| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Rechner total verbogenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.03.2015, 14:23
| #1 |
 |  Rechner total verbogen Hi Da ich hier schon sehr oft geholfen bekommen habe wollte ich mal jetzt hier fragen ob ich wieder sauber bin. Folgendes: Anhang einer Fake Email geöffnet und die EXE im Anhang ausgeführt. Datei verschwandt sofort und ein Malwarebytes Scan ergab das es ein Bot sei. Mein AVG funktioniert seit dem auch nicht mehr und ich habe mir jetzt mal auf die schnelle Avira free Antivirus heruntergeladen. Hier kommt das FRST Log: Code:
ATTFilter Users shortcut scan result (x64) Version: 11-03-2015
Ran by julian at 2015-03-24 14:17:02
Running from C:\Users\julian\Desktop
Boot Mode: Normal
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Benutzerhandbuch für die Konsolenversion von RAR.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Hilfe zu WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Was ist neu in dieser Version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bridge Bundle\Uninstall.lnk -> C:\Program Files (x86)\Vidalia Bridge Bundle\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bridge Bundle\Vidalia Website.lnk -> C:\Program Files (x86)\Vidalia Bridge Bundle\Vidalia\Vidalia Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bridge Bundle\Vidalia.lnk -> C:\Program Files (x86)\Vidalia Bridge Bundle\Vidalia\vidalia.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bridge Bundle\Tor\Tor Website.lnk -> C:\Program Files (x86)\Vidalia Bridge Bundle\Tor\Tor Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bridge Bundle\Tor\Tor.lnk -> C:\Program Files (x86)\Vidalia Bridge Bundle\Tor\tor.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bridge Bundle\Tor\Documents\Tor Documentation.lnk -> C:\Program Files (x86)\Vidalia Bridge Bundle\Tor\Documents ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bridge Bundle\Tor\Documents\Tor Manual.lnk -> C:\Program Files (x86)\Vidalia Bridge Bundle\Tor\Documents\tor-reference.html (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bridge Bundle\Tor\Documents\Tor Specification.lnk -> C:\Program Files (x86)\Vidalia Bridge Bundle\Tor\Documents\tor-spec.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt\TrueCrypt.lnk -> C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers\SlimDrivers.lnk -> C:\Windows\Installer\{03E312F7-8697-4BC4-A90F-33D34EECE18C}\Icon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker\Resource Hacker.lnk -> C:\Program Files (x86)\Resource Hacker\ResHacker.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2\PE Viewer.lnk -> C:\Program Files\Process Hacker 2\peview.exe (wj32)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2\Process Hacker 2.lnk -> C:\Program Files\Process Hacker 2\ProcessHacker.exe (wj32)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2\Uninstall Process Hacker 2.lnk -> C:\Program Files\Process Hacker 2\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2\Help and Support\Changelog.lnk -> C:\Program Files\Process Hacker 2\CHANGELOG.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock\PeerBlock.lnk -> C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock\Uninstall PeerBlock.lnk -> C:\Program Files\PeerBlock\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock\Help and Support\ReadMe.lnk -> C:\Program Files\PeerBlock\readme.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox\License (English).lnk -> C:\Program Files\Oracle\VirtualBox\License_en_US.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox\Oracle VM VirtualBox.lnk -> C:\Program Files\Oracle\VirtualBox\VirtualBox.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox\User manual (CHM, English).lnk -> C:\Program Files\Oracle\VirtualBox\VirtualBox.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox\User manual (PDF, English).lnk -> C:\Program Files\Oracle\VirtualBox\doc\UserManual.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Malwarebytes Anti-Malware entfernen.lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \ Malwarebytes Anti-Malware .lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \Chameleon\Windows\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingo ROOT\Kingo ROOT.lnk -> C:\Program Files (x86)\Kingo ROOT\Kingo Root.exe (Kingosoft)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingo ROOT\Uninstall Kingo ROOT.lnk -> C:\Program Files (x86)\Kingo ROOT\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Java konfigurieren.lnk -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes\VirtualCloneDrive\Anleitung.lnk -> C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\HelpLauncher.exe (Elaborate Bytes AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes\VirtualCloneDrive\Uninstall.lnk -> C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes\VirtualCloneDrive\Virtual CloneDrive Revision History.lnk -> C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\manual\changes_vcd.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes\VirtualCloneDrive\Virtual CloneDrive.lnk -> C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDPrefs.exe (Elaborate Bytes AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeepSea Obfuscator 4\DeepSea Obfuscator Help.lnk -> C:\Program Files\DeepSea Obfuscator 4\DeepSea.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeepSea Obfuscator 4\DeepSea Obfuscator.lnk -> C:\Program Files\DeepSea Obfuscator 4\DeepSeaUI.exe (TallApplications)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks\Start BlueStacks.lnk -> C:\Program Files (x86)\BlueStacks\HD-StartLauncher.exe (BlueStack Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira Free Antivirus Hilfe.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\avwin.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira Free Antivirus starten.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira im Internet.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\weblink.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2015.lnk -> C:\Program Files (x86)\AVG\AVG2015\avgui.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Help File.lnk -> C:\Program Files (x86)\AutoIt3\AutoIt.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x64).lnk -> C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe (AutoIt Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x86).lnk -> C:\Program Files (x86)\AutoIt3\Au3Info.exe (AutoIt Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Compile Script to .exe (x64).lnk -> C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe (AutoIt Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Compile Script to .exe (x86).lnk -> C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe (AutoIt Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Examples.lnk -> C:\Program Files (x86)\AutoIt3\Examples ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Run Script (x64).lnk -> C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe (AutoIt Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Run Script (x86).lnk -> C:\Program Files (x86)\AutoIt3\AutoIt3.exe (AutoIt Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\SciTE Script Editor.lnk -> C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe (Neil Hodgson neilh@scintilla.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoIt v3 Website.lnk -> C:\Program Files (x86)\AutoIt3\AutoIt v3 Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\Browse Extras.lnk -> C:\Program Files (x86)\AutoIt3\Extras ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoItX\AutoItX Help File.lnk -> C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoItX\VBScript Examples.lnk -> C:\Program Files (x86)\AutoIt3\AutoItX\ActiveX\VBScript (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Program Files\7-Zip\7zFM.exe (Igor Pavlov)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files\7-Zip\7-zip.chm ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\Links\Desktop.lnk -> C:\Users\julian\Desktop ()
Shortcut: C:\Users\julian\Links\Downloads.lnk -> C:\Users\julian\Downloads ()
Shortcut: C:\Users\julian\Desktop\BitTorrent.lnk -> C:\Users\julian\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\julian\Desktop\JDownloader 2.lnk -> C:\Users\julian\AppData\Local\JDownloader v2.0\JDownloader2.exe (AppWork GmbH)
Shortcut: C:\Users\julian\Desktop\PeerBlock.lnk -> C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
Shortcut: C:\Users\julian\Desktop\Process Hacker 2.lnk -> C:\Program Files\Process Hacker 2\ProcessHacker.exe (wj32)
Shortcut: C:\Users\julian\Desktop\µTorrent.lnk -> C:\Users\julian\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\julian\Desktop\Tor Browser\Start Tor Browser.lnk -> C:\Users\julian\Desktop\Tor Browser\Browser\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk -> C:\Users\julian\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -> C:\Users\julian\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Benutzerhandbuch für die Konsolenversion von RAR.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Hilfe zu WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Was ist neu in dieser Version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC\DUC.lnk -> C:\Program Files (x86)\No-IP\DUC40.exe ()
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC\License.lnk -> C:\Program Files (x86)\No-IP\License.txt ()
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC\Uninstall.lnk -> C:\Program Files (x86)\No-IP\Uninstall.exe ()
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2 Deinstallationsprogramm.lnk -> C:\Users\julian\AppData\Local\JDownloader v2.0\Uninstall JDownloader.exe (AppWork GmbH)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2 Update & Rescue.lnk -> C:\Users\julian\AppData\Local\JDownloader v2.0\JDownloader2Update.exe (AppWork GmbH)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2.lnk -> C:\Users\julian\AppData\Local\JDownloader v2.0\JDownloader2.exe (AppWork GmbH)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk -> C:\Users\julian\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\JDownloader 2.lnk -> C:\Users\julian\AppData\Local\JDownloader v2.0\JDownloader2.exe (AppWork GmbH)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk -> C:\Program Files\Oracle\VirtualBox\VirtualBox.exe ()
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -> C:\Users\julian\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Apps.lnk -> C:\Users\Public\Libraries\Apps.library-ms ()
Shortcut: C:\Users\Public\Desktop\AVG 2015.lnk -> C:\Program Files (x86)\AVG\AVG2015\avgui.exe (No File)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Kingo ROOT.lnk -> C:\Program Files (x86)\Kingo ROOT\Kingo Root.exe (Kingosoft)
Shortcut: C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation)
Shortcut: C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk -> C:\Program Files\Oracle\VirtualBox\VirtualBox.exe ()
Shortcut: C:\Users\Public\Desktop\Skype.lnk -> C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe ()
Shortcut: C:\Users\Public\Desktop\SlimDrivers.lnk -> C:\Windows\Installer\{03E312F7-8697-4BC4-A90F-33D34EECE18C}\Icon.exe ()
Shortcut: C:\Users\Public\Desktop\Start BlueStacks.lnk -> C:\Program Files (x86)\BlueStacks\HD-StartLauncher.exe (BlueStack Systems, Inc.)
Shortcut: C:\Users\Public\Desktop\TeamViewer 10.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
Shortcut: C:\Users\Public\Desktop\TrueCrypt.lnk -> C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
Shortcut: C:\Users\Public\Desktop\Virtual CloneDrive.lnk -> C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDPrefs.exe (Elaborate Bytes AG)
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bridge Bundle\Tor\Torrc.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) -> C:\Users\julian\AppData\Local\Vidalia\torrc
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt\Uninstall TrueCrypt.lnk -> C:\Program Files\TrueCrypt\TrueCrypt Setup.exe (TrueCrypt Foundation) -> /u
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers\SlimDrivers Help.lnk -> C:\Windows\Installer\{03E312F7-8697-4BC4-A90F-33D34EECE18C}\Icon.exe () -> -help
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Programm mit Sandboxie starten.lnk -> C:\Program Files\Sandboxie\Start.exe (Sandboxie Holdings, LLC) -> /box:__ask__ run_dialog
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Sandboxie Control.lnk -> C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Sandboxie Deinstallieren.lnk -> C:\Windows\Installer\SandboxieInstall64.exe (Sandboxie Holdings, LLC) -> /remove
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Sandboxie Startmenü.lnk -> C:\Program Files\Sandboxie\Start.exe (Sandboxie Holdings, LLC) -> /box:__ask__ start_menu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Webbrowser mit Sandboxie starten.lnk -> C:\Program Files\Sandboxie\Start.exe (Sandboxie Holdings, LLC) -> default_browser
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Windows Explorer mit Sandboxie starten.lnk -> C:\Program Files\Sandboxie\Start.exe (Sandboxie Holdings, LLC) -> .
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Auf Updates prüfen.lnk -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Info zu Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeepSea Obfuscator 4\Check for updates.lnk -> C:\Program Files\Common Files\TallApplications\Update\TallApplications.Update.exe (TallApplications) -> /title DeepSea Obfuscator v4 (Licensed) Updater
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira.lnk -> C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) -> /showMiniGui
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Check For Updates.lnk -> C:\Program Files (x86)\AutoIt3\AutoIt3.exe (AutoIt Team) -> "C:\Program Files (x86)\AutoIt3\Extras\AutoUpdateIt\AutoUpdateIt.au3"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\ProgramData\BlueStacks\UserData\Library\My Apps\Help.lnk -> C:\Program Files (x86)\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -p com.bluestacks.help -a com.bluestacks.help.HelpActivity
ShortcutWithArgument: C:\ProgramData\BlueStacks\UserData\Library\App Stores\1Mobile Market.lnk -> C:\Program Files (x86)\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -p me.onemobile.android -a me.onemobile.android.MainPagerActivity
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\julian\Desktop\Sandboxed Web Browser.lnk -> C:\Program Files\Sandboxie\Start.exe (Sandboxie Holdings, LLC) -> default_browser
ShortcutWithArgument: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff
ShortcutWithArgument: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\julian\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\julian\AppData\Roaming\Microsoft\Windows\SendTo\Sandboxie - DefaultBox.lnk -> C:\Program Files\Sandboxie\Start.exe (Sandboxie Holdings, LLC) -> /box:DefaultBox
ShortcutWithArgument: C:\Users\julian\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\julian\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk -> C:\Program Files\Sandboxie\Start.exe (Sandboxie Holdings, LLC) -> default_browser
ShortcutWithArgument: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\julian\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Auto0Shutdown0Restyled0Pierre.gadget\core\hibernation.lnk -> C:\Windows\System32\shutdown.exe (Microsoft Corporation) -> -h -f
ShortcutWithArgument: C:\Users\julian\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Auto0Shutdown0Restyled0Pierre.gadget\core\logoff.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> user32.dll, LockWorkStation
ShortcutWithArgument: C:\Users\julian\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Auto0Shutdown0Restyled0Pierre.gadget\core\restart.lnk -> C:\Windows\System32\shutdown.exe (Microsoft Corporation) -> -r -f -t 01
ShortcutWithArgument: C:\Users\julian\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Auto0Shutdown0Restyled0Pierre.gadget\core\shutdown.lnk -> C:\Windows\System32\shutdown.exe (Microsoft Corporation) -> -s -f -t 01
ShortcutWithArgument: C:\Users\Public\Desktop\Avira.lnk -> C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) -> /showMiniGui
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt\TrueCrypt Website.url -> hxxp://www.truecrypt.org/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2\Help and Support\Process Hacker 2 on the Web.url -> hxxp://processhacker.sourceforge.net/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock\Help and Support\Forums.url -> hxxp://forums.peerblock.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock\Help and Support\Homepage.url -> hxxp://www.peerblock.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock\Help and Support\User Manual.url -> hxxp://www.peerblock.com/userguide
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingo ROOT\Kingo ROOT on the Web.url -> hxxp://www.kingoapp.com/
InternetURL: C:\Users\julian\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\julian\Favorites\Windows Live\Windows Live Ideas.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72700
InternetURL: C:\Users\julian\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\julian\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72682
InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN Auto.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72680
InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN Fernsehen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72659
InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72640
InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN Nachrichten.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72636
InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN Sport.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72635
InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72520
InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72629
InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72406
InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72893
InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\julian\Favorites\Links\Vorgeschlagene Sites.url -> https://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\julian\Favorites\Links\Web Slice-Katalog.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
==================== End of log =============================
|
|
24.03.2015, 14:24
| #2 |
| | Rechner total verbogenCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by julian at 2015-03-24 14:16:49
Running from C:\Users\julian\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3484087542-3240090288-3349016086-1000\...\uTorrent) (Version: 3.4.2.38913 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
AutoIt v3.3.12.0 (HKLM-x32\...\AutoItv3) (Version: 3.3.12.0 - AutoIt Team)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5751 - AVG Technologies)
AVG 2015 (Version: 15.0.4315 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5751 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies)
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
BitTorrent (HKU\S-1-5-21-3484087542-3240090288-3349016086-1000\...\BitTorrent) (Version: 7.9.2.38914 - BitTorrent Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.14.4604 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{01961AE4-2F93-408B-AAED-AC582C4F5059}) (Version: 0.9.14.4604 - BlueStack Systems, Inc.)
