-17 14:18 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Skype 2015-01-22 16:21 - 2014-03-15 18:26 - 00000000 ____D () C:\ProgramData\Oracle 2015-01-22 16:19 - 2014-10-19 20:47 - 00000000 ____D () C:\Program Files (x86)\Java 2015-01-22 16:19 - 2014-05-14 15:04 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2015-01-22 16:19 - 2014-05-14 15:04 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2015-01-22 16:19 - 2014-05-14 15:04 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2015-01-22 16:19 - 2014-05-14 15:04 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-01-22 16:19 - 2014-05-14 15:04 - 00000000 ____D () C:\Program Files\Java 2015-01-22 16:18 - 2014-10-19 20:47 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2015-01-22 16:18 - 2014-10-19 20:47 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2015-01-22 16:18 - 2014-10-19 20:47 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2015-01-22 16:18 - 2014-10-19 20:47 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-01-22 16:18 - 2014-03-17 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-01-21 13:09 - 2014-05-11 19:18 - 00046080 ___SH () C:\Users\Christoph\Documents\Thumbs.db 2015-01-16 23:16 - 2014-07-09 12:25 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\.minecraft ==================== Files in the root of some directories ======= 2014-07-19 08:41 - 2014-12-16 18:53 - 0000600 _____ () C:\Users\Christoph\AppData\Local\PUTTY.RND 2015-01-30 13:02 - 2015-01-30 13:02 - 0010415 _____ () C:\Users\Christoph\AppData\Local\recently-used.xbel Some content of TEMP: ==================== C:\Users\Christoph\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpku4fgz.dll C:\Users\Christoph\AppData\Local\Temp\proxy_vole2110875379520373615.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-14 13:46 ==================== End Of Log ============================ Addition.txt FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-02-2015 Ran by Christoph at 2015-02-14 16:59:07 Running from C:\Users\Christoph\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton 360 Premier Edition (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Album Art Downloader XUI 1.01 (HKLM-x32\...\Album Art Downloader XUI) (Version: 1.01 - hxxp://sourceforge.net/projects/album-art) AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) AmoK Playlist Copy 2.06 (HKLM-x32\...\AmoK Playlist Copy) (Version: 2.06 - Dirk Paehl) Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft) ClassicPro© v2.01 (HKLM-x32\...\ClassicPro) (Version: 2.01 - Skin Consortium) CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version: - ) CrystalDiskInfo 6.1.9a (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.1.9a - Crystal Dew World) DH Driver Cleaner Professional Edition (HKLM-x32\...\Driver Cleaner Pro) (Version: Version 1.5 - Ruud Ketelaars) Ditto (HKLM\...\Ditto_is1) (Version: - Scott Brogden) Dropbox (HKU\S-1-5-21-3939742808-1999560202-1390110637-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.) eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden EVE Online (nur entfernen) (HKLM-x32\...\EVE) (Version: - CCP Games Ltd.) Exif-Viewer 2.51 (HKLM-x32\...\Exif-Viewer) (Version: 2.51 - Ralf Bibinger) FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.48 - FileZilla Project) GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - ) Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Last.fm Scrobbler 2.1.36 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm) LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere) Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech) Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech) Lyrics Plugin for Winamp (HKLM-x32\...\{75E9A522-65D2-4200-A95F-C3EF89703263}) (Version: 0.4 - Lyrics Plugin) Media Center Master (HKLM-x32\...\Media Center Master_is1) (Version: 2.14.3415.889 - Media Center Master, Inc.) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org) Mp3tag v2.66 (HKLM-x32\...\Mp3tag) (Version: v2.66 - Florian Heidenreich) MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger) MySQL Connector C++ 1.1.3 (HKLM\...\{5C7A1ED6-DC5F-4017-B363-3E80644B4BD0}) (Version: 1.1.3 - Oracle and/or its affiliates) MySQL Connector J (HKLM-x32\...\{9B0DB369-396B-4A81-94FE-5631916D6C6F}) (Version: 5.1.30 - Oracle Corporation) MySQL Connector Net 6.8.3 (HKLM-x32\...\{38157422-F952-42F7-88AA-CC16A63CD109}) (Version: 6.8.3 - Oracle) MySQL Connector/C 6.1 (HKLM\...\{BDD417A0-EBEC-46E4-8879-426B9C617C53}) (Version: 6.1.3 - Oracle Corporation) MySQL Documents 5.6 (HKLM-x32\...\{A0E83565-E770-466D-BD7F-2DB3D55EDE25}) (Version: 5.6.17 - Oracle Corporation) MySQL Examples and Samples 5.6 (HKLM-x32\...\{234616A4-659D-48F6-B204-ACCA217F896B}) (Version: 5.6.17 - Oracle Corporation) MySQL Installer (HKLM-x32\...\{88359D24-F64F-477E-B080-50FB024BA6F7}) (Version: 1.3.3.0 - Oracle Corporation) MySQL Notifier 1.1.5 (HKLM-x32\...\{DB02F4B3-3FC4-4FED-B2A2-7CDCF88D87D3}) (Version: 1.1.5 - Oracle) MySQL Server 5.6 (HKLM\...\{319E6998-5D33-44F0-926F-671C8773B0BE}) (Version: 5.6.17 - Oracle Corporation) MySQL Utilities (HKLM-x32\...\{E967FF67-DE28-4BB0-857C-87A825CCF003}) (Version: 1.3.6 - Oracle) MySQL Workbench 6.1 CE (HKLM-x32\...\{625991FA-1A48-4AD8-95D5-84A0C9896C9A}) (Version: 6.1.4 - Oracle Corporation) Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team) NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation) NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) OpenVPN 2.3.3 (HKLM\...\OpenVPN) (Version: 2.3.3 - ) Oracle VM VirtualBox 4.3.20 (HKLM\...\{DD8F7A7A-852F-4648-8A73-B8FC1DF5F082}) (Version: 4.3.20 - Oracle Corporation) SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.5.201403281437 - Sony Mobile Communications AB) Sony PC Companion 2.10.236 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.236 - Sony) TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - ) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.38846 - TeamViewer) TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp) TeXnicCenter Version 2.02 Stable (HKLM\...\TeXnicCenter_is1) (Version: 2.02 Stable - The TeXnicCenter Team) Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51 RC3 - Ghisler Software GmbH) TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation) TweakMe! (HKLM-x32\...\{709D0207-B1F8-4ADC-BB2F-CDBE2367A475}_is1) (Version: 1.3.0.0 - pXc-coding.com) UltraStar 1.0.2 (HKLM-x32\...\UltraStar) (Version: 1.0.2 - SterGames) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.3.0.0 - Azureus Software, Inc.) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Winamp Backup Tool (HKLM-x32\...\Winamp Backup Tool) (Version: 1.1.0.1442 - Christoph Grether & Paweł Porwisz) WinHTTrack Website Copier 3.47-27 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.47.27 - HTTrack) WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) Wizard101(DE) (HKU\S-1-5-21-3939742808-1999560202-1390110637-1001\...\Wizard101(DE)_is1) (Version: - Gameforge 4D GmbH) Xming 6.9.0.31 (HKLM-x32\...\Xming_is1) (Version: 6.9.0.31 - Colin Harrison) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3939742808-1999560202-1390110637-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3939742808-1999560202-1390110637-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3939742808-1999560202-1390110637-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3939742808-1999560202-1390110637-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3939742808-1999560202-1390110637-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3939742808-1999560202-1390110637-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3939742808-1999560202-1390110637-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3939742808-1999560202-1390110637-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3939742808-1999560202-1390110637-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3939742808-1999560202-1390110637-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Restore Points ========================= 14-02-2015 13:47:06 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0984B4E7-0E3E-4C11-8CA9-D292BE7A3B2D} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {0F05A8EE-B7B5-4A87-99BA-FDEE250A5671} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.) Task: {401FFDCB-3EF4-445B-9ACA-70073D8BBDEC} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {51340470-A818-4B39-AFB0-AE0EB8D83ED1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.) Task: {690D7B10-17A7-45FE-AC45-A109B9B332E9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-12] (Microsoft Corporation) Task: {970936F5-043D-496C-AD61-E5940454A716} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation) Task: {E82DF3FB-57AB-4D73-B036-236E4389E880} - System32\Tasks\MySQLNotifierTask => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.5\MySQLNotifier.exe [2013-11-25] (Oracle Corporation) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2014-09-15 17:13 - 2014-09-15 17:13 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2014-07-12 14:19 - 2014-06-06 20:43 - 01880064 _____ () C:\Program Files\Ditto\Ditto.exe 2015-02-14 15:38 - 2015-02-14 15:38 - 00040448 ____N () C:\Users\Christoph\AppData\Local\Temp\proxy_vole2110875379520373615.dll 2015-02-14 15:39 - 2015-02-14 15:39 - 00566439 _____ () C:\Users\Christoph\SkyDrive\Dokumente\JDownloader 2\tmp\7zip\SevenZipJBinding-FKPz9\libgcc_s_sjlj-1.dll 2015-02-14 15:39 - 2015-02-14 15:39 - 04078962 ____N () C:\Users\Christoph\SkyDrive\Dokumente\JDownloader 2\tmp\7zip\SevenZipJBinding-FKPz9\lib7-Zip-JBinding.dll 2015-02-14 16:54 - 2015-02-14 16:54 - 00050477 _____ () C:\Users\Christoph\Downloads\Defogger.exe 2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\Christoph\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2015-02-14 11:25 - 2015-02-14 11:25 - 00043008 _____ () c:\Users\Christoph\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpku4fgz.dll 2015-02-10 22:00 - 2015-02-10 22:00 - 00047616 _____ () C:\Users\Christoph\AppData\Roaming\Dropbox\bin\libEGL.dll 2015-02-10 22:00 - 2015-02-10 22:00 - 00865280 _____ () C:\Users\Christoph\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll 2015-02-10 22:00 - 2015-02-10 22:00 - 00200704 _____ () C:\Users\Christoph\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll 2015-02-10 22:00 - 2015-02-10 22:00 - 00118784 _____ () C:\Users\Christoph\AppData\Roaming\Dropbox\bin\plugins\accessible\qtaccessiblewidgets.dll 2015-02-06 21:11 - 2015-02-04 10:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll 2015-02-06 21:11 - 2015-02-04 10:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll 2015-02-06 21:11 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll 2015-02-14 15:17 - 2015-02-14 15:17 - 00014336 _____ () C:\Users\Christoph\AppData\Local\Temp\WDE61BB.tmp\ml_online.lng 2015-02-14 15:17 - 2015-02-14 15:17 - 00036352 _____ () C:\Users\Christoph\AppData\Local\Temp\WDE61BB.tmp\ombrowser.lng 2013-02-26 10:27 - 2013-02-26 10:27 - 00129536 _____ () C:\Program Files (x86)\Winamp\System\ClassicPro.w5s 2013-12-13 03:47 - 2013-12-13 03:47 - 00333824 _____ () C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac 2006-03-12 14:06 - 2006-03-12 14:06 - 00025088 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_tips.dll 2010-05-13 23:19 - 2010-05-13 23:19 - 00013312 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_yar.dll 2014-03-17 21:51 - 2013-09-03 14:01 - 00736768 _____ () C:\Program Files (x86)\Last.fm\unicorn.dll 2014-03-17 21:51 - 2013-09-03 14:01 - 00126976 _____ () C:\Program Files (x86)\Last.fm\listener.dll 2014-03-17 21:51 - 2013-09-03 14:01 - 00032768 _____ () C:\Program Files (x86)\Last.fm\logger.dll 2014-03-17 21:51 - 2013-09-03 10:54 - 00351232 _____ () C:\Program Files (x86)\Last.fm\lastfm.dll 2014-03-17 21:51 - 2013-01-18 12:39 - 00302592 _____ () C:\Program Files (x86)\Last.fm\phonon.dll 2014-03-17 21:51 - 2013-01-18 12:49 - 00182784 _____ () C:\Program Files (x86)\Last.fm\plugins\phonon_backend\phonon_vlc.dll 2014-03-17 21:51 - 2012-12-13 01:12 - 00111104 _____ () C:\Program Files (x86)\Last.fm\libvlc.dll 2014-03-17 21:51 - 2012-12-13 01:13 - 02286592 _____ () C:\Program Files (x86)\Last.fm\libvlccore.dll 2014-03-17 21:51 - 2012-12-13 01:13 - 00049664 _____ () C:\Program Files (x86)\Last.fm\plugins\audio_output\libaout_directx_plugin.dll 2015-02-14 16:47 - 2015-02-14 16:47 - 00008704 _____ () C:\Users\Christoph\AppData\Local\Temp\nso7362.tmp\newadvsplash.dll 2015-02-14 16:47 - 2015-02-14 16:47 - 00029696 _____ () C:\Users\Christoph\AppData\Local\Temp\nso7362.tmp\registry.dll 2015-02-14 16:47 - 2015-02-14 16:47 - 00011264 _____ () C:\Users\Christoph\AppData\Local\Temp\nso7362.tmp\System.dll 2015-01-14 18:39 - 2015-01-14 18:39 - 03347056 _____ () C:\Users\Christoph\SkyDrive\Dokumente\ThunderbirdPortable\App\thunderbird\mozjs.dll 2015-01-14 18:39 - 2015-01-14 18:39 - 00158832 _____ () C:\Users\Christoph\SkyDrive\Dokumente\ThunderbirdPortable\App\thunderbird\NSLDAP32V60.dll 2015-01-14 18:39 - 2015-01-14 18:39 - 00023152 _____ () C:\Users\Christoph\SkyDrive\Dokumente\ThunderbirdPortable\App\thunderbird\NSLDAPPR32V60.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Christoph\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3939742808-1999560202-1390110637-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "ShadowPlay" HKLM\...\StartupApproved\Run: => "NvBackend" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "StartCCC" HKU\S-1-5-21-3939742808-1999560202-1390110637-1001\...\StartupApproved\Run: => "MySQL Notifier" ==================== Accounts: ============================= Administrator (S-1-5-21-3939742808-1999560202-1390110637-500 - Administrator - Disabled) Christoph (S-1-5-21-3939742808-1999560202-1390110637-1001 - Administrator - Enabled) => C:\Users\Christoph ChristophAdm (S-1-5-21-3939742808-1999560202-1390110637-1005 - Administrator - Enabled) => C:\Users\ChristophAdm Gast (S-1-5-21-3939742808-1999560202-1390110637-501 - Limited - Disabled) Gast2 (S-1-5-21-3939742808-1999560202-1390110637-1007 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-3939742808-1999560202-1390110637-1003 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: ATI Radeon HD 4250 (Microsoft Corporation - WDDM v1.1) Description: ATI Radeon HD 4250 (Microsoft Corporation - WDDM v1.1) Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318} Manufacturer: Advanced Micro Devices, Inc. Service: amdkmdap Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Event log errors: ========================= Application errors: ================== Error: (02/14/2015 04:36:28 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: N360.exe, Version: 12.11.4.4, Zeitstempel: 0x53f531a0 Name des fehlerhaften Moduls: SYMHTMDX.DLL, Version: 8.0.0.58, Zeitstempel: 0x52018148 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00018d4f ID des fehlerhaften Prozesses: 0xaa8 Startzeit der fehlerhaften Anwendung: 0xN360.exe0 Pfad der fehlerhaften Anwendung: N360.exe1 Pfad des fehlerhaften Moduls: N360.exe2 Berichtskennung: N360.exe3 Vollständiger Name des fehlerhaften Pakets: N360.