DeepSea Obfuscator v4 (Licensed) (4.4.4.86) (HKLM\...\0222D721-97AC-49E8-9127-EA65AD781F85_is1) (Version: 4.4.4.86 - TallApplications)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HashTab 5.2.0.14 (HKLM\...\HashTab) (Version: 5.2.0.14 - Implbits Software)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kingo ROOT version 1.3.4.2252 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.3.4.2252 - Kingosoft Technology Ltd.)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.1.0 - Vitalwerks Internet Solutions LLC)
Oracle VM VirtualBox 4.3.24 (HKLM\...\{15E093DF-951E-46CB-B3EC-E1287E7A2319}) (Version: 4.3.24 - Oracle Corporation)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Process Hacker 2.33 (r5590) (HKLM\...\Process_Hacker2_is1) (Version: 2.33.0.5590 - wj32)
Resource Hacker Version 3.6.0 (HKLM-x32\...\ResourceHacker_is1) (Version: - )
Sandboxie 4.16 (64-bit) (HKLM\...\Sandboxie) (Version: 4.16 - Sandboxie Holdings, LLC)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
SlimDrivers (HKLM-x32\...\{03E312F7-8697-4BC4-A90F-33D34EECE18C}) (Version: 2.2.44488 - SlimWare Utilities, Inc.)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.39052 - TeamViewer)
Tor 0.2.4.23 (HKLM-x32\...\Tor) (Version: - )
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Vidalia 0.2.21 (HKLM-x32\...\Vidalia) (Version: - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3484087542-3240090288-3349016086-1000_Classes\CLSID\{01E9FAE9-3819-4dd9-B1D9-998A1C62D1F8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3484087542-3240090288-3349016086-1000_Classes\CLSID\{25815CC0-43F4-3C75-8C3A-A139D9ADE740}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
==================== Restore Points =========================
10-03-2015 17:51:02 TrueCrypt installation
10-03-2015 17:54:58 Gerätetreiber-Paketinstallation: Elaborate Bytes AG Speichercontroller
13-03-2015 19:07:59 Windows-Sicherung
13-03-2015 20:01:04 Windows Update
13-03-2015 21:39:35 Gerätetreiber-Paketinstallation: Google, Inc.
15-03-2015 13:27:32 Gerätetreiber-Paketinstallation: Fuzhou Rockchip
15-03-2015 13:28:38 Gerätetreiber-Paketinstallation: Fuzhou Rockchip
15-03-2015 13:29:13 Gerätetreiber-Paketinstallation: Google, Inc. Android Device
20-03-2015 18:33:31 Gerätetreiber-Paketinstallation: Fuzhou Rockchip Class for rockusb devices
20-03-2015 18:34:13 Gerätetreiber-Paketinstallation: Google, Inc. Android Device
20-03-2015 18:35:01 Gerätetreiber-Paketinstallation: Fuzhou Rockchip Class for rockusb devices
20-03-2015 18:35:42 Gerätetreiber-Paketinstallation: Google, Inc. Android Device
20-03-2015 18:42:59 Gerätetreiber-Paketinstallation: Fuzhou Rockchip Class for rockusb devices
20-03-2015 18:43:24 Gerätetreiber-Paketinstallation: Google, Inc. Android Device
20-03-2015 18:44:10 Gerätetreiber-Paketinstallation: Fuzhou Rockchip Class for rockusb devices
20-03-2015 18:45:05 Gerätetreiber-Paketinstallation: Google, Inc. Android Device
21-03-2015 10:28:00 Sprachpaketdeinstallation
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {26A12C05-C1FE-47A2-9B19-64B79D9C0F60} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-27] (Google Inc.)
Task: {6C9AC9D4-9621-4067-A6E5-D86F89A14564} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-27] (Google Inc.)
Task: {E93AC64D-E885-4A8F-996D-4D412331EB36} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2015-01-28] (SlimWare Utilities, Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
==================== Loaded Modules (whitelisted) ==============
2015-02-27 20:13 - 2000-01-01 01:00 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-03-03 18:46 - 2015-03-03 18:46 - 00004096 _____ () C:\Users\julian\AppData\Local\Microsoft\Windows Sidebar\Gadgets\TechnoBaseFM.Gadget\TechnoBaseFMGadget.dll
2014-07-29 00:43 - 2014-07-29 00:43 - 06239727 _____ () C:\Program Files (x86)\Vidalia Bridge Bundle\Vidalia\vidalia.exe
2009-06-23 03:42 - 2009-06-23 03:42 - 00043008 _____ () C:\Program Files (x86)\Vidalia Bridge Bundle\Vidalia\libgcc_s_dw2-1.dll
2011-08-23 23:59 - 2011-08-23 23:59 - 00047972 _____ () C:\Program Files (x86)\Vidalia Bridge Bundle\Vidalia\mingwm10.dll
2010-06-07 00:07 - 2015-03-14 11:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2010-06-07 00:07 - 2015-03-14 11:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2010-06-07 00:07 - 2015-03-14 11:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3484087542-3240090288-3349016086-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\julian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^julian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7ca6a7fec2df0d82a777ae67fbedc9eb.exe => C:\Windows\pss\7ca6a7fec2df0d82a777ae67fbedc9eb.exe.Startup
MSCONFIG\startupreg: 7ca6a7fec2df0d82a777ae67fbedc9eb => "C:\Users\julian\AppData\Local\Temp\explorer.exe" ..
==================== Accounts: =============================
Administrator (S-1-5-21-3484087542-3240090288-3349016086-500 - Administrator - Disabled)
Gast (S-1-5-21-3484087542-3240090288-3349016086-501 - Limited - Disabled)
julian (S-1-5-21-3484087542-3240090288-3349016086-1000 - Administrator - Enabled) => C:\Users\julian
==================== Faulty Device Manager Devices =============
Name: PS/2-kompatible Maus
Description: PS/2-kompatible Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/24/2015 01:21:40 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/22/2015 05:36:23 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={B1DBE419-8BFB-4FA2-B25F-63F8AF73D570}: Der Benutzer "julian-PC\julian" hat eine Verbindung mit dem Namen "VPN-Verbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0.
Error: (06/07/2010 00:06:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (06/07/2010 00:06:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (06/07/2010 00:06:08 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (06/07/2010 00:06:01 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (06/07/2010 00:05:42 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (06/07/2010 00:05:42 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (06/07/2010 00:05:40 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error: (06/07/2010 00:05:38 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
System errors:
=============
Error: (03/24/2015 01:21:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (03/24/2015 01:20:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AVG WatchDog" wurde aufgrund folgenden Fehlers nicht gestartet:
%%5
Error: (03/24/2015 01:20:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AVGIDSAgent" wurde aufgrund folgenden Fehlers nicht gestartet:
%%5
Error: (03/24/2015 01:20:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WtuSystemSupport" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (03/24/2015 01:20:48 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 24.03.2015 um 12:56:05 unerwartet heruntergefahren.
Error: (03/24/2015 00:55:03 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (03/24/2015 00:46:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AVGIDSAgent" wurde aufgrund folgenden Fehlers nicht gestartet:
%%5
Error: (03/24/2015 00:23:44 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "C:" den Befehl "chkdsk" aus.
Error: (03/24/2015 00:23:44 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "C:" den Befehl "chkdsk" aus.
Error: (03/24/2015 00:23:44 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "\Device\HarddiskVolume2" den Befehl "chkdsk" aus.
Microsoft Office Sessions:
=========================
Error: (03/24/2015 01:21:40 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/22/2015 05:36:23 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {B1DBE419-8BFB-4FA2-B25F-63F8AF73D570}julian-PC\julianVPN-Verbindung0
Error: (06/07/2010 00:06:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (06/07/2010 00:06:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (06/07/2010 00:06:08 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (06/07/2010 00:06:01 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (06/07/2010 00:05:42 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (06/07/2010 00:05:42 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (06/07/2010 00:05:40 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
Error: (06/07/2010 00:05:38 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 38%
Total physical RAM: 3892.52 MB
Available physical RAM: 2382.05 MB
Total Pagefile: 7783.2 MB
Available Pagefile: 5744 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:238.07 GB) (Free:190.17 GB) NTFS
Drive f: (Backup) (Fixed) (Total:97.66 GB) (Free:76.32 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0008D427)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by julian (administrator) on JULIAN-PC on 24-03-2015 14:16:23
Running from C:\Users\julian\Desktop
Loaded Profiles: julian (Available profiles: julian)
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
() C:\Program Files (x86)\Vidalia Bridge Bundle\Vidalia\vidalia.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\julian\Desktop\FRST64 (1).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [AVG_UI] => "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [855768 2015-02-19] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-17] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3484087542-3240090288-3349016086-1000\...\Run: [BitTorrent] => C:\Users\julian\AppData\Roaming\BitTorrent\BitTorrent.exe [1744472 2015-02-27] (BitTorrent Inc.)
HKU\S-1-5-21-3484087542-3240090288-3349016086-1000\...\Run: [uTorrent] => C:\Users\julian\AppData\Roaming\uTorrent\uTorrent.exe [1742928 2015-02-27] (BitTorrent Inc.)
HKU\S-1-5-21-3484087542-3240090288-3349016086-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-3484087542-3240090288-3349016086-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [785416 2015-02-18] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3484087542-3240090288-3349016086-1000\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2015-03-10] (TrueCrypt Foundation)
HKU\S-1-5-21-3484087542-3240090288-3349016086-1000\...\Run: [Vidalia] => C:\Program Files (x86)\Vidalia Bridge Bundle\Vidalia\vidalia.exe [6239727 2014-07-29] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3484087542-3240090288-3349016086-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid={2B0A9B13-43B5-4B74-B0F5-6849EFD5CC1F}&mid=edc98f5bf0cd47cd9a79395874e1f6a2-5909d533ca05b4eefd7ef8d96be2859ebf477f79&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2015-02-27 21:01:00&v=4.1.0.411&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-3484087542-3240090288-3349016086-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3484087542-3240090288-3349016086-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={2B0A9B13-43B5-4B74-B0F5-6849EFD5CC1F}&mid=edc98f5bf0cd47cd9a79395874e1f6a2-5909d533ca05b4eefd7ef8d96be2859ebf477f79&lang=de&ds=AVG&coid=avgtbavg&cmpid=0215tb&pr=fr&d=2015-02-27 21:01:00&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-07] (Oracle Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-07] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\julian\AppData\Roaming\Mozilla\Firefox\Profiles\qeCXqXKr.default
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.4.0\\npsitesafety.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-07] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-27] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\julian\AppData\Roaming\Mozilla\Firefox\Profiles\qeCXqXKr.default\Extensions\abs@avira.com [2015-03-24]
Chrome:
=======
CHR Profile: C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-27]
CHR Extension: (Google Docs) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-27]
CHR Extension: (Google Drive) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-27]
CHR Extension: (YouTube) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-27]
CHR Extension: (Google Search) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-27]
CHR Extension: (Google Sheets) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-27]
CHR Extension: (WebRTC Block) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphkkbaidamjmhfanlpblblcadhfbkdm [2015-03-03]
CHR Extension: (Gmail) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-27]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2015-02-19] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2015-02-19] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [794328 2015-02-19] (BlueStack Systems, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175112 2015-02-18] (Sandboxie Holdings, LLC)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
R2 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1883672 2015-02-27] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe" [X]
S2 avgwd; "C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe" [X]
S2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [270816 2015-02-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-01-23] (AVG Technologies CZ, s.r.o.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-17] (Avira Operations GmbH & Co. KG)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [284128 2015-01-16] (AVG Technologies CZ, s.r.o.)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2015-02-19] (BlueStack Systems)
R4 KProcessHacker2; C:\Program Files\Process Hacker 2\kprocesshacker.sys [39576 2013-11-13] (wj32)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S3 Rockusb; C:\Windows\System32\DRIVERS\rockusb.sys [66704 2013-09-09] (Fuzhou Rockchip Electronics Co,Ltd.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [237064 2015-02-18] (Sandboxie Holdings, LLC)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13920 2015-03-24] ()
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-24 14:15 - 2015-03-24 14:16 - 00021559 _____ () C:\Users\julian\Desktop\Addition.txt
2015-03-24 14:14 - 2015-03-24 14:16 - 00013792 _____ () C:\Users\julian\Desktop\FRST.txt
2015-03-24 14:13 - 2015-03-24 14:13 - 00000000 ____D () C:\Users\julian\AppData\Roaming\Avira
2015-03-24 14:10 - 2015-03-24 14:08 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-24 14:08 - 2015-03-24 14:08 - 00000000 ____D () C:\Users\julian\AppData\Roaming\Mozilla
2015-03-24 14:06 - 2015-03-17 13:01 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-24 14:06 - 2015-03-17 13:01 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-24 14:06 - 2015-03-17 13:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-03-24 14:01 - 2015-03-24 14:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-24 14:01 - 2015-03-24 14:06 - 00000000 ____D () C:\ProgramData\Avira
2015-03-24 14:01 - 2015-03-24 14:06 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-24 14:01 - 2015-03-24 14:01 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-03-24 14:00 - 2015-03-24 14:00 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\julian\Downloads\avira_de_av_55115fdd78351__wsm.exe
2015-03-24 14:00 - 2015-03-24 14:00 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-24 13:58 - 2015-03-24 13:59 - 31094527 ____R (Igor Pavlov) C:\Users\julian\Downloads\PirateBrowser_0.6b.exe
2015-03-24 12:52 - 2015-03-24 12:52 - 02095616 _____ (Farbar) C:\Users\julian\Desktop\FRST64 (1).exe
2015-03-24 12:51 - 2015-03-24 12:52 - 02095616 _____ (Farbar) C:\Users\julian\Downloads\FRST64 (1).exe
2015-03-24 12:43 - 2015-03-24 12:44 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\julian\Downloads\tdsskiller44.exe
2015-03-24 12:39 - 2015-03-24 13:30 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-24 12:38 - 2015-03-24 12:39 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-24 12:38 - 2015-03-24 12:38 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-03-24 12:38 - 2015-03-24 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-03-24 12:38 - 2015-03-24 12:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-24 12:38 - 2015-03-24 12:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-03-24 12:38 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-24 12:38 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-24 12:37 - 2015-03-24 12:38 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\julian\Downloads\mbam-setup-2.1.4.1018.exe
2015-03-24 12:36 - 2015-03-24 13:22 - 00000000 ___HD () C:\ProgramData\{$1284-9213-2940-1289$}
2015-03-24 12:36 - 2015-03-24 12:36 - 00000000 _____ () C:\Users\julian\AppData\Roaming\system.ini
2015-03-24 12:36 - 2015-03-24 12:35 - 00538624 __RSH () C:\Users\julian\Desktop\crypterv2.exe
2015-03-24 12:35 - 2015-03-24 12:35 - 00538624 _____ () C:\Users\julian\Downloads\crypterv2.exe
2015-03-24 12:09 - 2015-03-24 12:23 - 00000000 ____D () C:\Users\julian\AppData\Local\Vidalia
2015-03-24 12:09 - 2015-03-24 12:09 - 00000000 ____D () C:\Users\julian\AppData\Local\Tor
2015-03-24 12:09 - 2015-03-24 12:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bridge Bundle
2015-03-24 12:09 - 2015-03-24 12:09 - 00000000 ____D () C:\Program Files (x86)\Vidalia Bridge Bundle
2015-03-24 12:08 - 2015-03-24 12:09 - 09378598 _____ () C:\Users\julian\Downloads\vidalia-bridge-bundle-0.2.4.23-0.2.21.exe
2015-03-24 12:04 - 2015-03-24 13:30 - 00000000 ____D () C:\Users\julian\AppData\Roaming\tor
2015-03-24 11:49 - 2015-03-24 11:49 - 00000000 ____D () C:\Users\julian\Desktop\Tor Browser
2015-03-24 11:48 - 2015-03-24 11:49 - 34737321 _____ () C:\Users\julian\Downloads\torbrowser-install-4.0.5_de.exe
2015-03-24 11:10 - 2015-03-24 11:18 - 00000000 ____D () C:\Users\julian\Downloads\40 Textures Wallpapers 1920x1200 Px [Set 5]
2015-03-24 11:07 - 2015-03-24 11:08 - 00000000 ____D () C:\Users\julian\Downloads\40 Cityscapes Wallpapers 2560x1600 [Set 1]
2015-03-23 16:42 - 2015-03-23 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3
2015-03-23 16:42 - 2015-03-23 16:42 - 00000000 ____D () C:\Program Files (x86)\AutoIt3
2015-03-23 16:41 - 2015-03-23 16:41 - 11878040 _____ (AutoIt Team) C:\Users\julian\Downloads\autoit-v3-setup.exe
2015-03-23 16:26 - 2015-03-23 16:26 - 00000030 _____ () C:\Users\julian\Desktop\ico.rc
2015-03-23 16:23 - 2015-03-23 16:23 - 00461798 _____ () C:\Users\julian\Downloads\BosonCrypter Free V2.zip
2015-03-22 19:04 - 2015-03-22 19:05 - 00000000 ____D () C:\Users\julian\Downloads\40 Macro Wallpapers 1920x1200 [Set 43]
2015-03-22 18:34 - 2015-03-22 18:34 - 00002414 _____ () C:\Users\julian\Documents\DeepSea.log
2015-03-22 18:31 - 2015-03-22 18:31 - 00000000 ____D () C:\Users\julian\Documents\DeepSea Obfuscator v4 (Licensed) Samples
2015-03-22 18:31 - 2015-03-22 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeepSea Obfuscator 4
2015-03-22 18:31 - 2015-03-22 18:31 - 00000000 ____D () C:\Program Files\DeepSea Obfuscator 4
2015-03-22 18:31 - 2015-03-22 18:31 - 00000000 ____D () C:\Program Files\Common Files\TallApplications
2015-03-22 18:30 - 2015-03-22 18:31 - 05608968 _____ (TallApplications ) C:\Users\julian\Downloads\DeepSeaSetup.exe
2015-03-22 18:03 - 2015-03-22 18:03 - 00571466 _____ () C:\Users\julian\Downloads\Call Crypter Refud ByRoda.rar
2015-03-22 17:57 - 2015-03-22 17:57 - 02350392 _____ () C:\Users\julian\Downloads\AegisCrypter6.0.7z
2015-03-22 17:47 - 2015-03-22 17:48 - 11528624 _____ () C:\Users\julian\Downloads\DarkCometRAT42 (1).rar
2015-03-22 17:45 - 2015-03-22 17:45 - 04770164 _____ () C:\Users\julian\Downloads\DarkCometRAT3.0.1.rar
2015-03-22 17:37 - 2015-03-22 17:37 - 00000000 ____D () C:\Users\julian\Downloads\Malwarebytes AntiMalware Premium v2.0.2.1012 ML Incl Keygen-BRD [TorDigger]
2015-03-21 11:23 - 2015-03-21 15:08 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-03-21 11:23 - 2015-03-21 11:23 - 00001047 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-03-21 11:23 - 2015-03-21 11:23 - 00001035 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-03-21 11:22 - 2015-03-21 11:22 - 07824680 _____ (TeamViewer GmbH) C:\Users\julian\Downloads\TeamViewer_Setup_de.exe
2015-03-20 19:44 - 2015-03-20 20:25 - 1549615104 _____ () C:\Users\julian\Downloads\linuxmint-17.1-cinnamon-64bit.iso
2015-03-20 19:13 - 2015-03-20 19:31 - 1297121280 _____ () C:\Users\julian\Downloads\debian-live-7.8.0-amd64-kde-desktop.iso
2015-03-20 18:41 - 2015-03-20 18:41 - 00000000 ____D () C:\Neuer Ordner
2015-03-20 18:40 - 2015-03-20 18:40 - 09630677 _____ () C:\Users\julian\Downloads\Oma_DriverAssistant_3.7z
2015-03-20 18:34 - 2015-03-20 18:34 - 00000320 _____ () C:\DriverInstall2015-03-20.txt
2015-03-20 18:26 - 2015-03-20 18:26 - 00000473 _____ () C:\Users\julian\Downloads\CrewRKTablets_RK31_KK_Omni_parameter_8GB_tabs.7z
2015-03-20 18:26 - 2015-03-20 18:26 - 00000460 _____ () C:\Users\julian\Downloads\CrewRKTablets_RK31_KK_Omni_parameter_dynamic.7z
2015-03-20 18:26 - 2014-08-21 19:22 - 00000609 _____ () C:\Users\julian\Desktop\parameter
2015-03-20 18:26 - 2014-06-01 19:36 - 00000609 _____ () C:\Users\julian\Desktop\parameter_8GB
2015-03-20 18:18 - 2015-03-20 18:18 - 00031742 _____ () C:\Users\julian\Downloads\Shortcut.txt