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: N360.exe5 Error: (02/14/2015 01:47:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert . Error: (02/13/2015 09:50:30 PM) (Source: ATIeRecord) (EventID: 16393) (User: ) Description: ATI EEU failed to create a QNode Error: (02/13/2015 09:50:30 PM) (Source: ATIeRecord) (EventID: 16393) (User: ) Description: ATI EEU failed to create a QNode Error: (02/13/2015 05:59:32 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {0916b9f8-0655-4fd8-9ddb-b3fb32e40bff} Error: (02/13/2015 00:18:10 PM) (Source: ATIeRecord) (EventID: 16393) (User: ) Description: ATI EEU failed to create a QNode Error: (02/13/2015 00:18:10 PM) (Source: ATIeRecord) (EventID: 16393) (User: ) Description: ATI EEU failed to create a QNode Error: (02/12/2015 10:07:45 PM) (Source: ATIeRecord) (EventID: 16393) (User: ) Description: ATI EEU failed to create a QNode Error: (02/12/2015 10:07:45 PM) (Source: ATIeRecord) (EventID: 16393) (User: ) Description: ATI EEU failed to create a QNode Error: (02/12/2015 05:28:10 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert . Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess. Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {f2aa305d-a846-4c65-a8f6-8db46cabd527} System errors: ============= Error: (02/14/2015 01:47:43 PM) (Source: DCOM) (EventID: 10010) (User: JUKEBOX) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (02/14/2015 01:47:13 PM) (Source: DCOM) (EventID: 10010) (User: JUKEBOX) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (02/14/2015 11:25:10 AM) (Source: bowser) (EventID: 8016) (User: ) Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "O2" zum Namen "JUKEBOX" auf Transport "NetBT_Tcpip_{FD8C588E-B15F-4A8A-8041-67D3BBF787CA}". Das Datagramm steht in den Daten. Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist. Error: (02/13/2015 06:36:31 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (02/13/2015 00:29:26 PM) (Source: DCOM) (EventID: 10010) (User: JUKEBOX) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (02/13/2015 09:22:29 AM) (Source: bowser) (EventID: 8016) (User: ) Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "O2" zum Namen "JUKEBOX" auf Transport "NetBT_Tcpip_{FD8C588E-B15F-4A8A-8041-67D3BBF787CA}". Das Datagramm steht in den Daten. Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist. Error: (02/12/2015 10:10:51 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Sicherheitsupdate für Windows 8.1 für x64-basierte Systeme (KB3023562) Error: (02/12/2015 10:10:51 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Update für Windows 8.1 für x64-Systeme (KB3020338) Error: (02/12/2015 10:10:51 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Update für Windows 8.1 für x64-Systeme (KB3019868) Error: (02/12/2015 10:10:51 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Sicherheitsupdate für Windows 8.1 für x64-basierte Systeme (KB3004361) Microsoft Office Sessions: ========================= Error: (02/14/2015 04:36:28 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: N360.exe12.11.4.453f531a0SYMHTMDX.DLL8.0.0.5852018148c000000500018d4faa801d0484081c6bdb7C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exeC:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SYMHTMDX.DLL3d78cf9a-b45f-11e4-82bf-50e54937b7e4 Error: (02/14/2015 01:47:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert Error: (02/13/2015 09:50:30 PM) (Source: ATIeRecord) (EventID: 16393) (User: ) Description: Error: (02/13/2015 09:50:30 PM) (Source: ATIeRecord) (EventID: 16393) (User: ) Description: Error: (02/13/2015 05:59:32 PM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005, Zugriff verweigert Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {0916b9f8-0655-4fd8-9ddb-b3fb32e40bff} Error: (02/13/2015 00:18:10 PM) (Source: ATIeRecord) (EventID: 16393) (User: ) Description: Error: (02/13/2015 00:18:10 PM) (Source: ATIeRecord) (EventID: 16393) (User: ) Description: Error: (02/12/2015 10:07:45 PM) (Source: ATIeRecord) (EventID: 16393) (User: ) Description: Error: (02/12/2015 10:07:45 PM) (Source: ATIeRecord) (EventID: 16393) (User: ) Description: Error: (02/12/2015 05:28:10 PM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005, Zugriff verweigert Vorgang: Generatordaten werden gesammelt Kontext: Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220} Generatorname: System Writer Generatorinstanz-ID: {f2aa305d-a846-4c65-a8f6-8db46cabd527} ==================== Memory info =========================== Processor: AMD Phenom(tm) II X4 955 Processor Percentage of memory in use: 34% Total physical RAM: 9725.52 MB Available physical RAM: 6387.93 MB Total Pagefile: 11261.52 MB Available Pagefile: 7398.76 MB Total Virtual: 131072 MB Available Virtual: 131071.78 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:119.14 GB) (Free:35.25 GB) NTFS Drive d: (TB) (Fixed) (Total:931.51 GB) (Free:403.51 GB) NTFS Drive e: (Volume) (Fixed) (Total:2794.39 GB) (Free:1833.18 GB) NTFS Drive f: (Western1TB) (Fixed) (Total:931.51 GB) (Free:788.66 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: F4B10F5B) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: AD4170F4) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ======================================================== Disk: 3 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DCF7C465) Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Gmer.txt [CODE] GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-02-14 17:18:07 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002a M4-CT128M4SSD2 rev.070H 119,24GB Running: Gmer-19357.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\kxddypow.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff9600006a200 15 bytes [00, 65, F4, 01, 80, 7D, 6A, ...] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 17 fffff9600006a211 10 bytes [F3, FB, FF, 00, 17, C7, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\atiesrxx.exe[300] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffdf1c2169a 4 bytes [C2, F1, FD, 7F] .text C:\Windows\system32\atiesrxx.exe[300] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffdf1c216a2 4 bytes [C2, F1, FD, 7F] .text C:\Windows\system32\atiesrxx.exe[300] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffdf1c2181a 4 bytes [C2, F1, FD, 7F] .text C:\Windows\system32\atiesrxx.exe[300] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffdf1c21832 4 bytes [C2, F1, FD, 7F] .text C:\Windows\system32\atieclxx.exe[2528] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffdf1c2169a 4 bytes [C2, F1, FD, 7F] .text C:\Windows\system32\atieclxx.exe[2528] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffdf1c216a2 4 bytes [C2, F1, FD, 7F] .text C:\Windows\system32\atieclxx.exe[2528] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffdf1c2181a 4 bytes [C2, F1, FD, 7F] .text C:\Windows\system32\atieclxx.exe[2528] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffdf1c21832 4 bytes [C2, F1, FD, 7F] .text C:\Windows\Explorer.EXE[2804] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffdf1c2169a 4 bytes [C2, F1, FD, 7F] .text C:\Windows\Explorer.EXE[2804] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffdf1c216a2 4 bytes [C2, F1, FD, 7F] .text C:\Windows\Explorer.EXE[2804] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffdf1c2181a 4 bytes [C2, F1, FD, 7F] .text C:\Windows\Explorer.EXE[2804] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffdf1c21832 4 bytes [C2, F1, FD, 7F] .text C:\Windows\Explorer.EXE[2804] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffdde311f6a 4 bytes [31, DE, FD, 7F] .text C:\Windows\Explorer.EXE[2804] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffdde311f82 4 bytes [31, DE, FD, 7F] .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4044] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffdde311f6a 4 bytes [31, DE, FD, 7F] .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4044] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffdde311f82 4 bytes [31, DE, FD, 7F] .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4044] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffdf1c2169a 4 bytes [C2, F1, FD, 7F] .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4044] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffdf1c216a2 4 bytes [C2, F1, FD, 7F] .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4044] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffdf1c2181a 4 bytes [C2, F1, FD, 7F] .text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4044] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffdf1c21832 4 bytes [C2, F1, FD, 7F] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [588:620] fffff960008b3b90 ---- Processes - GMER 2.1 ---- Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:28) 000000006e7d0000 Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000006e4c0000 Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000006e0d0000 Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448](2015-02-10 21:00:30) 000000006e010000 Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448] (ICU I18N DLL/The ICU Project)(2015-02-10 21:00:30) 000000004a900000 Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448] (ICU Common DLL/The ICU Project)(2015-02-10 21:00:30) 0000000003ed0000 Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448] (ICU Data DLL/The ICU Project)(2015-02-10 21:00:30) 000000004ad00000 Library c:\users\christ~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpku4fgz.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448](2015-02-14 10:25:22) 0000000004260000 Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000006dca0000 Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:26) 000000006ccb0000 Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000006ca90000 Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000006c830000 Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000006c800000 Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448](2015-02-10 21:00:30) 000000006c7f0000 Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:26) 000000006c7c0000 Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000006c780000 Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000006c730000 Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448](2015-02-10 21:00:28) 000000006c650000 Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448](2015-02-10 21:00:28) 000000006c610000 Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\plugins\accessible\qtaccessiblewidgets.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448](2015-02-10 21:00:28) 00000000657d0000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{739253D9-F095-4ACC-990D-103F646E2B76}\Connection@Name isatap.localdomain Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -2116528840 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{739253D9-F095-4ACC-990D-103F646E2B76}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{739253D9-F095-4ACC-990D-103F646E2B76}@DefunctTimestamp 0x9C 0xDD 0xDD 0x54 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 7714 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 2092 ---- EOF - GMER 2.1 ---- Geändert von reclaimer (14.02.2015 um 18:00 Uhr) Grund: Norton Code beschriftet |
14.02.2015, 18:02 | #2 |
/// the machine /// TB-Ausbilder | Windows 8.1 Chrome öffnet sporadisch leere Fenster hi,
__________________Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
15.02.2015, 16:52 | #3 |
| Programme ausgeführt Hi,
__________________danke für die schnelle Antwort, war dann gestern Abend aber noch beschäftigt. ^^ Habe jetzt alle Anweisungen befolgt, es wurden auch einige Programme gefunden und entfernt, aber vor dem Ausführen von JRT poppte eben wieder ein leeres Chrome-Fenster auf, JRT selbst hat aber nun nichts weiter entfernt, soweit ich das sehe, also besteht das Problem weiterhin. Und nun funktioniert "Desktop anzeigen" aus der Taskleiste nicht mehr und mein Startmenü ist nun wieder durch die Kacheln ersetzt worden. mbam.txt Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 14.02.2015 Suchlauf-Zeit: 21:39:23 Logdatei: malwarebytesantimalware.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.02.14.05 Rootkit Datenbank: v2015.02.03.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Christoph Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 382354 Verstrichene Zeit: 8 Min, 32 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 1 PUP.Optional.Softonic.A, HKU\S-1-5-21-3939742808-1999560202-1390110637-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, , [ca9360be2169bc7a0af8138506fd5ca4], Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 3 PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup, , [9cc13de1bfcbb4822549e8b5788b34cc], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log, , [9cc13de1bfcbb4822549e8b5788b34cc], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Database, , [9cc13de1bfcbb4822549e8b5788b34cc], Dateien: 16 PUP.Optional.Opencandy, C:\Users\Christoph\Downloads\CrystalDiskInfo6_1_9a-en.exe, , [8cd16cb278121f1761c3710314f17e82], PUP.Optional.DownloadSponsor, C:\Users\Christoph\Downloads\OpenOffice Kalendervorlagen 2015 - CHIP-Installer.exe, , [e27b79a5107aae8812c4ad74c43ebd43], PUP.Optional.DownloadSponsor, C:\Users\Christoph\Downloads\Exif Viewer - CHIP-Installer.exe, , [5904d64892f873c3aa2cd54c7c867e82], PUP.Optional.Downloader, C:\Users\Christoph\Downloads\Word Vorlage Gartenplaner - CHIP-Installer.exe, , [d68758c697f370c62d68c0abf20e1be5], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\pt_PT.mo, , [9cc13de1bfcbb4822549e8b5788b34cc], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\aff.conf, , [9cc13de1bfcbb4822549e8b5788b34cc], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\de_DE.mo, , [9cc13de1bfcbb4822549e8b5788b34cc], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\es_ES.mo, , [9cc13de1bfcbb4822549e8b5788b34cc], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\fr_FR.mo, , [9cc13de1bfcbb4822549e8b5788b34cc], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\it_IT.mo, , [9cc13de1bfcbb4822549e8b5788b34cc], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\WAIT_HANDLES.log, , [9cc13de1bfcbb4822549e8b5788b34cc], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Database\mpcb_backup_conf.db, , [9cc13de1bfcbb4822549e8b5788b34cc], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Database\mpcb_file_cache.db, , [9cc13de1bfcbb4822549e8b5788b34cc], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Database\mpcb_queues.db, , [9cc13de1bfcbb4822549e8b5788b34cc], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Database\mpcb_settings.db, , [9cc13de1bfcbb4822549e8b5788b34cc], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Database\mpcb_sig_cache.db, , [9cc13de1bfcbb4822549e8b5788b34cc], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) (habe bei Bedarf auch noch R0 und R1) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.110 - Bericht erstellt 15/02/2015 um 15:32:02 # Aktualisiert 05/02/2015 von Xplode # Datenbank : 2015-02-14.2 [Server] # Betriebssystem : Windows 8.1 Pro (x64) # Benutzername : Christoph - JUKEBOX # Gestarted von : C:\Users\Christoph\Desktop\AdwCleaner_4.110.