2015-03-20 18:17 - 2015-03-20 18:18 - 00020571 _____ () C:\Users\julian\Downloads\Addition.txt
2015-03-20 18:16 - 2015-03-24 14:16 - 00000000 ____D () C:\FRST
2015-03-20 18:16 - 2015-03-20 18:18 - 00053712 _____ () C:\Users\julian\Downloads\FRST.txt
2015-03-20 18:16 - 2015-03-20 18:16 - 02095616 _____ (Farbar) C:\Users\julian\Downloads\FRST64.exe
2015-03-20 18:10 - 2015-03-20 18:11 - 02721569 _____ () C:\Users\julian\Downloads\RK31_kernel_3036_tab89_tolino.7z
2015-03-20 17:34 - 2015-03-20 17:34 - 01496626 _____ () C:\Users\julian\Downloads\flash_tool_1.5.zip
2015-03-19 18:51 - 2015-03-19 18:51 - 00001534 _____ () C:\Users\julian\Downloads\Opencellid - measurements of 262-1-41817-31 (size 2).kml
2015-03-19 18:51 - 2015-03-19 18:51 - 00000337 _____ () C:\Users\julian\Downloads\Opencellid - measurements of 262-1-41817-31 (size 2).csv
2015-03-18 20:14 - 2015-03-18 20:14 - 00000000 ____D () C:\Users\julian\AppData\Roaming\Process Hacker 2
2015-03-18 20:13 - 2015-03-18 21:00 - 00001885 _____ () C:\Users\julian\Desktop\Process Hacker 2.lnk
2015-03-18 20:13 - 2015-03-18 20:13 - 01932448 _____ (wj32 ) C:\Users\julian\Downloads\processhacker-2.33-setup.exe
2015-03-18 20:13 - 2015-03-18 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2015-03-18 20:13 - 2015-03-18 20:13 - 00000000 ____D () C:\Program Files\Process Hacker 2
2015-03-18 20:03 - 2015-03-18 20:03 - 00184320 _____ (ecVFk) C:\Users\julian\Downloads\0626000001426705375.exe
2015-03-18 20:03 - 2015-03-18 20:03 - 00184320 _____ (ecVFk) C:\Users\julian\Downloads\0626000001426705375 (2).exe
2015-03-18 20:03 - 2015-03-18 20:03 - 00184320 _____ (ecVFk) C:\Users\julian\Downloads\0626000001426705375 (1).exe
2015-03-18 20:03 - 2015-03-18 20:03 - 00184320 _____ (ecVFk) C:\Users\julian\Desktop\0626000001426705375 (1).exe
2015-03-18 19:56 - 2015-03-18 19:56 - 00093184 _____ () C:\Users\julian\Downloads\Jaxius@HF Multitool.exe
2015-03-18 19:47 - 2015-03-18 19:48 - 00000000 ____D () C:\Users\julian\Downloads\Desktop Wallpapers - Miscellaneous [1680x1050-2560x1600]-2015
2015-03-18 19:40 - 2015-03-23 15:43 - 00014058 _____ () C:\Users\julian\Desktop\proxies.txt
2015-03-17 16:37 - 2015-03-17 16:37 - 00000000 ____D () C:\Users\julian\Desktop\RK Rom Dumper and Flasher for Windows
2015-03-17 16:36 - 2015-03-17 16:37 - 01253619 _____ () C:\Users\julian\Downloads\rk_tool21_how_to.zip
2015-03-17 16:36 - 2014-08-11 08:59 - 00000000 ____D () C:\Users\julian\Desktop\Release_DriverAssitant
2015-03-17 16:29 - 2015-03-17 16:35 - 09571721 _____ () C:\Users\julian\Downloads\Release_DriverAssitant.rar
2015-03-16 21:32 - 2015-03-16 21:32 - 00000000 ____D () C:\Users\julian\Downloads\The Sims 3 v1.5.21 MOD
2015-03-15 14:41 - 2015-03-15 14:41 - 00591404 _____ () C:\Users\julian\Downloads\RockChip Batch Tool v1.7.zip
2015-03-15 14:41 - 2014-07-01 07:33 - 00000000 ____D () C:\Users\julian\Desktop\RockChip Batch Tool v1.7
2015-03-15 14:10 - 2014-06-08 10:59 - 00195258 _____ () C:\Users\julian\Desktop\RK3188Loader(L)_V2.10.bin
2015-03-15 14:08 - 2015-03-15 14:08 - 00177759 _____ () C:\Users\julian\Downloads\RK3188LoaderL_V2.10.7z
2015-03-15 14:00 - 2015-03-15 14:00 - 00000000 ____D () C:\Users\julian\Desktop\flash
2015-03-15 13:59 - 2013-08-29 18:59 - 00194738 _____ () C:\Users\julian\Desktop\RK3188Loader(L)_V1.24.bin
2015-03-15 13:57 - 2015-03-15 13:57 - 00546536 _____ () C:\Users\julian\Downloads\Oma_DevelopTool_Refresh.7z
2015-03-15 13:35 - 2015-03-15 13:35 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-03-15 13:28 - 2015-03-15 13:28 - 00000334 _____ () C:\DriverInstall2015-03-15.txt
2015-03-15 13:21 - 2013-09-09 14:56 - 00066704 _____ (Fuzhou Rockchip Electronics Co,Ltd.) C:\Windows\system32\Drivers\rockusb.sys
2015-03-15 13:20 - 2015-03-20 17:20 - 00000000 ____D () C:\Users\julian\Desktop\cROM
2015-03-15 13:12 - 2015-03-15 13:20 - 352564223 _____ () C:\Users\julian\Downloads\Oma_RK31_tolino_tab8.9_JB_4.2.2_v1.0.7z
2015-03-13 21:40 - 2015-03-13 21:40 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-03-13 21:36 - 2015-03-13 21:36 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-03-13 21:36 - 2013-07-22 17:15 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2015-03-13 21:36 - 2013-07-22 17:15 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2015-03-13 21:35 - 2013-12-06 21:49 - 00000000 ____D () C:\Users\julian\Desktop\RK3188_ROOT_Everal
2015-03-13 21:30 - 2015-03-13 21:32 - 08671276 _____ () C:\Users\julian\Downloads\RK3188_ROOT_Everal.rar
2015-03-13 21:29 - 2015-03-13 21:41 - 00000000 ____D () C:\Program Files (x86)\Kingo ROOT
2015-03-13 21:29 - 2015-03-13 21:29 - 00001035 _____ () C:\Users\Public\Desktop\Kingo ROOT.lnk
2015-03-13 21:29 - 2015-03-13 21:29 - 00000000 ____D () C:\Users\julian\AppData\Roaming\Kingosoft
2015-03-13 21:29 - 2015-03-13 21:29 - 00000000 ____D () C:\Users\julian\AppData\Local\Kingosoft
2015-03-13 21:29 - 2015-03-13 21:29 - 00000000 ____D () C:\Users\julian\.android
2015-03-13 21:29 - 2015-03-13 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingo ROOT
2015-03-13 21:28 - 2015-03-13 21:28 - 18459176 _____ (Kingosoft Technology Ltd. ) C:\Users\julian\Downloads\android134_root.exe
2015-03-13 20:24 - 2015-03-13 20:24 - 01903054 _____ () C:\Users\julian\Downloads\HashTab_v5.2.0.14.zip
2015-03-13 20:24 - 2015-03-13 20:24 - 00000000 ____D () C:\Program Files\HashTab Shell Extension
2015-03-13 20:12 - 2015-03-13 20:24 - 766509056 _____ () C:\Users\julian\Downloads\ubuntu-12.04.4-desktop-i386.iso
2015-03-13 20:05 - 2015-03-13 20:09 - 03317076 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-13 20:01 - 2009-11-25 11:47 - 01942856 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-03-13 20:01 - 2009-11-25 11:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-03-13 20:01 - 2009-11-25 11:47 - 00444752 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2015-03-13 20:01 - 2009-11-25 11:47 - 00320352 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2015-03-13 20:01 - 2009-11-25 11:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2015-03-13 20:01 - 2009-11-25 11:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2015-03-13 20:01 - 2009-11-25 11:47 - 00109912 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2015-03-13 20:01 - 2009-11-25 11:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2015-03-13 20:01 - 2009-11-25 11:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2015-03-13 20:01 - 2009-11-25 11:47 - 00048960 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2015-03-13 19:59 - 2015-03-13 19:59 - 01005568 _____ (Microsoft Corporation) C:\Users\julian\Downloads\dotNetFx45_Full_setup.exe
2015-03-10 17:55 - 2015-03-10 17:55 - 01835008 _____ () C:\Users\julian\Documents\TrueCrypt Rescue Disk.iso
2015-03-10 17:55 - 2015-03-10 17:55 - 00001254 _____ () C:\Users\Public\Desktop\Virtual CloneDrive.lnk
2015-03-10 17:54 - 2015-03-10 17:54 - 01640984 _____ () C:\Users\julian\Downloads\SetupVirtualCloneDrive5470.exe
2015-03-10 17:54 - 2015-03-10 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2015-03-10 17:54 - 2015-03-10 17:54 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2015-03-10 17:53 - 2015-03-10 17:53 - 00000000 ____D () C:\ProgramData\TrueCrypt
2015-03-10 17:51 - 2015-03-10 17:56 - 00000000 ____D () C:\Users\julian\AppData\Roaming\TrueCrypt
2015-03-10 17:51 - 2015-03-10 17:51 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2015-03-10 17:51 - 2015-03-10 17:51 - 00000875 _____ () C:\Users\Public\Desktop\TrueCrypt.lnk
2015-03-10 17:51 - 2015-03-10 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
2015-03-10 17:51 - 2015-03-10 17:51 - 00000000 ____D () C:\Program Files\TrueCrypt
2015-03-10 17:50 - 2015-03-10 17:50 - 03466248 _____ (TrueCrypt Foundation) C:\Users\julian\Downloads\truecrypt_setup_7.1a.exe
2015-03-10 17:20 - 2015-03-10 17:20 - 01581750 _____ () C:\Users\julian\Downloads\GPTool.rar
2015-03-10 17:20 - 2015-03-10 17:20 - 00000000 ____D () C:\Users\julian\Desktop\gptool
2015-03-10 17:14 - 2015-03-10 17:16 - 28764152 _____ () C:\Users\julian\Downloads\WPA wordlist.tar.gz.part
2015-03-10 17:08 - 2015-03-10 17:08 - 00221320 _____ (Deposit Files) C:\Users\julian\Downloads\dfdownloader_l8o6r8_.exe
2015-03-10 17:03 - 2015-03-10 17:03 - 00029578 _____ () C:\Users\julian\Downloads\ubuntu-12.04.4-desktop-i386.iso (5).torrent
2015-03-10 17:02 - 2015-03-10 17:02 - 00029578 _____ () C:\Users\julian\Downloads\ubuntu-12.04.4-desktop-i386.iso (4).torrent
2015-03-10 17:02 - 2015-03-10 17:02 - 00029578 _____ () C:\Users\julian\Downloads\ubuntu-12.04.4-desktop-i386.iso (3).torrent
2015-03-10 17:02 - 2015-03-10 17:02 - 00029578 _____ () C:\Users\julian\Downloads\ubuntu-12.04.4-desktop-i386.iso (2).torrent
2015-03-10 17:01 - 2015-03-10 17:01 - 00029578 _____ () C:\Users\julian\Downloads\ubuntu-12.04.4-desktop-i386.iso.torrent
2015-03-10 17:01 - 2015-03-10 17:01 - 00029578 _____ () C:\Users\julian\Downloads\ubuntu-12.04.4-desktop-i386.iso (1).torrent
2015-03-10 16:43 - 2015-03-10 16:43 - 00000000 ____D () C:\Users\julian\AppData\Local\Dögel_GmbH
2015-03-10 16:42 - 2015-03-10 16:42 - 00000000 ____D () C:\Capture
2015-03-10 16:41 - 2015-03-10 16:41 - 10444504 _____ () C:\Users\julian\Downloads\Evalaze_Free_2.2.0.0.zip
2015-03-10 16:23 - 2015-03-10 16:23 - 02058768 _____ () C:\Users\julian\Downloads\winrar-x64-521d.exe
2015-03-10 16:23 - 2015-03-10 16:23 - 00848808 _____ () C:\Users\julian\Downloads\BuBBle Protector FUD ByRoda.rar
2015-03-10 16:23 - 2015-03-10 16:23 - 00000000 ____D () C:\Users\julian\AppData\Roaming\WinRAR
2015-03-10 16:23 - 2015-03-10 16:23 - 00000000 ____D () C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-10 16:23 - 2015-03-10 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-10 16:23 - 2015-03-10 16:23 - 00000000 ____D () C:\Program Files\WinRAR
2015-03-08 21:35 - 2015-03-08 21:35 - 00001807 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk
2015-03-08 21:35 - 2015-03-08 21:35 - 00001780 _____ () C:\Users\Public\Desktop\Apps.lnk
2015-03-08 21:34 - 2015-03-08 21:40 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-03-08 21:34 - 2015-03-08 21:34 - 00000000 ____D () C:\Users\julian\AppData\Local\Bluestacks
2015-03-08 21:34 - 2015-03-08 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-03-08 21:34 - 2015-03-08 21:34 - 00000000 ____D () C:\ProgramData\BlueStacks
2015-03-08 21:34 - 2015-03-08 21:34 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2015-03-08 21:33 - 2015-03-08 21:33 - 13555608 _____ (BlueStack Systems Inc.) C:\Users\julian\Downloads\BlueStacks-ThinInstaller.exe
2015-03-08 21:30 - 2015-03-08 21:30 - 00270282 _____ () C:\Users\julian\Downloads\info.staticfree.android.twentyfourhour_8.apk
2015-03-08 21:30 - 2015-03-08 21:30 - 00270282 _____ () C:\Users\julian\Desktop\info.staticfree.android.twentyfourhour_8.apk
2015-03-08 20:53 - 2015-03-08 20:53 - 00068628 _____ () C:\Users\julian\Desktop\Framework.apk
2015-03-08 20:33 - 2015-03-08 20:33 - 00000000 ____D () C:\Windows\pss
2015-03-08 19:42 - 2015-03-08 19:42 - 00000000 ____D () C:\Users\julian\Tracing
2015-03-08 18:27 - 2015-03-08 18:27 - 00000000 ____D () C:\ProgramData\Avg_Update_0215tb
2015-03-07 23:10 - 2015-03-10 17:12 - 00000000 ____D () C:\Users\julian\Downloads\GTA.San.Andreas.Karma-iND
2015-03-07 23:08 - 2015-03-07 23:09 - 00001092 _____ () C:\Users\julian\Downloads\d65932923198b89757fc167281f3c972 (1).dlc
2015-03-07 23:08 - 2015-03-07 23:08 - 00001092 _____ () C:\Users\julian\Downloads\d65932923198b89757fc167281f3c972.dlc
2015-03-07 22:39 - 2015-03-07 22:39 - 00020709 _____ () C:\Users\julian\Downloads\sex.zip
2015-03-07 22:13 - 2015-03-07 22:13 - 00000000 ____D () C:\Users\julian\Desktop\omegle
2015-03-07 22:12 - 2015-03-07 22:13 - 01246754 _____ () C:\Users\julian\Downloads\YOSFree Bin 1.4.3.5.zip
2015-03-07 21:32 - 2015-03-07 21:32 - 00000113 _____ () C:\Users\julian\Desktop\Neues Textdokument.txt
2015-03-07 14:08 - 2015-03-07 14:08 - 00748246 _____ ( ) C:\Users\julian\Downloads\reshack_setup.exe
2015-03-07 14:08 - 2015-03-07 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker
2015-03-07 14:08 - 2015-03-07 14:08 - 00000000 ____D () C:\Program Files (x86)\Resource Hacker
2015-03-07 13:28 - 2015-03-13 20:27 - 00000000 ____D () C:\Users\julian\VirtualBox VMs
2015-03-07 13:27 - 2015-03-15 12:13 - 00000000 ____D () C:\Users\julian\.VirtualBox
2015-03-07 13:27 - 2015-03-07 13:27 - 00836500 _____ () C:\Users\julian\Desktop\FINISHED.apk
2015-03-07 13:26 - 2015-03-07 13:26 - 00799497 _____ () C:\Users\julian\Downloads\com.orphan.amplayer_1.apk
2015-03-07 13:26 - 2015-03-07 13:26 - 00799497 _____ () C:\Users\julian\Desktop\com.orphan.amplayer_1.apk
2015-03-07 13:18 - 2015-03-07 13:24 - 348127232 _____ () C:\Users\julian\Downloads\android-x86-4.4-RC2.iso
2015-03-07 13:17 - 2015-03-07 13:17 - 00001076 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2015-03-07 13:17 - 2015-03-07 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-03-07 13:17 - 2015-03-02 15:20 - 00922168 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2015-03-07 13:17 - 2015-03-02 15:18 - 00128592 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2015-03-07 13:16 - 2015-03-07 13:16 - 00000000 ____D () C:\Program Files\Oracle
2015-03-07 13:12 - 2015-03-07 13:15 - 111197384 _____ (Oracle Corporation) C:\Users\julian\Downloads\VirtualBox-4.3.24-98716-Win.exe
2015-03-07 11:49 - 2015-03-07 11:49 - 00000000 ____D () C:\Users\julian\AppData\Local\AndroRat_Binder
2015-03-07 11:48 - 2015-03-07 11:48 - 00068664 _____ () C:\Users\julian\Desktop\System App Mover.apk
2015-03-07 11:48 - 2015-03-07 11:48 - 00000000 ____D () C:\Users\julian\apktool
2015-03-07 11:42 - 2015-03-07 11:42 - 00000000 ____D () C:\ProgramData\Sun
2015-03-07 11:42 - 2015-03-07 11:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-07 11:42 - 2015-03-07 11:41 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-07 11:41 - 2015-03-07 11:41 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-07 11:41 - 2015-03-07 11:41 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-07 11:40 - 2015-03-07 11:40 - 00561576 _____ (Oracle Corporation) C:\Users\julian\Downloads\chromeinstall-8u40.exe
2015-03-07 11:28 - 2015-03-07 11:28 - 00061285 _____ () C:\Users\julian\Downloads\de.j4velin.systemappmover_161.apk
2015-03-07 11:24 - 2015-03-07 11:24 - 00000000 ___RD () C:\Sandbox
2015-03-07 11:23 - 2015-03-07 11:23 - 10303034 _____ () C:\Users\julian\Downloads\Androrat by Laceratus.zip
2015-03-07 11:22 - 2015-03-24 14:07 - 00001584 _____ () C:\Windows\Sandboxie.ini
2015-03-07 11:22 - 2015-03-07 11:47 - 00001020 _____ () C:\Users\julian\Desktop\Sandboxed Web Browser.lnk
2015-03-07 11:22 - 2015-03-07 11:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2015-03-07 11:22 - 2015-03-07 11:22 - 00000000 ____D () C:\Program Files\Sandboxie
2015-03-07 11:21 - 2015-03-07 11:21 - 06980616 _____ (Sandboxie Holdings, LLC) C:\Users\julian\Downloads\SandboxieInstall.exe
2015-03-07 11:16 - 2015-03-07 11:16 - 00100790 _____ () C:\Users\julian\Downloads\WormFC.zip
2015-03-07 11:14 - 2015-03-07 11:14 - 00239648 _____ () C:\Users\julian\Downloads\DUCSetup_v4_1_0.exe
2015-03-07 11:14 - 2015-03-07 11:14 - 00000000 ____D () C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC
2015-03-07 11:14 - 2015-03-07 11:14 - 00000000 ____D () C:\Users\julian\AppData\Local\Vitalwerks
2015-03-07 11:14 - 2015-03-07 11:14 - 00000000 ____D () C:\Program Files (x86)\No-IP
2015-03-07 11:10 - 2015-03-07 11:10 - 03069958 _____ () C:\Users\julian\Downloads\ICryptex Free Edition - Update 02.03.2015.zip
2015-03-03 18:45 - 2015-03-03 18:46 - 19192342 _____ () C:\Users\julian\Downloads\Windows_7_TOP50Gadgets.zip
2015-03-02 15:18 - 2015-03-02 15:18 - 00204264 _____ (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll
2015-03-02 15:18 - 2015-03-02 15:18 - 00156360 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys
2015-03-02 15:18 - 2015-03-02 15:18 - 00141440 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2015-02-27 22:51 - 2015-02-27 22:51 - 00003673 _____ () C:\Users\julian\Desktop\PeerBlock-Setup_v1.2_r6933.exe.torrent
2015-02-27 22:37 - 2015-02-27 22:37 - 01376768 _____ () C:\Users\julian\Downloads\7z920-x64.msi
2015-02-27 22:37 - 2015-02-27 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-02-27 22:37 - 2015-02-27 22:37 - 00000000 ____D () C:\Program Files\7-Zip
2015-02-27 22:36 - 2015-02-27 22:36 - 01230722 _____ () C:\Users\julian\Downloads\njRAT-v0.7d.rar
2015-02-27 22:28 - 2015-02-27 22:29 - 00000000 ____D () C:\Users\julian\Downloads\Ma Pa 1
2015-02-27 21:46 - 2015-03-24 13:31 - 00000000 ____D () C:\Users\julian\AppData\Roaming\Skype
2015-02-27 21:46 - 2015-02-27 21:46 - 00000000 ____D () C:\Users\julian\AppData\Local\Skype
2015-02-27 21:45 - 2015-02-27 21:46 - 00000000 ____D () C:\ProgramData\Skype
2015-02-27 21:45 - 2015-02-27 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-02-27 21:45 - 2015-02-27 21:45 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-02-27 21:45 - 2015-02-27 21:45 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-27 21:40 - 2015-02-27 21:40 - 01548384 _____ (Skype Technologies S.A.) C:\Users\julian\Downloads\SkypeSetup.exe
2015-02-27 21:21 - 2015-03-10 17:05 - 545343947 _____ () C:\Users\julian\Downloads\g0tmi1k-wordlist.7z
2015-02-27 21:17 - 2015-02-27 21:17 - 00000814 _____ () C:\Users\julian\Desktop\µTorrent.lnk
2015-02-27 21:17 - 2015-02-27 21:17 - 00000794 _____ () C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-02-27 21:16 - 2015-03-24 12:54 - 00000000 ____D () C:\Program Files\PeerBlock
2015-02-27 21:16 - 2015-02-28 10:14 - 00001780 _____ () C:\Users\julian\Desktop\PeerBlock.lnk
2015-02-27 21:16 - 2015-02-27 21:16 - 02374320 _____ (PeerBlock, LLC ) C:\Users\julian\Downloads\PeerBlock-Setup_v1.2_r693.exe
2015-02-27 21:16 - 2015-02-27 21:16 - 01742928 _____ (BitTorrent Inc.) C:\Users\julian\Downloads\uTorrent (1).exe
2015-02-27 21:16 - 2015-02-27 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
2015-02-27 21:12 - 2015-02-27 21:12 - 00103197 _____ () C:\Users\julian\Downloads\LOIC-1.0.8-binary.zip
2015-02-27 21:09 - 2015-02-27 21:09 - 00002053 _____ () C:\Users\julian\Desktop\JDownloader 2.lnk
2015-02-27 21:09 - 2015-02-27 21:09 - 00000000 ____D () C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2015-02-27 21:06 - 2015-03-18 21:44 - 00000000 ____D () C:\Users\julian\AppData\Local\JDownloader v2.0
2015-02-27 21:02 - 2015-02-27 21:02 - 00186583 _____ () C:\Users\julian\Downloads\JDownloader1 Setup.zip
2015-02-27 21:01 - 2015-03-17 19:29 - 00000000 ____D () C:\Users\julian\AppData\Local\AVG Web TuneUp
2015-02-27 21:01 - 2015-02-27 21:01 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2015-02-27 21:00 - 2015-03-08 18:30 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2015-02-27 21:00 - 2015-02-27 21:01 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2015-02-27 21:00 - 2015-02-27 21:00 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2015-02-27 20:38 - 2015-02-27 20:45 - 1044381696 _____ () C:\Users\julian\Downloads\ubuntu-14.04.2-desktop-amd64.iso
2015-02-27 20:38 - 2015-02-27 20:38 - 00040180 _____ () C:\Users\julian\Downloads\ubuntu-14.04.2-desktop-amd64.iso.torrent
2015-02-27 20:37 - 2015-03-24 13:31 - 00000000 ____D () C:\Users\julian\AppData\Roaming\BitTorrent
2015-02-27 20:37 - 2015-02-27 20:37 - 00000834 _____ () C:\Users\julian\Desktop\BitTorrent.lnk
2015-02-27 20:37 - 2015-02-27 20:37 - 00000814 _____ () C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2015-02-27 20:36 - 2015-02-27 20:37 - 01744472 _____ (BitTorrent Inc.) C:\Users\julian\Downloads\BitTorrent.exe
2015-02-27 20:35 - 2015-03-24 13:59 - 00000000 ____D () C:\Users\julian\AppData\Roaming\uTorrent
2015-02-27 20:35 - 2015-02-27 20:35 - 01742928 _____ (BitTorrent Inc.) C:\Users\julian\Downloads\uTorrent.exe
2015-02-27 20:31 - 2015-02-27 20:31 - 00000000 ____D () C:\Users\julian\AppData\Roaming\AVG2015
2015-02-27 20:30 - 2015-02-27 20:30 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-02-27 20:30 - 2015-02-27 20:30 - 00000000 ____D () C:\Users\julian\AppData\Roaming\TuneUp Software
2015-02-27 20:30 - 2015-02-27 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-02-27 20:29 - 2015-03-18 20:51 - 00000000 ____D () C:\ProgramData\AVG2015
2015-02-27 20:29 - 2015-02-27 20:29 - 00000000 ___HD () C:\$AVG
2015-02-27 20:28 - 2015-02-27 20:28 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-02-27 20:27 - 2015-03-24 11:01 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-27 20:27 - 2015-02-27 22:38 - 00000000 ____D () C:\Users\julian\AppData\Local\Avg2015
2015-02-27 20:27 - 2015-02-27 20:27 - 00000000 ____D () C:\Users\julian\AppData\Local\MFAData
2015-02-27 20:20 - 2015-02-27 20:27 - 180783680 _____ (AVG Technologies) C:\Users\julian\Downloads\avg_free_x64_all_2015_ltst_221.exe
2015-02-27 20:18 - 2015-02-27 20:18 - 00015990 _____ () C:\Windows\system32\results.xml
2015-02-27 20:17 - 2015-03-24 13:20 - 00002886 _____ () C:\Windows\PFRO.log
2015-02-27 20:16 - 2015-02-27 20:16 - 00000184 _____ () C:\setup.log
2015-02-27 20:16 - 2015-02-27 20:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-27 20:16 - 2015-02-27 20:16 - 00000000 ____D () C:\Windows\Options
2015-02-27 20:16 - 2015-02-27 20:16 - 00000000 ____D () C:\ProgramData\Atheros
2015-02-27 20:16 - 2015-02-27 20:16 - 00000000 ____D () C:\Program Files (x86)\Atheros
2015-02-27 20:16 - 2012-04-26 23:39 - 00073472 ____N () C:\Windows\system32\athrextx.cat
2015-02-27 20:16 - 2012-04-19 22:56 - 02811392 ____N (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\athrx.sys
2015-02-27 20:16 - 2012-04-19 22:56 - 02811392 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys
2015-02-27 20:14 - 2015-02-27 20:14 - 00000000 ____D () C:\Program Files\Common Files\Intel
2015-02-27 20:14 - 2015-02-27 20:14 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-02-27 20:14 - 2015-02-27 20:14 - 00000000 ____D () C:\Intel
2015-02-27 20:14 - 2000-01-01 01:00 - 12312928 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2015-02-27 20:14 - 2000-01-01 01:00 - 09014784 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
2015-02-27 20:14 - 2000-01-01 01:00 - 02780160 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2015-02-27 20:14 - 2000-01-01 01:00 - 02191872 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2015-02-27 20:14 - 2000-01-01 01:00 - 00581120 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdx32.dll