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Users\Christoph\AppData\Roaming\Optimizer Pro Ordner Gelöscht : C:\Users\Christoph\Documents\Optimizer Pro Ordner Gelöscht : C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm Ordner Gelöscht : C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi Ordner Gelöscht : C:\Users\ChristophAdm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Datei Gelöscht : C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_api.ciuvo.com_0.localstorage Datei Gelöscht : C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_api.ciuvo.com_0.localstorage-journal Datei Gelöscht : C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage Datei Gelöscht : C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage-journal Datei Gelöscht : C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage Datei Gelöscht : C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal Datei Gelöscht : C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal ***** [ Geplante Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Schlüssel Gelöscht : HKCU\Software\OCS ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Google Chrome v40.0.2214.111 [C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=IDSSNAV&chn=retail&geo=DE&ver=2014&locale=de_DE&gct=kwd&qsrc=2869 [C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms} [C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://en.softonic.com/s/{searchTerms} ************************* AdwCleaner[R0].txt - [3100 Bytes] - [15/02/2015 15:27:25] AdwCleaner[S0].txt - [2972 Bytes] - [15/02/2015 15:32:02] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3031 Bytes] ########## JRT.txt JRT Logfile: JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.2 (02.02.2015:1) OS: Windows 8.1 Pro x64 Ran by Christoph on 15.02.2015 at 16:31:20,69 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 15.02.2015 at 16:33:56,95 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --- --- --- [/CODE] frische FRST.txt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-02-2015 Ran by Christoph (administrator) on JUKEBOX on 15-02-2015 16:36:09 Running from C:\Users\Christoph\Downloads Loaded Profiles: Christoph (Available profiles: Christoph & ChristophAdm) Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Dropbox, Inc.) C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe () C:\Program Files\Ditto\Ditto.exe (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe (Last.fm) C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-3939742808-1999560202-1390110637-1001\...\Run: [Ditto] => C:\Program Files\Ditto\Ditto.exe [1880064 2014-06-06] () HKU\S-1-5-21-3939742808-1999560202-1390110637-1001\...\MountPoints2: {60ddcdea-bd35-11e3-825c-50e54937b7e4} - "H:\Startme.exe" Startup: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3939742808-1999560202-1390110637-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp HKU\S-1-5-21-3939742808-1999560202-1390110637-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.lovoo.com/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-03-15] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn [2015-02-15] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "https://www.facebook.com/", "hxxp://de.ogame.gameforge.com/", "hxxp://www.wunderlist.com/", "https://www.evernote.com/Login.action" CHR Profile: C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (ProxFlow) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-03-15] CHR Extension: (Google Docs) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-12] CHR Extension: (Google Drive) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-12] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-31] CHR Extension: (YouTube) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-12] CHR Extension: (Adblock Plus) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-12] CHR Extension: (Google-Suche) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-12] CHR Extension: (Search by Image (by Google)) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2015-02-15] CHR Extension: (Gmail™ Notifier) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjichoefijpinlfnjghokpkojhlhkgl [2015-01-02] CHR Extension: (Google Kalender) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-03-12] CHR Extension: (Type Scout) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\fedokkaolmkkoeedicihicdeppjjeamj [2014-03-12] CHR Extension: (Wunderlist - To-do and Task list) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc [2014-03-12] CHR Extension: (LastPass: Free Password Manager) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-03-12] CHR Extension: (Last.fm Scrobbler) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhinaapppaileiechjoiifaancjggfjm [2014-03-17] CHR Extension: (World Weather) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\jefnaahehlimdapgicdacbgklnedgoje [2014-03-12] CHR Extension: (JDownloader Integration for Google Chrome™) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\laeghehalempfenbefbjbhccjcoakpmm [2014-03-12] CHR Extension: (AntiGameOrigin) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldbahlcmhmlpomdepooifmhnalokdhgm [2014-03-17] CHR Extension: (Lazarus: Form Recovery) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2014-03-12] CHR Extension: (Google Dictionary (by Google)) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-03-12] CHR Extension: (9kw.eu App) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\mogofncadgccpgdipbepfocfafpcohmp [2014-03-12] CHR Extension: (Google Wallet) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-12] CHR Extension: (ProxPrice) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nopgehbobniifpngnhmljfojnkkopbje [2014-05-14] CHR Extension: (Google Mail) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-12] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed] R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [777728 2014-10-30] (FileZilla Project) [File not signed] S3 MySQL56; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14243 2014-06-29] () [File not signed] R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation) S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37176 2014-04-09] (The OpenVPN Project) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\BASHDefs\20150203.001\BHDrvx64.sys [1622744 2015-02-03] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\IPSDefs\20150213.001\IDSvia64.sys [669400 2015-02-06] (Symantec Corporation) R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\VirusDefs\20150214.001\ENG64.SYS [129752 2015-01-20] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\VirusDefs\20150214.001\EX64.SYS [2137304 2015-01-20] (Symantec Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation ) S3 s0016bus; C:\Windows\System32\drivers\s0016bus.sys [115240 2008-05-16] (MCCI Corporation) S3 s0016mdfl; C:\Windows\system32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation) S3 s0016mdm; C:\Windows\system32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation) S3 s0016mgmt; C:\Windows\system32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation) S3 s0016nd5; C:\Windows\system32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation) S3 s0016obex; C:\Windows\system32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation) S3 s0016unic; C:\Windows\System32\drivers\s0016unic.sys [151592 2008-05-16] (MCCI Corporation) R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\N360x64\1506000.020\SymELAM.sys [23568 2013-10-30] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-13] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-15 16:36 - 2015-02-15 16:36 - 00022303 _____ () C:\Users\Christoph\Downloads\FRST.txt 2015-02-15 16:33 - 2015-02-15 16:33 - 00000622 _____ () C:\Users\Christoph\Desktop\JRT.txt 2015-02-15 16:30 - 2015-02-15 16:30 - 01388274 _____ (Thisisu) C:\Users\Christoph\Downloads\JRT.exe 2015-02-15 15:34 - 2015-02-15 15:34 - 00000607 _____ () C:\Users\Christoph\Desktop\AdwCleaner[R1].txt 2015-02-15 15:34 - 2015-02-15 15:32 - 00003115 _____ () C:\Users\Christoph\Desktop\AdwCleaner[S0].txt 2015-02-15 15:31 - 2015-02-15 15:28 - 00003100 _____ () C:\Users\Christoph\Desktop\AdwCleaner[R0].txt 2015-02-15 15:27 - 2015-02-15 15:34 - 00000000 ____D () C:\AdwCleaner 2015-02-15 15:24 - 2015-02-15 15:24 - 02112512 _____ () C:\Users\Christoph\Downloads\AdwCleaner_4.110 (1).exe 2015-02-15 00:22 - 2015-02-15 00:22 - 00003597 _____ () C:\Users\Christoph\Desktop\mbam.txt 2015-02-14 21:40 - 2015-02-14 21:40 - 02112512 _____ () C:\Users\Christoph\Desktop\AdwCleaner_4.110.exe 2015-02-14 21:38 - 2015-02-14 21:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-14 21:38 - 2015-02-14 21:38 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-14 21:38 - 2015-02-14 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-14 21:38 - 2015-02-14 21:38 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-14 21:38 - 2015-02-14 21:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-14 21:38 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-14 21:38 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-02-14 21:38 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-02-14 21:37 - 2015-02-14 21:37 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Christoph\Downloads\mbam-setup-2.0.4.1028.exe 2015-02-14 17:28 - 2015-02-14 17:28 - 00001012 _____ () C:\Users\Christoph\Desktop\Behobene Sicherheitsrisiken.txt 2015-02-14 17:18 - 2015-02-14 17:18 - 00014995 _____ () C:\Users\Christoph\Desktop\Gmer.txt 2015-02-14 17:03 - 2015-02-14 17:03 - 00380416 _____ () C:\Users\Christoph\Downloads\Gmer-19357.exe 2015-02-14 16:59 - 2015-02-14 16:59 - 00030535 _____ () C:\Users\Christoph\Desktop\Addition.txt 2015-02-14 16:58 - 2015-02-15 16:36 - 00000000 ____D () C:\FRST 2015-02-14 16:58 - 2015-02-14 16:59 - 00061740 _____ () C:\Users\Christoph\Desktop\FRST.txt 2015-02-14 16:57 - 2015-02-14 16:57 - 02134528 _____ (Farbar) C:\Users\Christoph\Downloads\frst64.exe 2015-02-14 16:55 - 2015-02-14 16:55 - 00000480 _____ () C:\Users\Christoph\Desktop\defogger_disable.txt 2015-02-14 16:55 - 2015-02-14 16:55 - 00000000 _____ () C:\Users\Christoph\defogger_reenable 2015-02-14 16:54 - 2015-02-14 16:54 - 00050477 _____ () C:\Users\Christoph\Downloads\Defogger.exe 2015-02-14 11:29 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-02-14 11:29 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-02-13 21:21 - 2015-02-14 17:19 - 00000000 ____D () C:\Users\Christoph\Desktop\Lohnnachweise 2015-02-13 12:11 - 2015-02-14 17:04 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Thunderbird 2015-02-11 13:41 - 2015-02-11 13:41 - 00001592 _____ () C:\Users\Christoph\Desktop\Shopwings.txt 2015-02-11 12:25 - 2015-02-13 09:23 - 00001078 _____ () C:\Users\Christoph\Desktop\Dropbox.lnk 2015-02-11 11:44 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-02-11 11:44 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-02-11 11:44 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-02-11 11:44 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-02-11 11:44 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-02-11 11:44 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-02-11 11:44 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-02-11 11:44 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-02-11 11:44 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-02-11 11:44 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-02-11 11:44 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-02-11 11:44 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2015-02-11 11:44 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-11 11:44 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-02-11 11:44 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-02-11 11:44 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-02-11 11:44 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-02-11 11:44 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-02-11 11:44 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-02-11 11:44 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-02-11 11:44 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-02-11 11:44 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-02-11 11:44 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-02-11 11:44 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-02-11 11:44 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-02-11 11:44 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-02-11 11:43 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-02-11 11:43 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-02-11 11:43 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-02-11 11:43 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-02-11 11:43 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-02-11 11:43 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-02-11 11:43 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll 2015-02-11 11:43 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-02-11 11:43 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-02-11 11:43 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-02-11 11:43 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-02-11 11:43 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-02-11 11:43 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-02-11 11:43 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-02-11 11:43 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-02-11 11:43 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-02-11 11:43 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-02-11 11:43 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-02-11 11:43 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-02-11 11:43 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-02-11 11:43 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-02-11 11:43 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-02-11 11:43 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-02-11 11:43 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-02-11 11:43 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-02-11 11:43 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-02-11 11:43 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-02-11 11:43 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2015-02-11 11:43 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-02-11 11:43 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2015-02-11 11:43 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-02-11 11:43 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-02-11 11:43 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-02-11 11:43 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-02-11 11:43 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-02-11 11:43 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-02-11 