2015-02-27 20:14 - 2000-01-01 01:00 - 00390144 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2015-02-27 20:14 - 2000-01-01 01:00 - 00378368 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
2015-02-27 20:14 - 2000-01-01 01:00 - 00376832 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2015-02-27 20:14 - 2000-01-01 01:00 - 00376832 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2015-02-27 20:14 - 2000-01-01 01:00 - 00376320 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
2015-02-27 20:14 - 2000-01-01 01:00 - 00317440 _____ (Intel(R) Corporation) C:\Windows\system32\Drivers\IntcDAud.sys
2015-02-27 20:14 - 2000-01-01 01:00 - 00293888 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2015-02-27 20:14 - 2000-01-01 01:00 - 00246784 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2015-02-27 20:14 - 2000-01-01 01:00 - 00219136 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2015-02-27 20:14 - 2000-01-01 01:00 - 00158976 _____ (Intel Corporation) C:\Windows\system32\Drivers\Impcd.sys
2015-02-27 20:14 - 2000-01-01 01:00 - 00142336 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
2015-02-27 20:14 - 2000-01-01 01:00 - 00098304 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2015-02-27 20:14 - 2000-01-01 01:00 - 00098304 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2015-02-27 20:14 - 2000-01-01 01:00 - 00090112 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v2993.dll
2015-02-27 20:14 - 2000-01-01 01:00 - 00062464 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
2015-02-27 20:14 - 2000-01-01 01:00 - 00028672 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2015-02-27 20:14 - 2000-01-01 01:00 - 00024576 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2015-02-27 20:14 - 2000-01-01 01:00 - 00014848 _____ (Intel(R) Corporation) C:\Windows\system32\IntcDAuC.dll
2015-02-27 20:14 - 2000-01-01 01:00 - 00004096 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
2015-02-27 20:13 - 2015-02-27 20:13 - 00000000 ____D () C:\ProgramData\SlimWare Utilities, Inc
2015-02-27 20:13 - 2000-01-01 01:00 - 18664960 _____ (Intel Corporation) C:\Windows\system32\ig4icd64.dll
2015-02-27 20:13 - 2000-01-01 01:00 - 13913600 _____ () C:\Windows\SysWOW64\ig4icd32.dll
2015-02-27 20:13 - 2000-01-01 01:00 - 09528832 _____ (Intel Corporation) C:\Windows\system32\igd10umd64.dll
2015-02-27 20:13 - 2000-01-01 01:00 - 08314368 _____ (Intel Corporation) C:\Windows\system32\igdumd64.dll
2015-02-27 20:13 - 2000-01-01 01:00 - 07988224 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
2015-02-27 20:13 - 2000-01-01 01:00 - 06324224 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll
2015-02-27 20:13 - 2000-01-01 01:00 - 04380144 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
2015-02-27 20:13 - 2000-01-01 01:00 - 01981696 _____ () C:\Windows\system32\iglhxa64.cpa
2015-02-27 20:13 - 2000-01-01 01:00 - 00867020 _____ () C:\Windows\SysWOW64\igkrng575.bin
2015-02-27 20:13 - 2000-01-01 01:00 - 00867020 _____ () C:\Windows\system32\igkrng575.bin
2015-02-27 20:13 - 2000-01-01 01:00 - 00510960 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2015-02-27 20:13 - 2000-01-01 01:00 - 00418800 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
2015-02-27 20:13 - 2000-01-01 01:00 - 00394224 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
2015-02-27 20:13 - 2000-01-01 01:00 - 00287232 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
2015-02-27 20:13 - 2000-01-01 01:00 - 00287232 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
2015-02-27 20:13 - 2000-01-01 01:00 - 00287232 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
2015-02-27 20:13 - 2000-01-01 01:00 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
2015-02-27 20:13 - 2000-01-01 01:00 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
2015-02-27 20:13 - 2000-01-01 01:00 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrrom.lrc
2015-02-27 20:13 - 2000-01-01 01:00 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
2015-02-27 20:13 - 2000-01-01 01:00 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
2015-02-27 20:13 - 2000-01-01 01:00 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
2015-02-27 20:13 - 2000-01-01 01:00 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
2015-02-27 20:13 - 2000-01-01 01:00 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrhrv.lrc
2015-02-27 20:13 - 2000-01-01 01:00 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
2015-02-27 20:13 - 2000-01-01 01:00 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
2015-02-27 20:13 - 2000-01-01 01:00 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
2015-02-27 20:13 - 2000-01-01 01:00 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
2015-02-27 20:13 - 2000-01-01 01:00 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
2015-02-27 20:13 - 2000-01-01 01:00 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
2015-02-27 20:13 - 2000-01-01 01:00 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
2015-02-27 20:13 - 2000-01-01 01:00 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
2015-02-27 20:13 - 2000-01-01 01:00 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
2015-02-27 20:13 - 2000-01-01 01:00 - 00285696 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
2015-02-27 20:13 - 2000-01-01 01:00 - 00285696 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
2015-02-27 20:13 - 2000-01-01 01:00 - 00285696 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
2015-02-27 20:13 - 2000-01-01 01:00 - 00285184 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
2015-02-27 20:13 - 2000-01-01 01:00 - 00285184 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
2015-02-27 20:13 - 2000-01-01 01:00 - 00283648 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
2015-02-27 20:13 - 2000-01-01 01:00 - 00283136 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
2015-02-27 20:13 - 2000-01-01 01:00 - 00282624 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
2015-02-27 20:13 - 2000-01-01 01:00 - 00282624 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
2015-02-27 20:13 - 2000-01-01 01:00 - 00241136 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2015-02-27 20:13 - 2000-01-01 01:00 - 00211303 _____ () C:\Windows\system32\Gfxres.th-TH.resources
2015-02-27 20:13 - 2000-01-01 01:00 - 00198139 _____ () C:\Windows\system32\Gfxres.el-GR.resources
2015-02-27 20:13 - 2000-01-01 01:00 - 00185840 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2015-02-27 20:13 - 2000-01-01 01:00 - 00182706 _____ () C:\Windows\system32\Gfxres.ru-RU.resources
2015-02-27 20:13 - 2000-01-01 01:00 - 00168944 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
2015-02-27 20:13 - 2000-01-01 01:00 - 00156233 _____ () C:\Windows\system32\Gfxres.ar-SA.resources
2015-02-27 20:13 - 2000-01-01 01:00 - 00153167 _____ () C:\Windows\system32\Gfxres.ja-JP.resources
2015-02-27 20:13 - 2000-01-01 01:00 - 00149009 _____ () C:\Windows\system32\Gfxres.he-IL.resources
2015-02-27 20:13 - 2000-01-01 01:00 - 00146432 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
2015-02-27 20:13 - 2000-01-01 01:00 - 00140216 _____ () C:\Windows\system32\Gfxres.it-IT.resources
2015-02-27 20:13 - 2000-01-01 01:00 - 00138727 _____ () C:\Windows\system32\Gfxres.ko-KR.resources
2015-02-27 20:13 - 2000-01-01 01:00 - 00137846 _____ () C:\Windows\system32\Gfxres.de-DE.resources
2015-02-27 20:13 - 2000-01-01 01:00 - 00137668 _____ () C:\Windows\system32\Gfxres.es-ES.resources
2015-02-27 20:13 - 2000-01-01 01:00 - 00136603 _____ () C:\Windows\system32\Gfxres.ro-RO.resources
2015-02-27 20:13 - 2000-01-01 01:00 - 00135628 _____ () C:\Windows\system32\Gfxres.fr-FR.resources
2015-02-27 20:13 - 2000-01-01 01:00 - 00135370 _____ () C:\Windows\system32\Gfxres.tr-TR.resources
2015-02-27 20:13 - 2000-01-01 01:00 - 00134836 _____ () C:\Windows\system32\Gfxres.pt-BR.resources
2015-02-27 20:13 - 2000-01-01 01:00 - 00134412 _____ () C:\Windows\system32\Gfxres.nl-NL.resources
2015-02-27 20:13 - 2000-01-01 01:00 - 00134384 _____ () C:\Windows\system32\Gfxres.hu-HU.resources
2015-02-27 20:13 - 2000-01-01 01:00 - 00133846 _____ () C:\Windows\system32\Gfxres.sv-SE.resources
2015-02-27 20:13 - 2000-01-01 01:00 - 00133709 _____ () C:\Windows\system32\Gfxres.pt-PT.resources
2015-02-27 20:13 - 2000-01-01 01:00 - 00133404 _____ () C:\Windows\system32\Gfxres.cs-CZ.resources
2015-02-27 20:13 - 2000-01-01 01:00 - 00133178 _____ () C:\Windows\system32\Gfxres.pl-PL.resources
2015-02-27 20:13 - 2000-01-01 01:00 - 00132889 _____ () C:\Windows\system32\Gfxres.fi-FI.resources
2015-02-27 20:13 - 2000-01-01 01:00 - 00132788 _____ () C:\Windows\system32\Gfxres.sk-SK.resources
2015-02-27 20:13 - 2000-01-01 01:00 - 00131839 _____ () C:\Windows\system32\Gfxres.hr-HR.resources
2015-02-27 20:13 - 2000-01-01 01:00 - 00128996 _____ () C:\Windows\system32\Gfxres.sl-SI.resources
2015-02-27 20:13 - 2000-01-01 01:00 - 00128831 _____ () C:\Windows\system32\Gfxres.nb-NO.resources
2015-02-27 20:13 - 2000-01-01 01:00 - 00128535 _____ () C:\Windows\system32\Gfxres.da-DK.resources
2015-02-27 20:13 - 2000-01-01 01:00 - 00128204 _____ () C:\Windows\SysWOW64\igcompkrng575.bin
2015-02-27 20:13 - 2000-01-01 01:00 - 00128204 _____ () C:\Windows\system32\igcompkrng575.bin
2015-02-27 20:13 - 2000-01-01 01:00 - 00126976 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
2015-02-27 20:13 - 2000-01-01 01:00 - 00124052 _____ () C:\Windows\system32\Gfxres.en-US.resources
2015-02-27 20:13 - 2000-01-01 01:00 - 00117636 _____ () C:\Windows\system32\Gfxres.zh-TW.resources
2015-02-27 20:13 - 2000-01-01 01:00 - 00116348 _____ () C:\Windows\system32\Gfxres.zh-CN.resources
2015-02-27 20:13 - 2000-01-01 01:00 - 00110080 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
2015-02-27 20:13 - 2000-01-01 01:00 - 00105608 _____ () C:\Windows\SysWOW64\igfcg575m.bin
2015-02-27 20:13 - 2000-01-01 01:00 - 00105608 _____ () C:\Windows\system32\igfcg575m.bin
2015-02-27 20:13 - 2000-01-01 01:00 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2015-02-27 20:13 - 2000-01-01 01:00 - 00059243 _____ () C:\Windows\system32\iglhxo64.vp
2015-02-27 20:13 - 2000-01-01 01:00 - 00059174 _____ () C:\Windows\system32\iglhxg64.vp
2015-02-27 20:13 - 2000-01-01 01:00 - 00059062 _____ () C:\Windows\system32\iglhxc64.vp
2015-02-27 20:13 - 2000-01-01 01:00 - 00017444 _____ () C:\Windows\system32\iglhxs64.vp
2015-02-27 20:13 - 2000-01-01 01:00 - 00001074 _____ () C:\Windows\system32\iglhxa64.vp
2015-02-27 20:12 - 2015-03-24 12:54 - 00000412 _____ () C:\Windows\Tasks\SlimDrivers Startup.job
2015-02-27 20:12 - 2015-03-24 11:00 - 00002840 _____ () C:\Windows\System32\Tasks\SlimDrivers Startup
2015-02-27 20:12 - 2015-03-24 10:58 - 00013920 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2015-02-27 20:12 - 2015-02-27 20:12 - 00002467 _____ () C:\Users\Public\Desktop\SlimDrivers.lnk
2015-02-27 20:12 - 2015-02-27 20:12 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2015-02-27 20:12 - 2015-02-27 20:12 - 00000000 ____D () C:\Users\julian\AppData\Local\SlimWare Utilities Inc
2015-02-27 20:11 - 2015-02-27 20:11 - 00858432 _____ (SlimWare Utilities, Inc.) C:\Users\julian\Downloads\SlimDrivers-setup_32705.exe