11:43 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-02-11 11:43 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-02-11 11:43 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-02-11 11:43 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-02-11 11:43 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-02-11 11:43 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-11 11:43 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2015-02-11 11:43 - 2014-12-09 00:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml 2015-02-11 11:42 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-11 11:41 - 2015-02-15 15:32 - 00002651 _____ () C:\Windows\setupact.log 2015-02-11 11:41 - 2015-02-11 11:41 - 00000000 _____ () C:\Windows\setuperr.log 2015-02-10 21:01 - 2015-02-10 21:01 - 00001130 _____ () C:\Users\Christoph\Desktop\StarCitizen.lnk 2015-02-10 21:01 - 2015-02-10 21:01 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCitizen 2015-02-10 21:00 - 2015-02-10 21:04 - 00000000 ____D () C:\Users\Christoph\Documents\StarCitizen 2015-02-10 20:36 - 2015-02-10 20:36 - 00010123 _____ () C:\Windows\DirectX.log 2015-02-10 20:36 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll 2015-02-10 20:36 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2015-02-10 20:36 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll 2015-02-10 20:36 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll 2015-02-10 20:36 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2015-02-10 20:36 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll 2015-02-10 20:36 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2015-02-10 20:36 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll 2015-02-10 20:36 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll 2015-02-10 20:36 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll 2015-02-10 20:36 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll 2015-02-10 20:36 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll 2015-02-10 20:36 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll 2015-02-10 20:36 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll 2015-02-10 20:36 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll 2015-02-10 20:36 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll 2015-02-10 20:36 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll 2015-02-10 20:36 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll 2015-02-10 20:36 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll 2015-02-10 20:36 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll 2015-02-10 20:36 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll 2015-02-10 20:36 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll 2015-02-10 20:36 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll 2015-02-10 20:36 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll 2015-02-10 20:36 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll 2015-02-10 20:36 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll 2015-02-10 20:36 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll 2015-02-10 20:36 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll 2015-02-10 20:36 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll 2015-02-10 20:36 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll 2015-02-10 20:36 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll 2015-02-10 20:36 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll 2015-02-10 20:36 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll 2015-02-10 20:36 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll 2015-02-10 20:36 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll 2015-02-10 20:36 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll 2015-02-10 20:36 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll 2015-02-10 20:36 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll 2015-02-10 20:36 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll 2015-02-10 20:36 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll 2015-02-10 20:36 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll 2015-02-10 20:36 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll 2015-02-10 20:36 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll 2015-02-10 20:36 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll 2015-02-10 20:36 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll 2015-02-10 20:36 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll 2015-02-10 20:36 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll 2015-02-10 20:36 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll 2015-02-10 20:36 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll 2015-02-10 20:36 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll 2015-02-10 20:36 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll 2015-02-10 20:36 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll 2015-02-10 20:36 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll 2015-02-10 20:36 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll 2015-02-10 20:36 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll 2015-02-10 20:36 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll 2015-02-10 20:36 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll 2015-02-10 20:36 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll 2015-02-10 20:36 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll 2015-02-10 20:36 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll 2015-02-10 20:36 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll 2015-02-10 20:36 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll 2015-02-10 20:36 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll 2015-02-10 20:36 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll 2015-02-10 20:36 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll 2015-02-10 20:36 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll 2015-02-10 20:36 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll 2015-02-10 20:36 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll 2015-02-10 20:36 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll 2015-02-10 20:36 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll 2015-02-10 20:36 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll 2015-02-10 20:36 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll 2015-02-10 20:36 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll 2015-02-10 20:36 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll 2015-02-10 20:36 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll 2015-02-10 20:36 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll 2015-02-10 20:36 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll 2015-02-10 20:36 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll 2015-02-10 20:36 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll 2015-02-10 20:36 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll 2015-02-10 20:36 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll 2015-02-10 20:36 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll 2015-02-10 20:36 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll 2015-02-10 20:36 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll 2015-02-10 20:36 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll 2015-02-10 20:36 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll 2015-02-10 20:36 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll 2015-02-10 20:36 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll 2015-02-10 20:36 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll 2015-02-10 20:36 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll 2015-02-10 20:36 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll 2015-02-10 20:36 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll 2015-02-10 20:36 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll 2015-02-10 20:36 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll 2015-02-10 20:36 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll 2015-02-10 20:36 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll 2015-02-10 20:36 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll 2015-02-10 20:36 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll 2015-02-10 20:36 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll 2015-02-10 20:36 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll 2015-02-10 20:36 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll 2015-02-10 20:36 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll 2015-02-10 20:36 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll 2015-02-10 20:36 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll 2015-02-10 20:36 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll 2015-02-10 20:36 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll 2015-02-10 20:36 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll 2015-02-10 20:36 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll 2015-02-10 20:36 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll 2015-02-10 20:36 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll 2015-02-10 20:36 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll 2015-02-10 20:36 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll 2015-02-10 20:36 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll 2015-02-10 20:36 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll 2015-02-10 20:36 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll 2015-02-10 20:36 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll 2015-02-10 20:36 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll 2015-02-10 20:36 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll 2015-02-10 20:36 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll 2015-02-10 20:36 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll 2015-02-10 20:36 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll 2015-02-10 20:36 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll 2015-02-10 20:36 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll 2015-02-10 20:36 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2015-02-10 20:36 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll 2015-02-10 20:36 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll 2015-02-10 20:36 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll 2015-02-10 20:36 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll 2015-02-10 20:36 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll 2015-02-10 20:36 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll 2015-02-10 20:36 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll 2015-02-10 20:36 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll 2015-02-10 20:36 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll 2015-02-10 20:36 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll 2015-02-10 20:36 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll 2015-02-10 20:36 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll 2015-02-10 20:36 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll 2015-02-10 20:36 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll 2015-02-10 20:36 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll 2015-02-10 20:36 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll 2015-02-10 20:36 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll 2015-02-10 20:36 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll 2015-02-10 20:36 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll 2015-02-10 20:36 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll 2015-02-10 20:36 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll 2015-02-10 20:36 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll 2015-02-10 20:36 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll 2015-02-10 20:36 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll 2015-02-10 20:36 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll 2015-02-10 20:36 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll 2015-02-10 20:36 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll 2015-02-10 20:36 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2015-02-10 20:36 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll 2015-02-10 20:36 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2015-02-10 20:36 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll 2015-02-10 20:36 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2015-02-10 20:36 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll 2015-02-10 20:36 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll 2015-02-10 20:36 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll 2015-02-10 20:36 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll 2015-02-10 20:36 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll 2015-02-10 20:36 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2015-02-10 20:36 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll 2015-02-10 20:36 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll 2015-02-10 20:36 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll 2015-02-10 20:36 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll 2015-02-10 20:36 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll 2015-02-10 20:36 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll 2015-02-10 20:36 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll 2015-02-10 20:36 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll 2015-02-10 20:36 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll 2015-02-10 20:36 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll 2015-02-10 20:36 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll 2015-02-10 20:31 - 2015-02-10 20:36 - 00000000 ____D () C:\Windows\SysWOW64\directx 2015-02-10 20:07 - 2015-02-10 20:07 - 32802904 _____ () C:\Users\Christoph\Downloads\StarCitizenInstaller.exe 2015-01-30 13:02 - 2015-01-30 13:02 - 00010415 _____ () C:\Users\Christoph\AppData\Local\recently-used.xbel 2015-01-29 21:40 - 2015-01-29 21:40 - 00000557 _____ () C:\Users\Christoph\Downloads\qr_code.zip 2015-01-23 15:01 - 2015-02-06 21:11 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-01-23 15:01 - 2015-01-23 15:01 - 00880784 _____ (Google Inc.) C:\Users\Christoph\Downloads\ChromeSetup (2).exe 2015-01-23 15:00 - 2015-02-15 16:10 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-23 15:00 - 2015-02-15 15:33 - 00001130 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-23 15:00 - 2015-02-06 21:05 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-01-23 15:00 - 2015-02-06 21:05 - 00003870 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-01-23 14:57 - 2015-01-23 14:57 - 00880784 _____ (Google Inc.) C:\Users\Christoph\Downloads\ChromeSetup (1).exe 2015-01-23 14:56 - 2015-01-23 14:56 - 00880784 _____ (Google Inc.) C:\Users\Christoph\Downloads\ChromeSetup.exe 2015-01-23 14:16 - 2015-01-23 14:16 - 00000000 ____D () C:\NPE 2015-01-23 14:15 - 2015-01-23 14:15 - 03077776 ____N (Symantec Corporation) C:\Users\Christoph\Downloads\NPE.exe 2015-01-20 14:58 - 2015-01-20 14:58 - 00044748 _____ () C:\Users\Christoph\Downloads\schufaauskunft (1).zip 2015-01-20 14:56 - 2015-01-20 14:56 - 00044748 _____ () C:\Users\Christoph\Downloads\schufaauskunft.zip 2015-01-19 16:36 - 2015-01-19 16:36 - 00907595 _____ () C:\Users\Christoph\Downloads\Rasterbator_Standalone_1.21.zip 2015-01-17 18:26 - 2015-01-17 18:26 - 00156786 _____ () C:\Users\Christoph\Downloads\Openoffice_Kalender_2015.zip 2015-01-17 00:56 - 2015-01-17 00:56 - 00048640 _____ () C:\Users\Christoph\Downloads\kalender-2015-berlin-querformat.xls ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-15 16:35 - 2014-03-17 00:10 - 00000000 ____D () C:\Users\Christoph\AppData\Local\Last.fm 2015-02-15 16:03 - 2014-07-12 14:19 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Ditto 2015-02-15 16:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru 2015-02-15 15:51 - 2014-03-12 22:26 - 01350710 _____ () C:\Windows\WindowsUpdate.log 2015-02-15 15:39 - 2014-03-12 22:43 - 01778432 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-15 15:39 - 2013-08-23 00:24 - 00764802 _____ () C:\Windows\system32\perfh007.dat 2015-02-15 15:39 - 2013-08-23 00:24 - 00159332 _____ () C:\Windows\system32\perfc007.dat 2015-02-15 15:34 - 2014-03-12 23:10 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\ClassicShell 2015-02-15 15:33 - 2014-03-14 01:53 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Dropbox 2015-02-15 15:32 - 2014-06-30 21:41 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-02-15 15:32 - 2014-03-12 22:19 - 00522480 _____ () C:\Windows\PFRO.log 2015-02-15 15:32 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-15 15:32 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-02-15 12:20 - 2014-03-12 22:44 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{09058031-F821-49D3-B323-B5D8123D26DE} 2015-02-15 04:28 - 2014-05-04 16:07 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Mp3tag 2015-02-15 04:00 - 2014-03-14 13:11 - 02981888 ___SH () C:\Users\Christoph\Desktop\Thumbs.db 2015-02-15 00:22 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\LiveKernelReports 2015-02-14 21:52 - 2014-03-12 22:46 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3939742808-1999560202-1390110637-1001 2015-02-14 16:55 - 2014-03-12 22:38 - 00000000 ____D () C:\Users\Christoph 2015-02-14 16:39 - 2014-03-15 13:46 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\vlc 2015-02-14 14:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache 2015-02-14 13:48 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-02-14 11:28 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2015-02-13 17:53 - 2014-09-18 05:44 - 00000872 _____ () C:\Windows\system32\TeamViewer9_Hooks.log 2015-02-13 17:53 - 2014-08-19 21:36 - 00001118 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2015-02-13 09:23 - 2014-03-14 01:53 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-02-13 09:22 - 2013-08-22 15:44 - 00362848 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-12 22:10 - 2014-12-11 03:27 - 00000000 ____D () C:\Windows\system32\appraiser 2015-02-12 22:10 - 2014-07-09 23:51 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-02-12 22:10 - 2014-03-19 01:46 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-12 22:08 - 2014-03-19 01:46 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-02-12 11:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-02-11 00:46 - 2014-03-17 18:41 - 00000000 ____D () C:\Windows\Minidump 2015-02-10 20:13 - 2014-03-17 00:05 - 00658432 ___SH () C:\Users\Christoph\Downloads\Thumbs.db 2015-02-05 20:13 - 2014-03-16 22:26 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Notepad++ 2015-02-04 20:03 - 2014-05-11 19:18 - 00000000 ____D () C:\Users\Christoph\Desktop\Exes 2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-30 13:02 - 2014-04-16 09:23 - 00000000 ____D () C:\Users\Christoph\.gimp-2.8 2015-01-25 16:11 - 2014-03-17 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2015-01-25 02:25 - 2014-03-19 16:17 - 00000000 ____D () C:\Program Files (x86)\Media Center Master 2015-01-23 18:51 - 2014-04-16 10:09 - 00000000 ____D () C:\Users\Christoph\AppData\Local\gtk-2.0 2015-01-23 15:01 - 2014-03-12 22:51 - 00000000 ____D () C:\Program Files (x86)\Google 2015-01-23 14:26 - 2014-03-17 01:54 - 00000000 ____D () C:\Users\Christoph\AppData\Local\NPE 2015-01-23 14:26 - 2014-03-15 14:01 - 00000000 ____D () C:\Program Files (x86)\Winamp Backup Tool 2015-01-23 01:35 - 2014-03-17 14:18 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Skype 2015-01-22 16:21 - 2014-03-15 18:26 - 00000000 ____D () C:\ProgramData\Oracle 2015-01-22 16:19 - 2014-10-19 20:47 - 00000000 ____D () C:\Program Files (x86)\Java 2015-01-22 16:19 - 2014-05-14 15:04 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2015-01-22 16:19 - 2014-05-14 15:04 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2015-01-22 16:19 - 2014-05-14 15:04 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2015-01-22 16:19 - 2014-05-14 15:04 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-01-22 16:19 - 2014-05-14 15:04 - 00000000 ____D () C:\Program Files\Java 2015-01-22 16:18 - 2014-10-19 20:47 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2015-01-22 16:18 - 2014-10-19 20:47 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2015-01-22 16:18 - 2014-10-19 20:47 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2015-01-22 16:18 - 2014-10-19 20:47 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-01-22 16:18 - 2014-03-17 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-01-21 13:09 - 2014-05-11 19:18 - 00046080 ___SH () C:\Users\Christoph\Documents\Thumbs.db 2015-01-16 23:16 - 2014-07-09 12:25 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\.minecraft ==================== Files in the root of some directories ======= 2014-07-19 08:41 - 2014-12-16 18:53 - 0000600 _____ () C:\Users\Christoph\AppData\Local\PUTTY.RND 2015-01-30 13:02 - 2015-01-30 13:02 - 0010415 _____ () C:\Users\Christoph\AppData\Local\recently-used.xbel Some content of TEMP: ==================== C:\Users\Christoph\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp27_hq2.dll C:\Users\Christoph\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf0mqkf.dll C:\Users\Christoph\AppData\Local\Temp\proxy_vole8947898295673564206.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-14 13:46 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- --- --- --- [/CODE] Geändert von reclaimer (15.02.2015 um 17:05 Uhr) Grund: eckige Klammern für BB-Code gefixt |
16.02.2015, 06:49 | #4 |
/// the machine /// TB-Ausbilder | Windows 8.1 Chrome öffnet sporadisch leere FensterESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
17.02.2015, 07:01 | #5 |
| Reichlich Funde durch Eset ESET hat einiges gefunden. Wie kommen Trojaner ohne Ausnahmeregelungen an Norton vorbei? Wäre es nun doch nötig den Rechner zu plätten? ESET log.txt Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=648308eb789c0847b8967140cd708118 # engine=22500 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-02-17 01:36:39 # local_time=2015-02-17 02:36:39 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='Norton 360' # compatibility_mode=3598 16777213 100 100 2135712 174799495 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 8307479 49018292 0 0 # scanned=758649 # found=23 # cleaned=0 # scan_time=15332 sh=3E37507BBD4C0287689634B2CDD77E59679681AF ft=1 fh=cbd9e88b633aff58 vn="Win32/Toolbar.Conduit.AP evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Vuze\.install4j\user\mism.exe" sh=56F3B4A3301F9DC7D9A7E4D1DB830509AC66C18F ft=1 fh=02c3b43577a1f1a3 vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000" sh=E09096D0ADE22109C3A735BC33E47EEAFB6C5A1D ft=1 fh=8278bc91c2047930 vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000000" sh=F88977481053DF458E282339B5AD85531F084323 ft=1 fh=48756d4d8649d677 vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000001" sh=9264B3CCF11D5BCAB82A11053AE6DAFD609546C1 ft=1 fh=6bd57e08a6b0a338 vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000002" sh=B727264D20E2C33FB9171F1A893FF77479B0D805 ft=1 fh=081595558ba61751 vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000003" sh=E09096D0ADE22109C3A735BC33E47EEAFB6C5A1D ft=1 fh=8278bc91c2047930 vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christoph\Downloads\BeautifulES_downloader-IdNfsNhP1.exe" sh=B727264D20E2C33FB9171F1A893FF77479B0D805 ft=1 fh=081595558ba61751 vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christoph\Downloads\ChopinScript_downloader-I76Hhgr5O.exe" sh=AC4BD7EF0DAB6C2F9EB9FD0234D041F736BC78A3 ft=1 fh=6df03c5b95327e80 vn="Variante von Win32/WinloadSDA.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christoph\Downloads\Classic-Shell-lnstall.exe" sh=608E20CF50E58E71E8F264B77246F835EFAEFED9 ft=1 fh=3b2de6ea3bb6c00c vn="Variante von Win32/InstallCore.UE evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christoph\Downloads\FileZilla_Server-0_9_48.exe" sh=F88977481053DF458E282339B5AD85531F084323 ft=1 fh=48756d4d8649d677 vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christoph\Downloads\FlaemischeKanzleischrift_downloader-I1cKXjqhC.exe" sh=4B85D95A53B2D1C9006C5AA565EDA038A6FED709 ft=1 fh=0a51579e2f7180ee vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christoph\Downloads\mp3DirectCut - CHIP-Installer.exe" sh=9264B3CCF11D5BCAB82A11053AE6DAFD609546C1 ft=1 fh=6bd57e08a6b0a338 vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christoph\Downloads\Mutlu_downloader-I9J2fyljq.exe" sh=FB80C8DC2AA14184F313367879573B6DF482FD51 ft=1 fh=5ba1f75b8d68b444 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Christoph\Downloads\PuTTY - CHIP-Installer.exe" sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\Users\ChristophAdm\AppData\Local\Microsoft\Windows\INetCache\IE\8P0DV0I5\sp-downloader[1].exe" sh=1BAA4BA7B97135F66F661AF5F7714BAF0B3FA80F ft=1 fh=6990996f50fcf8bc vn="Win32/InstallMonetizer.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\ChristophAdm\AppData\Local\Microsoft\Windows\INetCache\IE\IBUIE9NP\MyPhoneExplorer_v2_5185[1].exe" sh=212ED8B01386C69F4610FB0D8ECEC6EC59F34EB9 ft=1 fh=ca9f110549e6e28e vn="Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\ChristophAdm\AppData\Local\Microsoft\Windows\INetCache\IE\PSQZJD6N\SPSetup[1].exe" sh=A7FFA9D207F2AA0BD2669FE20066FECB0B95A812 ft=1 fh=28e8af0126e1ea47 vn="Win32/Toolbar.Montiera.T evtl. unerwünschte Anwendung" ac=I fn="D:\windows7 Daten\Acer\Christoph\Anwendungsdaten\Mozilla\Firefox\Profiles\ojemmbo3.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.dll" sh=14F7FFF50BDE6630F838852D7F30B51464CB95DE ft=0 fh=0000000000000000 vn="Win32/Trustezeb.E Trojaner" ac=I fn="D:\windows7 Daten\Zottel\Documents\Scanned Documents\03.03.2014 Forderung der abgewiesenen automatischen Lastschrift.zip" sh=E45DD65419CCC5350421DA04DB06EABEF672401D ft=1 fh=fd61378aa30d32da vn="Variante von Win32/Toolbar.Funmoods evtl. unerwünschte Anwendung" ac=I fn="D:\windows7 Daten\Zottel\Downloads\exes\agsetup183se.exe" sh=0988567E7EFE0AF73A61C45259F0F48ADAC448B2 ft=1 fh=906a8a6d0561a8f1 vn="Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="D:\windows7 Daten\Zottel\Downloads\exes\BenQFlatbedScanner5000EDriver_downloader_by_Downloadsourcenet.exe" sh=7619E5B460F21006EDA4E9A15991C8E360440651 ft=1 fh=0a642bdebdbb6f13 vn="Win32/DomaIQ.AH evtl. unerwünschte Anwendung" ac=I fn="D:\windows7 Daten\Zottel\Downloads\exes\ccleaner.exe" sh=CBABDE4AADFE3E37D2D02EA747E7274358701510 ft=1 fh=944c38ee386183fd vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="D:\windows7 Daten\Zottel\Downloads\exes\SoftonicDownloader_fuer_microsoft-device-emulator-v2.exe" ESET Funde Code:
ATTFilter C:\Program Files (x86)\Vuze\.install4j\user\mism.exe Win32/Toolbar.Conduit.AP evtl. unerwünschte Anwendung C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000 Win32/Somoto.G evtl. unerwünschte Anwendung C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000000 Win32/Somoto.G evtl. unerwünschte Anwendung C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000001 Win32/Somoto.G evtl. unerwünschte Anwendung C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000002 Win32/Somoto.G evtl. unerwünschte Anwendung C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000003 Win32/Somoto.G evtl. unerwünschte Anwendung C:\Users\Christoph\Downloads\BeautifulES_downloader-IdNfsNhP1.exe Win32/Somoto.G evtl. unerwünschte Anwendung C:\Users\Christoph\Downloads\ChopinScript_downloader-I76Hhgr5O.exe Win32/Somoto.G evtl. unerwünschte Anwendung C:\Users\Christoph\Downloads\Classic-Shell-lnstall.exe Variante von Win32/WinloadSDA.I evtl. unerwünschte Anwendung C:\Users\Christoph\Downloads\FileZilla_Server-0_9_48.exe Variante von Win32/InstallCore.UE evtl. unerwünschte Anwendung C:\Users\Christoph\Downloads\FlaemischeKanzleischrift_downloader-I1cKXjqhC.exe Win32/Somoto.G evtl. unerwünschte Anwendung C:\Users\Christoph\Downloads\mp3DirectCut - CHIP-Installer.exe Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung C:\Users\Christoph\Downloads\Mutlu_downloader-I9J2fyljq.exe Win32/Somoto.G evtl. unerwünschte Anwendung C:\Users\Christoph\Downloads\PuTTY - CHIP-Installer.exe Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung C:\Users\ChristophAdm\AppData\Local\Microsoft\Windows\INetCache\IE\8P0DV0I5\sp-downloader[1].exe Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung C:\Users\ChristophAdm\AppData\Local\Microsoft\Windows\INetCache\IE\IBUIE9NP\MyPhoneExplorer_v2_5185[1].exe Win32/InstallMonetizer.AZ evtl. unerwünschte Anwendung C:\Users\ChristophAdm\AppData\Local\Microsoft\Windows\INetCache\IE\PSQZJD6N\SPSetup[1].exe Win32/Conduit.SearchProtect.Q evtl. unerwünschte Anwendung D:\windows7 Daten\Acer\Christoph\Anwendungsdaten\Mozilla\Firefox\Profiles\ojemmbo3.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.dll Win32/Toolbar.Montiera.T evtl. unerwünschte Anwendung D:\windows7 Daten\Zottel\Documents\Scanned Documents\03.03.2014 Forderung der abgewiesenen automatischen Lastschrift.zip Win32/Trustezeb.E Trojaner D:\windows7 Daten\Zottel\Downloads\exes\agsetup183se.exe Variante von Win32/Toolbar.Funmoods evtl. unerwünschte Anwendung D:\windows7 Daten\Zottel\Downloads\exes\BenQFlatbedScanner5000EDriver_downloader_by_Downloadsourcenet.exe Win32/Somoto.A evtl. unerwünschte Anwendung D:\windows7 Daten\Zottel\Downloads\exes\ccleaner.exe Win32/DomaIQ.AH evtl. unerwünschte Anwendung D:\windows7 Daten\Zottel\Downloads\exes\SoftonicDownloader_fuer_microsoft-device-emulator-v2.exe Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung Code:
ATTFilter Results of screen317's Security Check version 0.99.96 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender Norton 360 Premier Edition WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` DH Driver Cleaner Professional Edition Java 8 Update 31 Java version 32-bit out of Date! Java 64-bit 8 Update 31 Adobe Reader XI Google Chrome (40.0.2214.111) Google Chrome (40.0.2214.93) ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015 Ran by Christoph (administrator) on JUKEBOX on 17-02-2015 06:51:14 Running from C:\Users\Christoph\Desktop Loaded Profiles: Christoph (Available profiles: Christoph & ChristophAdm) Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AMD) C:\Windows\System32\atiesrxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (AMD) C:\Windows\System32\atieclxx.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Dropbox, Inc.) C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Last.fm) C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\Plugins\reporter.exe (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe (Oracle Corporation) C:\Program Files\Java\jre1.8.0_31\bin\javaw.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (PortableApps.com) C:\Users\Christoph\SkyDrive\Dokumente\ThunderbirdPortable\ThunderbirdPortable.exe (Mozilla Corporation) C:\Users\Christoph\SkyDrive\Dokumente\ThunderbirdPortable\App\thunderbird\thunderbird.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Users\Christoph\Downloads\SecurityCheck.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-3939742808-1999560202-1390110637-1001\...\Run: [Ditto] => C:\Program Files\Ditto\Ditto.exe [1880064 2014-06-06] () HKU\S-1-5-21-3939742808-1999560202-1390110637-1001\...\MountPoints2: {60ddcdea-bd35-11e3-825c-50e54937b7e4} - "H:\Startme.exe" Startup: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3939742808-1999560202-1390110637-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp HKU\S-1-5-21-3939742808-1999560202-1390110637-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.lovoo.com/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-03-15] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn [2015-02-15] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "https://www.facebook.com/", "hxxp://de.ogame.gameforge.com/", "hxxp://www.wunderlist.com/", "https://www.evernote.com/Login.action" CHR Profile: C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (ProxFlow) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-03-15] CHR Extension: (Google Docs) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-12] CHR Extension: (Google Drive) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-12] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-31] CHR Extension: (YouTube) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-12] CHR Extension: (Adblock Plus) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-12] CHR Extension: (Google-Suche) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-12] CHR Extension: (Search by Image (by Google)) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2015-02-15] CHR Extension: (Gmail™ Notifier) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjichoefijpinlfnjghokpkojhlhkgl [2015-01-02] CHR Extension: (Google Kalender) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-03-12] CHR Extension: (Type Scout) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\fedokkaolmkkoeedicihicdeppjjeamj [2014-03-12] CHR Extension: (Wunderlist - To-do and Task list) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc [2014-03-12] CHR Extension: (LastPass: Free Password Manager) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-03-12] CHR Extension: (Last.fm Scrobbler) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhinaapppaileiechjoiifaancjggfjm [2014-03-17] CHR Extension: (World Weather) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\jefnaahehlimdapgicdacbgklnedgoje [2014-03-12] CHR Extension: (JDownloader Integration for Google Chrome™) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\laeghehalempfenbefbjbhccjcoakpmm [2014-03-12] CHR Extension: (AntiGameOrigin) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldbahlcmhmlpomdepooifmhnalokdhgm [2014-03-17] CHR Extension: (Lazarus: Form Recovery) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2014-03-12] CHR Extension: (Google Dictionary (by Google)) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-03-12] CHR Extension: (9kw.eu App) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\mogofncadgccpgdipbepfocfafpcohmp [2014-03-12] CHR Extension: (Google Wallet) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-12] CHR Extension: (ProxPrice) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nopgehbobniifpngnhmljfojnkkopbje [2014-05-14] CHR Extension: (Google Mail) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-12] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-03] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-03] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed] R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [777728 2014-10-30] (FileZilla Project) [File not signed] S3 MySQL56; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14243 2014-06-29] () [File not signed] R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation) S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37176 2014-04-09] (The OpenVPN Project) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\BASHDefs\20150203.001\BHDrvx64.sys [1622744 2015-02-03] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\IPSDefs\20150216.001\IDSvia64.sys [669400 2015-02-06] (Symantec Corporation) R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\VirusDefs\20150216.003\ENG64.SYS [129752 2015-01-20] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\VirusDefs\20150216.003\EX64.SYS [2137304 2015-01-20] (Symantec Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation ) S3 s0016bus; C:\Windows\System32\drivers\s0016bus.sys [115240 2008-05-16] (MCCI Corporation) S3 s0016mdfl; C:\Windows\system32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation) S3 s0016mdm; C:\Windows\system32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation) S3 s0016mgmt; C:\Windows\system32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation) S3 s0016nd5; C:\Windows\system32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation) S3 s0016obex; C:\Windows\system32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation) S3 s0016unic; C:\Windows\System32\drivers\s0016unic.sys [151592 2008-05-16] (MCCI Corporation) R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\N360x64\1506000.020\SymELAM.sys [23568 2013-10-30] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-13] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-17 06:51 - 2015-02-17 06:51 - 00000913 _____ () C:\Users\Christoph\Desktop\checkup.txt 2015-02-17 06:51 - 2015-02-17 06:51 - 00000000 ____D () C:\Users\Christoph\Desktop\FRST-OlderVersion 2015-02-17 06:49 - 2015-02-17 06:49 - 00852594 _____ () C:\Users\Christoph\Downloads\SecurityCheck.exe 2015-02-17 06:44 - 2015-02-17 06:44 - 00003092 _____ () C:\Users\Christoph\Desktop\eset.txt 2015-02-16 22:16 - 2015-02-16 22:16 - 02347384 _____ (ESET) C:\Users\Christoph\Downloads\esetsmartinstaller_deu.exe 2015-02-16 20:07 - 2015-02-16 20:07 - 00209250 _____ () C:\Users\Christoph\Downloads\Dienstplan_Bioase44_2015.ods 2015-02-16 20:06 - 2015-02-16 20:17 - 00000000 ____D () C:\Users\Christoph\.tfo4 2015-02-16 20:06 - 2015-02-16 20:06 - 00000000 ____D () C:\Users\Christoph\4.0 2015-02-15 17:36 - 2015-02-15 17:36 - 00000000 ____D () C:\ProgramData\ClassicShell 2015-02-15 17:24 - 2015-02-15 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell 2015-02-15 17:24 - 2015-02-15 17:24 - 00000000 ____D () C:\Program Files\Classic Shell 2015-02-15 17:23 - 2015-02-15 17:23 - 00000188 _____ () C:\Users\Christoph\Desktop\Amazon.de.url 2015-02-15 17:23 - 2015-02-15 17:23 - 00000000 ____D () C:\Users\Christoph\AppData\Local\Tempb331e242acf41eb6f57cc3d61ea91ef1 2015-02-15 17:22 - 2015-02-15 17:22 - 01045496 _____ () C:\Users\Christoph\Downloads\Classic-Shell-lnstall.exe 2015-02-15 16:36 - 2015-02-17 06:51 - 00022461 _____ () C:\Users\Christoph\Desktop\FRST.txt 2015-02-15 16:36 - 2015-02-15 16:37 - 00021902 _____ () C:\Users\Christoph\Desktop\Addition.txt 2015-02-15 16:33 - 2015-02-15 16:33 - 00000622 _____ () C:\Users\Christoph\Desktop\JRT.txt 2015-02-15 16:30 - 2015-02-15 16:30 - 01388274 _____ (Thisisu) C:\Users\Christoph\Downloads\JRT.exe 2015-02-15 15:34 - 2015-02-15 15:34 - 00000607 _____ () C:\Users\Christoph\Desktop\AdwCleaner[R1].txt 2015-02-15 15:34 - 2015-02-15 15:32 - 00003115 _____ () C:\Users\Christoph\Desktop\AdwCleaner[S0].txt 2015-02-15 15:31 - 2015-02-15 15:28 - 00003100 _____ () C:\Users\Christoph\Desktop\AdwCleaner[R0].txt 2015-02-15 15:27 - 2015-02-15 15:34 - 00000000 ____D () C:\AdwCleaner 2015-02-15 15:24 - 2015-02-15 15:24 - 02112512 _____ () C:\Users\Christoph\Downloads\AdwCleaner_4.110 (1).exe 2015-02-15 00:22 - 2015-02-15 00:22 - 00003597 _____ () C:\Users\Christoph\Desktop\mbam.txt 2015-02-14 21:40 - 2015-02-14 21:40 - 02112512 _____ () C:\Users\Christoph\Desktop\AdwCleaner_4.110.exe 2015-02-14 21:38 - 2015-02-14 21:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-14 21:38 - 2015-02-14 21:38 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-02-14 21:38 - 2015-02-14 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-02-14 21:38 - 2015-02-14 21:38 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-14 21:38 - 2015-02-14 21:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-02-14 21:38 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-14 21:38 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-02-14 21:38 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-02-14 21:37 - 2015-02-14 21:37 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Christoph\Downloads\mbam-setup-2.0.4.1028.exe 2015-02-14 17:28 - 2015-02-14 17:28 - 00001012 _____ () C:\Users\Christoph\Desktop\Behobene Sicherheitsrisiken.txt 2015-02-14 17:18 - 2015-02-14 17:18 - 00014995 _____ () C:\Users\Christoph\Desktop\Gmer.txt 2015-02-14 17:03 - 2015-02-14 17:03 - 00380416 _____ () C:\Users\Christoph\Downloads\Gmer-19357.exe 2015-02-14 16:58 - 2015-02-17 06:51 - 00000000 ____D () C:\FRST 2015-02-14 16:57 - 2015-02-17 06:51 - 02085888 _____ (Farbar) C:\Users\Christoph\Desktop\FRST64.exe 2015-02-14 16:55 - 2015-02-14 16:55 - 00000480 _____ () C:\Users\Christoph\Desktop\defogger_disable.txt 2015-02-14 16:55 - 2015-02-14 16:55 - 00000000 _____ () C:\Users\Christoph\defogger_reenable 2015-02-14 16:54 - 2015-02-14 16:54 - 00050477 _____ () C:\Users\Christoph\Downloads\Defogger.exe 2015-02-14 11:29 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-02-14 11:29 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-02-13 21:21 - 2015-02-14 17:19 - 00000000 ____D () C:\Users\Christoph\Desktop\Lohnnachweise 2015-02-13 12:11 - 2015-02-17 06:26 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Thunderbird 2015-02-11 13:41 - 2015-02-11 13:41 - 00001592 _____ () C:\Users\Christoph\Desktop\Shopwings.txt 2015-02-11 12:25 - 2015-02-13 09:23 - 00001078 _____ () C:\Users\Christoph\Desktop\Dropbox.lnk 2015-02-11 11:44 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-02-11 11:44 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-02-11 11:44 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-02-11 11:44 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-02-11 11:44 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-02-11 11:44 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-02-11 11:44 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-02-11 11:44 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-02-11 11:44 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-02-11 11:44 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-02-11 11:44 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-02-11 11:44 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2015-02-11 11:44 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-11 11:44 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-02-11 11:44 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-02-11 11:44 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-02-11 11:44 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-02-11 11:44 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-02-11 11:44 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-02-11 11:44 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-02-11 11:44 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-02-11 11:44 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-02-11 11:44 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-02-11 11:44 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-02-11 11:44 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-02-11 11:44 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-02-11 11:43 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-02-11 11:43 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-02-11 11:43 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-02-11 11:43 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-02-11 11:43 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-02-11 11:43 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-02-11 11:43 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll 2015-02-11 11:43 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-02-11 11:43 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-02-11 11:43 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-02-11 11:43 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-02-11 11:43 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-02-11 11:43 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-02-11 11:43 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-02-11 11:43 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-02-11 11:43 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-02-11 11:43 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-02-11 11:43 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-02-11 11:43 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-02-11 11:43 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-02-11 11:43 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-02-11 11:43 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-02-11 11:43 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-02-11 11:43 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-02-11 11:43 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-02-11 11:43 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-02-11 11:43 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-02-11 11:43 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2015-02-11 11:43 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-02-11 11:43 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2015-02-11 11:43 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-02-11 11:43 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-02-11 11:43 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-02-11 11:43 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-02-11 11:43 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-02-11 11:43 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-02-11 11:43 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-02-11 11:43 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-02-11 11:43 