2015-02-27 20:10 - 2015-02-27 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-27 20:10 - 2010-06-07 00:07 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-27 20:09 - 2015-03-24 12:14 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-27 20:09 - 2015-03-24 10:58 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-27 20:09 - 2015-03-21 15:05 - 00057560 _____ () C:\Users\julian\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-27 20:09 - 2015-02-27 20:10 - 00000000 ____D () C:\Users\julian\AppData\Local\Google
2015-02-27 20:09 - 2015-02-27 20:10 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-27 20:09 - 2015-02-27 20:09 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-27 20:09 - 2015-02-27 20:09 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-27 20:09 - 2015-02-27 20:09 - 00000000 ____D () C:\Users\julian\AppData\Local\Deployment
2015-02-27 20:09 - 2015-02-27 20:09 - 00000000 ____D () C:\Users\julian\AppData\Local\Apps\2.0
2015-02-27 20:06 - 2014-12-23 00:41 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-24 14:02 - 2010-06-06 23:35 - 00142287 _____ () C:\Windows\WindowsUpdate.log
2015-03-24 13:28 - 2009-07-14 05:45 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-24 13:28 - 2009-07-14 05:45 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-24 13:20 - 2009-07-14 05:51 - 00020043 _____ () C:\Windows\setupact.log
2015-03-24 10:56 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-23 16:42 - 2009-07-14 08:45 - 00000000 ____D () C:\Windows\ShellNew
2015-03-23 15:38 - 2009-10-24 17:10 - 00731434 _____ () C:\Windows\system32\perfh010.dat
2015-03-23 15:38 - 2009-10-24 17:10 - 00146298 _____ () C:\Windows\system32\perfc010.dat
2015-03-23 15:38 - 2009-10-24 17:01 - 00737104 _____ () C:\Windows\system32\perfh00C.dat
2015-03-23 15:38 - 2009-10-24 17:01 - 00149032 _____ () C:\Windows\system32\perfc00C.dat
2015-03-23 15:38 - 2009-10-24 16:51 - 00698926 _____ () C:\Windows\system32\perfh007.dat
2015-03-23 15:38 - 2009-10-24 16:51 - 00149034 _____ () C:\Windows\system32\perfc007.dat
2015-03-23 15:38 - 2009-07-14 06:13 - 03381904 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-22 18:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\MSBuild
2015-03-22 18:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-03-21 10:34 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\system32\WCN
2015-03-21 10:34 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2015-03-21 10:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\MUI
2015-03-21 10:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-21 10:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\com
2015-03-13 21:29 - 2010-06-06 23:40 - 00000000 ____D () C:\Users\julian
2015-03-13 19:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-08 21:35 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-03-07 14:09 - 2010-06-06 23:40 - 00000000 ____D () C:\Users\julian\AppData\Local\VirtualStore
2015-03-03 18:54 - 2010-01-09 10:34 - 00871318 _____ () C:\Users\julian\Desktop\NetworkMeterv2.4.gadget
2015-02-27 20:06 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\restore
==================== Files in the root of some directories =======
2015-03-24 12:36 - 2015-03-24 12:36 - 0000000 _____ () C:\Users\julian\AppData\Roaming\system.ini
Some content of TEMP:
====================
C:\Users\julian\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-21 10:21
==================== End Of Log ============================
--- --- --- |
|
24.03.2015, 16:00
| #3 |
| /// the machine /// TB-Ausbilder    | Rechner total verbogen hi,
__________________Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
25.03.2015, 12:05
| #4 |
| | Rechner total verbogen Hi habe bei MBAM Anti Rootkit auf Cleanup gedrückt Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2014.11.18.05
rootkit: v2014.11.12.01
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
julian :: JULIAN-PC [administrator]
25.03.2015 11:19:59
mbar-log-2015-03-25 (11-19-59).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 41531
Time elapsed: 2 minute(s), 19 second(s) [aborted]
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCHOST.EXE (Backdoor.Bot) -> No action taken. [0637d5680b71a98ddd42fd5d33ce11ef]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCHOST.EXE (Backdoor.Bot) -> No action taken. [0637d5680b71a98ddd42fd5d33ce11ef]
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\ProgramData\{$1284-9213-2940-1289$}\svchost.exe (Backdoor.Bot) -> No action taken. [0637d5680b71a98ddd42fd5d33ce11ef]
C:\Users\julian\Desktop\crypterv2.exe (Backdoor.Bot) -> No action taken. [77c649f4dba17cba1d02a0ba6a977a86]
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 11:59:07.0675 0x129c TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
11:59:10.0311 0x129c ============================================================
11:59:10.0311 0x129c Current date / time: 2015/03/25 11:59:10.0311
11:59:10.0311 0x129c SystemInfo:
11:59:10.0311 0x129c
11:59:10.0311 0x129c OS Version: 6.1.7600 ServicePack: 0.0
11:59:10.0311 0x129c Product type: Workstation
11:59:10.0311 0x129c ComputerName: JULIAN-PC
11:59:10.0311 0x129c UserName: julian
11:59:10.0311 0x129c Windows directory: C:\Windows
11:59:10.0311 0x129c System windows directory: C:\Windows
11:59:10.0311 0x129c Running under WOW64
11:59:10.0311 0x129c Processor architecture: Intel x64
11:59:10.0311 0x129c Number of processors: 4
11:59:10.0311 0x129c Page size: 0x1000
11:59:10.0311 0x129c Boot type: Normal boot
11:59:10.0311 0x129c ============================================================
11:59:15.0054 0x129c KLMD registered as C:\Windows\system32\drivers\61576121.sys
11:59:15.0428 0x129c System UUID: {FEFB198A-1E6F-0CD1-9407-DE4C5734D940}
11:59:17.0986 0x129c Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:59:18.0023 0x129c ============================================================
11:59:18.0024 0x129c \Device\Harddisk0\DR0:
11:59:18.0024 0x129c MBR partitions:
11:59:18.0024 0x129c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:59:18.0024 0x129c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1DC23000
11:59:18.0024 0x129c \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1DC55800, BlocksNum 0xC350000
11:59:18.0024 0x129c ============================================================
11:59:18.0239 0x129c F: <-> \Device\Harddisk0\DR0\Partition3
11:59:18.0240 0x129c ============================================================
11:59:18.0240 0x129c Initialize success
11:59:18.0240 0x129c ============================================================
12:01:03.0847 0x05bc ============================================================
12:01:03.0847 0x05bc Scan started
12:01:03.0847 0x05bc Mode: Manual; SigCheck; TDLFS;
12:01:03.0847 0x05bc ============================================================
12:01:03.0847 0x05bc KSN ping started
12:01:06.0435 0x05bc KSN ping finished: true
12:01:07.0807 0x05bc ================ Scan system memory ========================
12:01:07.0807 0x05bc System memory - ok
12:01:07.0808 0x05bc ================ Scan services =============================
12:01:07.0845 0x05bc 1394ohci - ok
12:01:07.0850 0x05bc ACPI - ok
12:01:07.0856 0x05bc AcpiPmi - ok
12:01:07.0888 0x05bc adp94xx - ok
12:01:07.0900 0x05bc adpahci - ok
12:01:07.0905 0x05bc adpu320 - ok
12:01:07.0911 0x05bc AeLookupSvc - ok
12:01:07.0923 0x05bc AFD - ok
12:01:07.0929 0x05bc agp440 - ok
12:01:07.0933 0x05bc ALG - ok
12:01:07.0937 0x05bc aliide - ok
12:01:07.0941 0x05bc amdide - ok
12:01:07.0945 0x05bc AmdK8 - ok
12:01:07.0949 0x05bc AmdPPM - ok
12:01:07.0952 0x05bc amdsata - ok
12:01:07.0956 0x05bc amdsbs - ok
12:01:07.0960 0x05bc amdxata - ok
12:01:07.0966 0x05bc AntiVirSchedulerService - ok
12:01:07.0970 0x05bc AntiVirService - ok
12:01:07.0974 0x05bc AppID - ok
12:01:07.0978 0x05bc AppIDSvc - ok
12:01:07.0982 0x05bc Appinfo - ok
12:01:07.0985 0x05bc arc - ok
12:01:07.0990 0x05bc arcsas - ok
12:01:07.0998 0x05bc aspnet_state - ok
12:01:08.0009 0x05bc AsyncMac - ok
12:01:08.0013 0x05bc atapi - ok
12:01:08.0022 0x05bc athr - ok
12:01:08.0027 0x05bc AudioEndpointBuilder - ok
12:01:08.0030 0x05bc AudioSrv - ok
12:01:08.0052 0x05bc Avgdiska - ok
12:01:08.0057 0x05bc AVGIDSAgent - ok
12:01:08.0061 0x05bc AVGIDSDriver - ok
12:01:08.0065 0x05bc AVGIDSHA - ok
12:01:08.0068 0x05bc Avgldx64 - ok
12:01:08.0083 0x05bc Avgloga - ok
12:01:08.0087 0x05bc Avgmfx64 - ok
12:01:08.0091 0x05bc avgntflt - ok
12:01:08.0118 0x05bc Avgrkx64 - ok
12:01:08.0122 0x05bc Avgtdia - ok
12:01:08.0126 0x05bc avgwd - ok
12:01:08.0130 0x05bc avipbb - ok
12:01:08.0140 0x05bc Avira.OE.ServiceHost - ok
12:01:08.0144 0x05bc avkmgr - ok
12:01:08.0154 0x05bc AxInstSV - ok
12:01:08.0163 0x05bc b06bdrv - ok
12:01:08.0170 0x05bc b57nd60a - ok
12:01:08.0184 0x05bc BDESVC - ok
12:01:08.0189 0x05bc Beep - ok
12:01:08.0210 0x05bc BFE - ok
12:01:08.0214 0x05bc BITS - ok
12:01:08.0224 0x05bc blbdrive - ok
12:01:08.0228 0x05bc bowser - ok
12:01:08.0232 0x05bc BrFiltLo - ok
12:01:08.0237 0x05bc BrFiltUp - ok
12:01:08.0241 0x05bc Browser - ok
12:01:08.0244 0x05bc Brserid - ok
12:01:08.0248 0x05bc BrSerWdm - ok
12:01:08.0251 0x05bc BrUsbMdm - ok
12:01:08.0256 0x05bc BrUsbSer - ok
12:01:08.0264 0x05bc BstHdAndroidSvc - ok
12:01:08.0297 0x05bc BstHdDrv - ok
12:01:08.0303 0x05bc BstHdLogRotatorSvc - ok
12:01:08.0308 0x05bc BstHdUpdaterSvc - ok
12:01:08.0312 0x05bc BTHMODEM - ok
12:01:08.0317 0x05bc bthserv - ok
12:01:08.0322 0x05bc cdfs - ok
12:01:08.0337 0x05bc cdrom - ok
12:01:08.0343 0x05bc CertPropSvc - ok
12:01:08.0352 0x05bc circlass - ok
12:01:08.0356 0x05bc CLFS - ok
12:01:08.0361 0x05bc clr_optimization_v2.0.50727_32 - ok
12:01:08.0364 0x05bc clr_optimization_v2.0.50727_64 - ok
12:01:08.0371 0x05bc clr_optimization_v4.0.30319_32 - ok
12:01:08.0375 0x05bc clr_optimization_v4.0.30319_64 - ok
12:01:08.0379 0x05bc CmBatt - ok
12:01:08.0383 0x05bc cmdide - ok
12:01:08.0387 0x05bc CNG - ok
12:01:08.0402 0x05bc Compbatt - ok
12:01:08.0412 0x05bc CompositeBus - ok
12:01:08.0416 0x05bc COMSysApp - ok
12:01:08.0421 0x05bc crcdisk - ok
12:01:08.0432 0x05bc CryptSvc - ok
12:01:08.0438 0x05bc DcomLaunch - ok
12:01:08.0442 0x05bc defragsvc - ok
12:01:08.0449 0x05bc DfsC - ok
12:01:08.0453 0x05bc Dhcp - ok
12:01:08.0457 0x05bc discache - ok
12:01:08.0483 0x05bc Disk - ok
12:01:08.0497 0x05bc Dnscache - ok
12:01:08.0501 0x05bc dot3svc - ok
12:01:08.0505 0x05bc DPS - ok
12:01:08.0517 0x05bc drmkaud - ok
12:01:08.0522 0x05bc DXGKrnl - ok
12:01:08.0538 0x05bc EapHost - ok
12:01:08.0542 0x05bc ebdrv - ok
12:01:08.0545 0x05bc EFS - ok
12:01:08.0549 0x05bc ehRecvr - ok
12:01:08.0555 0x05bc ehSched - ok
12:01:08.0558 0x05bc ElbyCDIO - ok
12:01:08.0562 0x05bc elxstor - ok
12:01:08.0566 0x05bc ErrDev - ok
12:01:08.0574 0x05bc EventSystem - ok
12:01:08.0578 0x05bc exfat - ok
12:01:08.0581 0x05bc fastfat - ok
12:01:08.0585 0x05bc Fax - ok
12:01:08.0590 0x05bc fdc - ok
12:01:08.0594 0x05bc fdPHost - ok
12:01:08.0597 0x05bc FDResPub - ok
12:01:08.0601 0x05bc FileInfo - ok
12:01:08.0612 0x05bc Filetrace - ok
12:01:08.0630 0x05bc flpydisk - ok
12:01:08.0637 0x05bc FltMgr - ok
12:01:08.0641 0x05bc FontCache - ok
12:01:08.0649 0x05bc FontCache3.0.0.0 - ok
12:01:08.0653 0x05bc FsDepends - ok
12:01:08.0657 0x05bc Fs_Rec - ok
12:01:08.0661 0x05bc fvevol - ok