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-02-11 11:43 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-02-11 11:43 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-02-11 11:43 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-11 11:43 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2015-02-11 11:43 - 2014-12-09 00:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml 2015-02-11 11:42 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-11 11:41 - 2015-02-15 15:32 - 00002651 _____ () C:\Windows\setupact.log 2015-02-11 11:41 - 2015-02-11 11:41 - 00000000 _____ () C:\Windows\setuperr.log 2015-02-10 21:01 - 2015-02-10 21:01 - 00001130 _____ () C:\Users\Christoph\Desktop\StarCitizen.lnk 2015-02-10 21:01 - 2015-02-10 21:01 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCitizen 2015-02-10 21:00 - 2015-02-10 21:04 - 00000000 ____D () C:\Users\Christoph\Documents\StarCitizen 2015-02-10 20:36 - 2015-02-10 20:36 - 00010123 _____ () C:\Windows\DirectX.log 2015-02-10 20:36 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll 2015-02-10 20:36 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2015-02-10 20:36 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll 2015-02-10 20:36 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll 2015-02-10 20:36 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2015-02-10 20:36 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll 2015-02-10 20:36 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2015-02-10 20:36 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll 2015-02-10 20:36 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll 2015-02-10 20:36 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll 2015-02-10 20:36 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll 2015-02-10 20:36 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll 2015-02-10 20:36 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll 2015-02-10 20:36 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll 2015-02-10 20:36 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll 2015-02-10 20:36 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll 2015-02-10 20:36 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll 2015-02-10 20:36 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll 2015-02-10 20:36 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll 2015-02-10 20:36 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll 2015-02-10 20:36 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll 2015-02-10 20:36 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll 2015-02-10 20:36 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll 2015-02-10 20:36 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll 2015-02-10 20:36 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll 2015-02-10 20:36 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll 2015-02-10 20:36 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll 2015-02-10 20:36 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll 2015-02-10 20:36 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll 2015-02-10 20:36 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll 2015-02-10 20:36 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll 2015-02-10 20:36 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll 2015-02-10 20:36 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll 2015-02-10 20:36 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll 2015-02-10 20:36 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll 2015-02-10 20:36 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll 2015-02-10 20:36 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll 2015-02-10 20:36 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll 2015-02-10 20:36 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll 2015-02-10 20:36 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll 2015-02-10 20:36 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll 2015-02-10 20:36 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll 2015-02-10 20:36 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll 2015-02-10 20:36 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll 2015-02-10 20:36 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll 2015-02-10 20:36 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll 2015-02-10 20:36 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll 2015-02-10 20:36 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll 2015-02-10 20:36 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll 2015-02-10 20:36 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll 2015-02-10 20:36 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll 2015-02-10 20:36 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll 2015-02-10 20:36 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll 2015-02-10 20:36 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll 2015-02-10 20:36 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll 2015-02-10 20:36 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll 2015-02-10 20:36 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll 2015-02-10 20:36 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll 2015-02-10 20:36 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll 2015-02-10 20:36 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll 2015-02-10 20:36 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll 2015-02-10 20:36 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll 2015-02-10 20:36 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll 2015-02-10 20:36 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll 2015-02-10 20:36 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll 2015-02-10 20:36 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll 2015-02-10 20:36 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll 2015-02-10 20:36 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll 2015-02-10 20:36 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll 2015-02-10 20:36 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll 2015-02-10 20:36 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll 2015-02-10 20:36 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll 2015-02-10 20:36 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll 2015-02-10 20:36 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll 2015-02-10 20:36 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll 2015-02-10 20:36 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll 2015-02-10 20:36 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll 2015-02-10 20:36 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll 2015-02-10 20:36 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll 2015-02-10 20:36 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll 2015-02-10 20:36 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll 2015-02-10 20:36 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll 2015-02-10 20:36 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll 2015-02-10 20:36 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll 2015-02-10 20:36 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll 2015-02-10 20:36 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll 2015-02-10 20:36 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll 2015-02-10 20:36 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll 2015-02-10 20:36 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll 2015-02-10 20:36 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll 2015-02-10 20:36 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll 2015-02-10 20:36 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll 2015-02-10 20:36 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll 2015-02-10 20:36 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll 2015-02-10 20:36 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll 2015-02-10 20:36 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll 2015-02-10 20:36 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll 2015-02-10 20:36 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll 2015-02-10 20:36 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll 2015-02-10 20:36 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll 2015-02-10 20:36 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll 2015-02-10 20:36 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll 2015-02-10 20:36 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll 2015-02-10 20:36 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll 2015-02-10 20:36 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll 2015-02-10 20:36 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll 2015-02-10 20:36 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll 2015-02-10 20:36 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll 2015-02-10 20:36 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll 2015-02-10 20:36 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll 2015-02-10 20:36 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll 2015-02-10 20:36 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll 2015-02-10 20:36 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll 2015-02-10 20:36 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll 2015-02-10 20:36 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll 2015-02-10 20:36 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll 2015-02-10 20:36 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll 2015-02-10 20:36 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll 2015-02-10 20:36 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll 2015-02-10 20:36 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll 2015-02-10 20:36 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll 2015-02-10 20:36 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll 2015-02-10 20:36 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll 2015-02-10 20:36 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2015-02-10 20:36 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll 2015-02-10 20:36 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll 2015-02-10 20:36 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll 2015-02-10 20:36 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll 2015-02-10 20:36 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll 2015-02-10 20:36 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll 2015-02-10 20:36 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll 2015-02-10 20:36 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll 2015-02-10 20:36 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll 2015-02-10 20:36 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll 2015-02-10 20:36 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll 2015-02-10 20:36 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll 2015-02-10 20:36 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll 2015-02-10 20:36 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll 2015-02-10 20:36 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll 2015-02-10 20:36 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll 2015-02-10 20:36 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll 2015-02-10 20:36 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll 2015-02-10 20:36 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll 2015-02-10 20:36 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll 2015-02-10 20:36 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll 2015-02-10 20:36 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll 2015-02-10 20:36 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll 2015-02-10 20:36 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll 2015-02-10 20:36 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll 2015-02-10 20:36 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll 2015-02-10 20:36 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll 2015-02-10 20:36 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2015-02-10 20:36 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll 2015-02-10 20:36 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2015-02-10 20:36 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll 2015-02-10 20:36 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2015-02-10 20:36 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll 2015-02-10 20:36 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll 2015-02-10 20:36 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll 2015-02-10 20:36 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll 2015-02-10 20:36 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll 2015-02-10 20:36 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2015-02-10 20:36 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll 2015-02-10 20:36 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll 2015-02-10 20:36 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll 2015-02-10 20:36 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll 2015-02-10 20:36 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll 2015-02-10 20:36 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll 2015-02-10 20:36 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll 2015-02-10 20:36 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll 2015-02-10 20:36 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll 2015-02-10 20:36 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll 2015-02-10 20:36 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll 2015-02-10 20:31 - 2015-02-10 20:36 - 00000000 ____D () C:\Windows\SysWOW64\directx 2015-02-10 20:07 - 2015-02-10 20:07 - 32802904 _____ () C:\Users\Christoph\Downloads\StarCitizenInstaller.exe 2015-01-30 13:02 - 2015-01-30 13:02 - 00010415 _____ () C:\Users\Christoph\AppData\Local\recently-used.xbel 2015-01-29 21:40 - 2015-01-29 21:40 - 00000557 _____ () C:\Users\Christoph\Downloads\qr_code.zip 2015-01-23 15:01 - 2015-02-06 21:11 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-01-23 15:01 - 2015-01-23 15:01 - 00880784 _____ (Google Inc.) C:\Users\Christoph\Downloads\ChromeSetup (2).exe 2015-01-23 15:00 - 2015-02-17 06:10 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-23 15:00 - 2015-02-16 21:10 - 00001130 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-23 15:00 - 2015-02-06 21:05 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-01-23 15:00 - 2015-02-06 21:05 - 00003870 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-01-23 14:57 - 2015-01-23 14:57 - 00880784 _____ (Google Inc.) C:\Users\Christoph\Downloads\ChromeSetup (1).exe 2015-01-23 14:56 - 2015-01-23 14:56 - 00880784 _____ (Google Inc.) C:\Users\Christoph\Downloads\ChromeSetup.exe 2015-01-23 14:16 - 2015-01-23 14:16 - 00000000 ____D () C:\NPE 2015-01-23 14:15 - 2015-01-23 14:15 - 03077776 ____N (Symantec Corporation) C:\Users\Christoph\Downloads\NPE.exe 2015-01-20 14:58 - 2015-01-20 14:58 - 00044748 _____ () C:\Users\Christoph\Downloads\schufaauskunft (1).zip 2015-01-20 14:56 - 