12:01:08.0664 0x05bc gagp30kx - ok
12:01:08.0668 0x05bc gpsvc - ok
12:01:08.0686 0x05bc gupdate - ok
12:01:08.0690 0x05bc gupdatem - ok
12:01:08.0694 0x05bc hcw85cir - ok
12:01:08.0703 0x05bc HdAudAddService - ok
12:01:08.0714 0x05bc HDAudBus - ok
12:01:08.0718 0x05bc HidBatt - ok
12:01:08.0722 0x05bc HidBth - ok
12:01:08.0725 0x05bc HidIr - ok
12:01:08.0729 0x05bc hidserv - ok
12:01:08.0733 0x05bc HidUsb - ok
12:01:08.0737 0x05bc hkmsvc - ok
12:01:08.0741 0x05bc HomeGroupListener - ok
12:01:08.0745 0x05bc HomeGroupProvider - ok
12:01:08.0780 0x05bc HpSAMD - ok
12:01:08.0784 0x05bc HTTP - ok
12:01:08.0788 0x05bc hwpolicy - ok
12:01:08.0792 0x05bc i8042prt - ok
12:01:08.0798 0x05bc iaStorV - ok
12:01:08.0803 0x05bc idsvc - ok
12:01:08.0806 0x05bc igfx - ok
12:01:08.0833 0x05bc iirsp - ok
12:01:08.0837 0x05bc IKEEXT - ok
12:01:08.0841 0x05bc Impcd - ok
12:01:08.0850 0x05bc IntcDAud - ok
12:01:08.0854 0x05bc intelide - ok
12:01:08.0858 0x05bc intelppm - ok
12:01:08.0862 0x05bc IPBusEnum - ok
12:01:08.0867 0x05bc IpFilterDriver - ok
12:01:08.0871 0x05bc iphlpsvc - ok
12:01:08.0876 0x05bc IPMIDRV - ok
12:01:08.0880 0x05bc IPNAT - ok
12:01:08.0887 0x05bc IRENUM - ok
12:01:08.0891 0x05bc isapnp - ok
12:01:08.0896 0x05bc iScsiPrt - ok
12:01:08.0905 0x05bc kbdclass - ok
12:01:08.0909 0x05bc kbdhid - ok
12:01:08.0913 0x05bc KeyIso - ok
12:01:08.0916 0x05bc KSecDD - ok
12:01:08.0921 0x05bc KSecPkg - ok
12:01:08.0924 0x05bc ksthunk - ok
12:01:08.0929 0x05bc KtmRm - ok
12:01:08.0933 0x05bc LanmanServer - ok
12:01:08.0937 0x05bc LanmanWorkstation - ok
12:01:08.0955 0x05bc lltdio - ok
12:01:08.0958 0x05bc lltdsvc - ok
12:01:08.0961 0x05bc lmhosts - ok
12:01:08.0968 0x05bc LSI_FC - ok
12:01:08.0972 0x05bc LSI_SAS - ok
12:01:08.0976 0x05bc LSI_SAS2 - ok
12:01:08.0980 0x05bc LSI_SCSI - ok
12:01:08.0984 0x05bc luafv - ok
12:01:08.0994 0x05bc MBAMProtector - ok
12:01:08.0998 0x05bc MBAMScheduler - ok
12:01:09.0003 0x05bc MBAMService - ok
12:01:09.0012 0x05bc MBAMSwissArmy - ok
12:01:09.0016 0x05bc MBAMWebAccessControl - ok
12:01:09.0021 0x05bc Mcx2Svc - ok
12:01:09.0025 0x05bc megasas - ok
12:01:09.0028 0x05bc MegaSR - ok
12:01:09.0037 0x05bc MMCSS - ok
12:01:09.0041 0x05bc Modem - ok
12:01:09.0049 0x05bc monitor - ok
12:01:09.0057 0x05bc mouclass - ok
12:01:09.0065 0x05bc mouhid - ok
12:01:09.0081 0x05bc mountmgr - ok
12:01:09.0084 0x05bc mpio - ok
12:01:09.0100 0x05bc mpsdrv - ok
12:01:09.0104 0x05bc MpsSvc - ok
12:01:09.0106 0x05bc MRxDAV - ok
12:01:09.0110 0x05bc mrxsmb - ok
12:01:09.0113 0x05bc mrxsmb10 - ok
12:01:09.0117 0x05bc mrxsmb20 - ok
12:01:09.0121 0x05bc msahci - ok
12:01:09.0125 0x05bc msdsm - ok
12:01:09.0129 0x05bc MSDTC - ok
12:01:09.0141 0x05bc Msfs - ok
12:01:09.0143 0x05bc mshidkmdf - ok
12:01:09.0147 0x05bc msisadrv - ok
12:01:09.0151 0x05bc MSiSCSI - ok
12:01:09.0155 0x05bc msiserver - ok
12:01:09.0161 0x05bc MSKSSRV - ok
12:01:09.0165 0x05bc MSPCLOCK - ok
12:01:09.0170 0x05bc MSPQM - ok
12:01:09.0175 0x05bc MsRPC - ok
12:01:09.0181 0x05bc mssmbios - ok
12:01:09.0184 0x05bc MSTEE - ok
12:01:09.0188 0x05bc MTConfig - ok
12:01:09.0192 0x05bc Mup - ok
12:01:09.0196 0x05bc napagent - ok
12:01:09.0211 0x05bc NativeWifiP - ok
12:01:09.0215 0x05bc NDIS - ok
12:01:09.0220 0x05bc NdisCap - ok
12:01:09.0234 0x05bc NdisTapi - ok
12:01:09.0239 0x05bc Ndisuio - ok
12:01:09.0242 0x05bc NdisWan - ok
12:01:09.0246 0x05bc NDProxy - ok
12:01:09.0261 0x05bc NetBIOS - ok
12:01:09.0265 0x05bc NetBT - ok
12:01:09.0270 0x05bc Netlogon - ok
12:01:09.0274 0x05bc Netman - ok
12:01:09.0281 0x05bc NetMsmqActivator - ok
12:01:09.0285 0x05bc NetPipeActivator - ok
12:01:09.0289 0x05bc netprofm - ok
12:01:09.0293 0x05bc NetTcpActivator - ok
12:01:09.0297 0x05bc NetTcpPortSharing - ok
12:01:09.0305 0x05bc nfrd960 - ok
12:01:09.0309 0x05bc NlaSvc - ok
12:01:09.0313 0x05bc Npfs - ok
12:01:09.0317 0x05bc nsi - ok
12:01:09.0321 0x05bc nsiproxy - ok
12:01:09.0327 0x05bc Ntfs - ok
12:01:09.0332 0x05bc Null - ok
12:01:09.0346 0x05bc nvraid - ok
12:01:09.0350 0x05bc nvstor - ok
12:01:09.0365 0x05bc nv_agp - ok
12:01:09.0370 0x05bc ohci1394 - ok
12:01:09.0374 0x05bc p2pimsvc - ok
12:01:09.0379 0x05bc p2psvc - ok
12:01:09.0382 0x05bc Parport - ok
12:01:09.0387 0x05bc partmgr - ok
12:01:09.0391 0x05bc PcaSvc - ok
12:01:09.0395 0x05bc pci - ok
12:01:09.0399 0x05bc pciide - ok
12:01:09.0404 0x05bc pcmcia - ok
12:01:09.0407 0x05bc pcw - ok
12:01:09.0411 0x05bc PEAUTH - ok
12:01:09.0417 0x05bc PerfHost - ok
12:01:09.0427 0x05bc pla - ok
12:01:09.0431 0x05bc PlugPlay - ok
12:01:09.0434 0x05bc PNRPAutoReg - ok
12:01:09.0438 0x05bc PNRPsvc - ok
12:01:09.0442 0x05bc PolicyAgent - ok
12:01:09.0447 0x05bc Power - ok
12:01:09.0451 0x05bc PptpMiniport - ok
12:01:09.0455 0x05bc Processor - ok
12:01:09.0481 0x05bc ProfSvc - ok
12:01:09.0485 0x05bc ProtectedStorage - ok
12:01:09.0490 0x05bc Psched - ok
12:01:09.0494 0x05bc ql2300 - ok
12:01:09.0498 0x05bc ql40xx - ok
12:01:09.0502 0x05bc QWAVE - ok
12:01:09.0505 0x05bc QWAVEdrv - ok
12:01:09.0509 0x05bc RasAcd - ok
12:01:09.0514 0x05bc RasAgileVpn - ok
12:01:09.0516 0x05bc RasAuto - ok
12:01:09.0521 0x05bc Rasl2tp - ok
12:01:09.0526 0x05bc RasMan - ok
12:01:09.0530 0x05bc RasPppoe - ok
12:01:09.0534 0x05bc RasSstp - ok
12:01:09.0538 0x05bc rdbss - ok
12:01:09.0541 0x05bc rdpbus - ok
12:01:09.0545 0x05bc RDPCDD - ok
12:01:09.0552 0x05bc RDPENCDD - ok
12:01:09.0558 0x05bc RDPREFMP - ok
12:01:09.0561 0x05bc RDPWD - ok
12:01:09.0565 0x05bc rdyboost - ok
12:01:09.0569 0x05bc RemoteAccess - ok
12:01:09.0572 0x05bc RemoteRegistry - ok
12:01:09.0576 0x05bc Rockusb - ok
12:01:09.0580 0x05bc RpcEptMapper - ok
12:01:09.0585 0x05bc RpcLocator - ok
12:01:09.0588 0x05bc RpcSs - ok
12:01:09.0592 0x05bc rspndr - ok
12:01:09.0596 0x05bc SamSs - ok
12:01:09.0638 0x05bc SbieDrv - ok
12:01:09.0662 0x05bc SbieSvc - ok
12:01:09.0669 0x05bc sbp2port - ok
12:01:09.0673 0x05bc SCardSvr - ok
12:01:09.0677 0x05bc scfilter - ok
12:01:09.0681 0x05bc Schedule - ok
12:01:09.0685 0x05bc SCPolicySvc - ok
12:01:09.0688 0x05bc SDRSVC - ok
12:01:09.0706 0x05bc secdrv - ok
12:01:09.0709 0x05bc seclogon - ok
12:01:09.0713 0x05bc SENS - ok
12:01:09.0725 0x05bc SensrSvc - ok
12:01:09.0729 0x05bc Serenum - ok
12:01:09.0744 0x05bc Serial - ok
12:01:09.0748 0x05bc sermouse - ok
12:01:09.0757 0x05bc SessionEnv - ok
12:01:09.0760 0x05bc sffdisk - ok
12:01:09.0764 0x05bc sffp_mmc - ok
12:01:09.0768 0x05bc sffp_sd - ok
12:01:09.0772 0x05bc sfloppy - ok
12:01:09.0776 0x05bc SharedAccess - ok
12:01:09.0779 0x05bc ShellHWDetection - ok
12:01:09.0795 0x05bc SiSRaid2 - ok
12:01:09.0799 0x05bc SiSRaid4 - ok
12:01:09.0812 0x05bc SkypeUpdate - ok
12:01:09.0819 0x05bc Smb - ok
12:01:09.0826 0x05bc SNMPTRAP - ok
12:01:09.0830 0x05bc spldr - ok
12:01:09.0834 0x05bc Spooler - ok
12:01:09.0838 0x05bc sppsvc - ok
12:01:09.0841 0x05bc sppuinotify - ok
12:01:09.0845 0x05bc srv - ok
12:01:09.0849 0x05bc srv2 - ok
12:01:09.0853 0x05bc srvnet - ok
12:01:09.0856 0x05bc SSDPSRV - ok
12:01:09.0860 0x05bc SstpSvc - ok
12:01:09.0863 0x05bc stexstor - ok
12:01:09.0868 0x05bc stisvc - ok
12:01:09.0871 0x05bc SWDUMon - ok
12:01:09.0875 0x05bc swenum - ok
12:01:09.0879 0x05bc swprv - ok
12:01:09.0883 0x05bc SysMain - ok
12:01:09.0886 0x05bc TabletInputService - ok
12:01:09.0891 0x05bc TapiSrv - ok
12:01:09.0895 0x05bc TBS - ok
12:01:09.0899 0x05bc Tcpip - ok
12:01:09.0904 0x05bc TCPIP6 - ok
12:01:09.0910 0x05bc tcpipreg - ok
12:01:09.0915 0x05bc TDPIPE - ok
12:01:09.0919 0x05bc TDTCP - ok
12:01:09.0923 0x05bc tdx - ok
12:01:09.0931 0x05bc TeamViewer - ok
12:01:09.0935 0x05bc TermDD - ok
12:01:09.0938 0x05bc TermService - ok
12:01:09.0942 0x05bc Themes - ok
12:01:09.0946 0x05bc THREADORDER - ok
12:01:09.0949 0x05bc TrkWks - ok
12:01:09.0955 0x05bc truecrypt - ok
12:01:09.0958 0x05bc TrustedInstaller - ok
12:01:09.0964 0x05bc tssecsrv - ok
12:01:09.0981 0x05bc tunnel - ok
12:01:09.0985 0x05bc uagp35 - ok
12:01:09.0989 0x05bc udfs - ok
12:01:09.0996 0x05bc UI0Detect - ok
12:01:10.0010 0x05bc uliagpkx - ok
12:01:10.0023 0x05bc umbus - ok
12:01:10.0027 0x05bc UmPass - ok
12:01:10.0031 0x05bc upnphost - ok
12:01:10.0036 0x05bc usbccgp - ok
12:01:10.0040 0x05bc usbcir - ok
12:01:10.0043 0x05bc usbehci - ok
12:01:10.0049 0x05bc usbhub - ok
12:01:10.0052 0x05bc usbohci - ok
12:01:10.0056 0x05bc usbprint - ok
12:01:10.0059 0x05bc USBSTOR - ok
12:01:10.0064 0x05bc usbuhci - ok
12:01:10.0074 0x05bc usbvideo - ok
12:01:10.0080 0x05bc UxSms - ok
12:01:10.0083 0x05bc VaultSvc - ok
12:01:10.0092 0x05bc VBoxDrv - ok
12:01:10.0096 0x05bc VBoxNetAdp - ok
12:01:10.0100 0x05bc VBoxNetFlt - ok
12:01:10.0116 0x05bc VBoxUSBMon - ok
12:01:10.0121 0x05bc VClone - ok
12:01:10.0124 0x05bc vdrvroot - ok
12:01:10.0128 0x05bc vds - ok
12:01:10.0132 0x05bc vga - ok
12:01:10.0134 0x05bc VgaSave - ok
12:01:10.0138 0x05bc vhdmp - ok
12:01:10.0142 0x05bc viaide - ok
12:01:10.0147 0x05bc volmgr - ok
12:01:10.0151 0x05bc volmgrx - ok
12:01:10.0154 0x05bc volsnap - ok
12:01:10.0161 0x05bc vsmraid - ok
12:01:10.0165 0x05bc VSS - ok
12:01:10.0174 0x05bc vToolbarUpdater18.4.0 - ok
12:01:10.0178 0x05bc vwifibus - ok
12:01:10.0189 0x05bc vwififlt - ok
12:01:10.0201 0x05bc W32Time - ok
12:01:10.0206 0x05bc WacomPen - ok
12:01:10.0215 0x05bc WANARP - ok
12:01:10.0224 0x05bc Wanarpv6 - ok
12:01:10.0227 0x05bc wbengine - ok
12:01:10.0231 0x05bc WbioSrvc - ok
12:01:10.0238 0x05bc wcncsvc - ok
12:01:10.0241 0x05bc WcsPlugInService - ok
12:01:10.0245 0x05bc Wd - ok
12:01:10.0248 0x05bc Wdf01000 - ok
12:01:10.0266 0x05bc WdiServiceHost - ok
12:01:10.0269 0x05bc WdiSystemHost - ok
12:01:10.0273 0x05bc WebClient - ok
12:01:10.0276 0x05bc Wecsvc - ok
12:01:10.0280 0x05bc wercplsupport - ok
12:01:10.0284 0x05bc WerSvc - ok
12:01:10.0288 0x05bc WfpLwf - ok
12:01:10.0292 0x05bc WIMMount - ok
12:01:10.0296 0x05bc WinDefend - ok
12:01:10.0305 0x05bc WinHttpAutoProxySvc - ok
12:01:10.0309 0x05bc Winmgmt - ok
12:01:10.0313 0x05bc WinRM - ok
12:01:10.0338 0x05bc WinUsb - ok
12:01:10.0342 0x05bc Wlansvc - ok
12:01:10.0346 0x05bc WmiAcpi - ok
12:01:10.0354 0x05bc wmiApSrv - ok
12:01:10.0361 0x05bc WMPNetworkSvc - ok
12:01:10.0363 0x05bc WPCSvc - ok
12:01:10.0368 0x05bc WPDBusEnum - ok
12:01:10.0371 0x05bc ws2ifsl - ok
12:01:10.0375 0x05bc wscsvc - ok
12:01:10.0378 0x05bc WSearch - ok
12:01:10.0395 0x05bc WtuSystemSupport - ok
12:01:10.0399 0x05bc wuauserv - ok
12:01:10.0403 0x05bc WudfPf - ok
12:01:10.0406 0x05bc WUDFRd - ok
12:01:10.0410 0x05bc wudfsvc - ok
12:01:10.0413 0x05bc WwanSvc - ok
12:01:10.0421 0x05bc yukonw7 - ok
12:01:10.0440 0x05bc ================ Scan global ===============================
12:01:10.0440 0x05bc [ Global ] - ok
12:01:10.0441 0x05bc ================ Scan MBR ==================================
12:01:10.0449 0x05bc [ B7310D12FF8857D5B67EAA63423EDB33 ] \Device\Harddisk0\DR0
12:01:11.0036 0x05bc \Device\Harddisk0\DR0 - ok
12:01:11.0037 0x05bc ================ Scan VBR ==================================
12:01:11.0068 0x05bc [ 415FD9250B61AEC39B2F0EE670CD5762 ] \Device\Harddisk0\DR0\Partition1
12:01:11.0070 0x05bc \Device\Harddisk0\DR0\Partition1 - ok
12:01:11.0074 0x05bc [ ECA8B211DD6BB87F0D0A9FBACDCF78AE ] \Device\Harddisk0\DR0\Partition2
12:01:11.0074 0x05bc \Device\Harddisk0\DR0\Partition2 - ok
12:01:11.0