2015-01-20 14:56 - 00044748 _____ () C:\Users\Christoph\Downloads\schufaauskunft.zip 2015-01-19 16:36 - 2015-01-19 16:36 - 00907595 _____ () C:\Users\Christoph\Downloads\Rasterbator_Standalone_1.21.zip ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-17 06:48 - 2014-03-12 23:10 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\ClassicShell 2015-02-17 06:12 - 2014-03-12 22:26 - 02044707 _____ () C:\Windows\WindowsUpdate.log 2015-02-17 06:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru 2015-02-17 01:43 - 2014-03-12 22:44 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{09058031-F821-49D3-B323-B5D8123D26DE} 2015-02-16 23:13 - 2014-03-17 00:10 - 00000000 ____D () C:\Users\Christoph\AppData\Local\Last.fm 2015-02-16 22:07 - 2014-07-12 14:19 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Ditto 2015-02-16 22:06 - 2014-03-17 01:40 - 00000000 ____D () C:\Users\Christoph\AppData\Local\CrashDumps 2015-02-16 20:06 - 2014-03-12 22:38 - 00000000 ____D () C:\Users\Christoph 2015-02-16 07:22 - 2014-05-04 16:07 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Mp3tag 2015-02-16 07:17 - 2014-03-14 01:53 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Dropbox 2015-02-16 06:47 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-02-15 18:57 - 2014-03-12 22:46 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3939742808-1999560202-1390110637-1001 2015-02-15 17:45 - 2014-03-15 13:46 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\vlc 2015-02-15 15:39 - 2014-03-12 22:43 - 01778432 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-15 15:39 - 2013-08-23 00:24 - 00764802 _____ () C:\Windows\system32\perfh007.dat 2015-02-15 15:39 - 2013-08-23 00:24 - 00159332 _____ () C:\Windows\system32\perfc007.dat 2015-02-15 15:32 - 2014-06-30 21:41 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-02-15 15:32 - 2014-03-12 22:19 - 00522480 _____ () C:\Windows\PFRO.log 2015-02-15 15:32 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-15 15:32 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2015-02-15 04:00 - 2014-03-14 13:11 - 02981888 ___SH () C:\Users\Christoph\Desktop\Thumbs.db 2015-02-15 00:22 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\LiveKernelReports 2015-02-14 14:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache 2015-02-14 13:48 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-02-14 11:28 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2015-02-13 17:53 - 2014-09-18 05:44 - 00000872 _____ () C:\Windows\system32\TeamViewer9_Hooks.log 2015-02-13 17:53 - 2014-08-19 21:36 - 00001118 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2015-02-13 09:23 - 2014-03-14 01:53 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-02-13 09:22 - 2013-08-22 15:44 - 00362848 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-12 22:10 - 2014-12-11 03:27 - 00000000 ____D () C:\Windows\system32\appraiser 2015-02-12 22:10 - 2014-07-09 23:51 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-02-12 22:10 - 2014-03-19 01:46 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-12 22:08 - 2014-03-19 01:46 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-02-11 00:46 - 2014-03-17 18:41 - 00000000 ____D () C:\Windows\Minidump 2015-02-10 20:13 - 2014-03-17 00:05 - 00658432 ___SH () C:\Users\Christoph\Downloads\Thumbs.db 2015-02-05 20:13 - 2014-03-16 22:26 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Notepad++ 2015-02-04 20:03 - 2014-05-11 19:18 - 00000000 ____D () C:\Users\Christoph\Desktop\Exes 2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-30 13:02 - 2014-04-16 09:23 - 00000000 ____D () C:\Users\Christoph\.gimp-2.8 2015-01-25 16:11 - 2014-03-17 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2015-01-25 02:25 - 2014-03-19 16:17 - 00000000 ____D () C:\Program Files (x86)\Media Center Master 2015-01-23 18:51 - 2014-04-16 10:09 - 00000000 ____D () C:\Users\Christoph\AppData\Local\gtk-2.0 2015-01-23 15:01 - 2014-03-12 22:51 - 00000000 ____D () C:\Program Files (x86)\Google 2015-01-23 14:26 - 2014-03-17 01:54 - 00000000 ____D () C:\Users\Christoph\AppData\Local\NPE 2015-01-23 14:26 - 2014-03-15 14:01 - 00000000 ____D () C:\Program Files (x86)\Winamp Backup Tool 2015-01-23 01:35 - 2014-03-17 14:18 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Skype 2015-01-22 16:21 - 2014-03-15 18:26 - 00000000 ____D () C:\ProgramData\Oracle 2015-01-22 16:19 - 2014-10-19 20:47 - 00000000 ____D () C:\Program Files (x86)\Java 2015-01-22 16:19 - 2014-05-14 15:04 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2015-01-22 16:19 - 2014-05-14 15:04 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2015-01-22 16:19 - 2014-05-14 15:04 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2015-01-22 16:19 - 2014-05-14 15:04 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-01-22 16:19 - 2014-05-14 15:04 - 00000000 ____D () C:\Program Files\Java 2015-01-22 16:18 - 2014-10-19 20:47 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2015-01-22 16:18 - 2014-10-19 20:47 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2015-01-22 16:18 - 2014-10-19 20:47 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2015-01-22 16:18 - 2014-10-19 20:47 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-01-22 16:18 - 2014-03-17 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-01-21 13:09 - 2014-05-11 19:18 - 00046080 ___SH () C:\Users\Christoph\Documents\Thumbs.db ==================== Files in the root of some directories ======= 2014-07-19 08:41 - 2014-12-16 18:53 - 0000600 _____ () C:\Users\Christoph\AppData\Local\PUTTY.RND 2015-01-30 13:02 - 2015-01-30 13:02 - 0010415 _____ () C:\Users\Christoph\AppData\Local\recently-used.xbel Some content of TEMP: ==================== C:\Users\Christoph\AppData\Local\Temp\amazonicon_v10.exe C:\Users\Christoph\AppData\Local\Temp\amazoninstallernircmdc.exe C:\Users\Christoph\AppData\Local\Temp\ClassicShellSetup_4_1_0.exe C:\Users\Christoph\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgpvsmh.dll C:\Users\Christoph\AppData\Local\Temp\FileSystemView.dll C:\Users\Christoph\AppData\Local\Temp\proxy_vole8381025038948965210.dll C:\Users\Christoph\AppData\Local\Temp\sdan.exe C:\Users\Christoph\AppData\Local\Temp\sdapk.exe C:\Users\Christoph\AppData\Local\Temp\sdaspwn.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-14 13:46 ==================== End Of Log ============================ --- --- --- [/CODE] |
17.02.2015, 17:39 | #6 | |
/// the machine /// TB-Ausbilder | Windows 8.1 Chrome öffnet sporadisch leere FensterZitat:
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Program Files (x86)\Vuze\.install4j\user\mism.exe C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000 C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000000 C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000001 C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000002 C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000003 C:\Users\Christoph\Downloads\BeautifulES_downloader-IdNfsNhP1.exe C:\Users\Christoph\Downloads\ChopinScript_downloader-I76Hhgr5O.exe C:\Users\Christoph\Downloads\Classic-Shell-lnstall.exe C:\Users\Christoph\Downloads\FileZilla_Server-0_9_48.exe C:\Users\Christoph\Downloads\FlaemischeKanzleischrift_downloader-I1cKXjqhC.exe C:\Users\Christoph\Downloads\mp3DirectCut - CHIP-Installer.exe C:\Users\Christoph\Downloads\Mutlu_downloader-I9J2fyljq.exe C:\Users\Christoph\Downloads\PuTTY - CHIP-Installer.exe C:\Users\ChristophAdm\AppData\Local\Microsoft\Windows\INetCache\IE\8P0DV0I5\sp-downloader[1].exe C:\Users\ChristophAdm\AppData\Local\Microsoft\Windows\INetCache\IE\IBUIE9NP\MyPhoneExplorer_v2_5185[1].exe C:\Users\ChristophAdm\AppData\Local\Microsoft\Windows\INetCache\IE\PSQZJD6N\SPSetup[1].exe D:\windows7 Daten\Acer\Christoph\Anwendungsdaten\Mozilla\Firefox\Profiles\ojemmbo3.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.dll D:\windows7 Daten\Zottel\Documents\Scanned Documents\03.03.2014 Forderung der abgewiesenen automatischen Lastschrift.zip D:\windows7 Daten\Zottel\Downloads\exes\agsetup183se.exe D:\windows7 Daten\Zottel\Downloads\exes\BenQFlatbedScanner5000EDriver_downloader_by_Downloadsourcenet.exe D:\windows7 Daten\Zottel\Downloads\exes\ccleaner.exe D:\windows7 Daten\Zottel\Downloads\exes\SoftonicDownloader_fuer_microsoft-device-emulator-v2.exe Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Revo Uninstaller - Download - Filepony damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.google.com/chrome/answer/3296214?hl=de Noch Probleme?
__________________ --> Windows 8.1 Chrome öffnet sporadisch leere Fenster |
17.02.2015, 22:53 | #7 |
| Alles zurückgesetzt Ja hatte ich angenommen, das Norton gewisses Verhalten erkennt und neue Viren zumindest an Heuristiken erkennt. Und wozu gibt es dann bei Programmen das Popup "wollen sie die exe sicher ausführen". Habe in letzter Zeit auch keinen Toolbarquatsch installiert sondern akribisch die Haken dafür abgewählt Fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015 Ran by Christoph at 2015-02-17 22:29:34 Run:1 Running from C:\Users\Christoph\Desktop Loaded Profiles: Christoph (Available profiles: Christoph & ChristophAdm) Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Program Files (x86)\Vuze\.install4j\user\mism.exe C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000 C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000000 C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000001 C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000002 C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000003 C:\Users\Christoph\Downloads\BeautifulES_downloader-IdNfsNhP1.exe C:\Users\Christoph\Downloads\ChopinScript_downloader-I76Hhgr5O.exe C:\Users\Christoph\Downloads\Classic-Shell-lnstall.exe C:\Users\Christoph\Downloads\FileZilla_Server-0_9_48.exe C:\Users\Christoph\Downloads\FlaemischeKanzleischrift_downloader-I1cKXjqhC.exe C:\Users\Christoph\Downloads\mp3DirectCut - CHIP-Installer.exe C:\Users\Christoph\Downloads\Mutlu_downloader-I9J2fyljq.exe C:\Users\Christoph\Downloads\PuTTY - CHIP-Installer.exe C:\Users\ChristophAdm\AppData\Local\Microsoft\Windows\INetCache\IE\8P0DV0I5\sp-downloader[1].exe C:\Users\ChristophAdm\AppData\Local\Microsoft\Windows\INetCache\IE\IBUIE9NP\MyPhoneExplorer_v2_5185[1].exe C:\Users\ChristophAdm\AppData\Local\Microsoft\Windows\INetCache\IE\PSQZJD6N\SPSetup[1].exe D:\windows7 Daten\Acer\Christoph\Anwendungsdaten\Mozilla\Firefox\Profiles\ojemmbo3.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.dll D:\windows7 Daten\Zottel\Documents\Scanned Documents\03.03.2014 Forderung der abgewiesenen automatischen Lastschrift.zip D:\windows7 Daten\Zottel\Downloads\exes\agsetup183se.exe D:\windows7 Daten\Zottel\Downloads\exes\BenQFlatbedScanner5000EDriver_downloader_by_Downloadsourcenet.exe D:\windows7 Daten\Zottel\Downloads\exes\ccleaner.exe D:\windows7 Daten\Zottel\Downloads\exes\SoftonicDownloader_fuer_microsoft-device-emulator-v2.exe Emptytemp: ***************** C:\Program Files (x86)\Vuze\.install4j\user\mism.exe => Moved successfully. C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000 => Moved successfully. C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000000 => Moved successfully. C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000001 => Moved successfully. C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000002 => Moved successfully. C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000003 => Moved successfully. C:\Users\Christoph\Downloads\BeautifulES_downloader-IdNfsNhP1.exe => Moved successfully. C:\Users\Christoph\Downloads\ChopinScript_downloader-I76Hhgr5O.exe => Moved successfully. C:\Users\Christoph\Downloads\Classic-Shell-lnstall.exe => Moved successfully. C:\Users\Christoph\Downloads\FileZilla_Server-0_9_48.exe => Moved successfully. C:\Users\Christoph\Downloads\FlaemischeKanzleischrift_downloader-I1cKXjqhC.exe => Moved successfully. C:\Users\Christoph\Downloads\mp3DirectCut - CHIP-Installer.exe => Moved successfully. C:\Users\Christoph\Downloads\Mutlu_downloader-I9J2fyljq.exe => Moved successfully. C:\Users\Christoph\Downloads\PuTTY - CHIP-Installer.exe => Moved successfully. "C:\Users\ChristophAdm\AppData\Local\Microsoft\Windows\INetCache\IE\8P0DV0I5\sp-downloader[1].exe" => File/Directory not found. C:\Users\ChristophAdm\AppData\Local\Microsoft\Windows\INetCache\IE\IBUIE9NP\MyPhoneExplorer_v2_5185[1].exe => Moved successfully. "C:\Users\ChristophAdm\AppData\Local\Microsoft\Windows\INetCache\IE\PSQZJD6N\SPSetup[1].exe" => File/Directory not found. D:\windows7 Daten\Acer\Christoph\Anwendungsdaten\Mozilla\Firefox\Profiles\ojemmbo3.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.dll => Moved successfully. D:\windows7 Daten\Zottel\Documents\Scanned Documents\03.03.2014 Forderung der abgewiesenen automatischen Lastschrift.zip => Moved successfully. D:\windows7 Daten\Zottel\Downloads\exes\agsetup183se.exe => Moved successfully. D:\windows7 Daten\Zottel\Downloads\exes\BenQFlatbedScanner5000EDriver_downloader_by_Downloadsourcenet.exe => Moved successfully. "D:\windows7 Daten\Zottel\Downloads\exes\ccleaner.exe" => File/Directory not found. "D:\windows7 Daten\Zottel\Downloads\exes\SoftonicDownloader_fuer_microsoft-device-emulator-v2.exe" => File/Directory not found. EmptyTemp: => Removed 896 MB temporary data. The system needed a reboot. ==== End of Fixlog 22:29:57 ==== Vielen Dank schon mal für die Hilfe bis hier hin! |
18.02.2015, 10:53 | #8 |
/// the machine /// TB-Ausbilder | Windows 8.1 Chrome öffnet sporadisch leere Fenster Kein AV Programm kann dich schützen, wenn dein Surfverhalten nicht passt. Und das Ding war voll mit Adware. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
20.02.2015, 09:12 | #9 |
| voll Adware Hallo, klar das Ding war voll mit Adware, aber was war mit dem Trojaner-Fund? Lassen die nicht noch mehr Viren rein? Wie auch immer ich habe den Rechner mal 30 Stunden am Stück mit Chrome offen laufen gelassen und bisher ist kein neuer Tab mehr aufgegangen. Also großes nochmal, damit kann das Thema dann geschlossen werden! |
20.02.2015, 14:23 | #10 |
/// the machine /// TB-Ausbilder | Windows 8.1 Chrome öffnet sporadisch leere Fenster welchen meinst Du genau?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
21.02.2015, 16:47 | #11 |
| Windows 8.1 Chrome öffnet sporadisch leere Fenster Ich meine den, der ziemlich am Anfang von ESET gefunden wurde http://www.trojaner-board.de/164010-...ml#post1428003 Code:
ATTFilter D:\windows7 Daten\Zottel\Documents\Scanned Documents\03.03.2014 Forderung der abgewiesenen automatischen Lastschrift.zip Win32/Trustezeb.E Trojaner |
22.02.2015, 08:53 | #12 | |
/// the machine /// TB-Ausbilder | Windows 8.1 Chrome öffnet sporadisch leere FensterZitat:
.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
22.02.2015, 14:33 | #13 |
| Windows 8.1 Chrome öffnet sporadisch leere Fenster Alles klar, dann kann das Thema ja wirklich zu! Vielen Dank! |
22.02.2015, 18:46 | #14 |
/// the machine /// TB-Ausbilder | Windows 8.1 Chrome öffnet sporadisch leere Fenster Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |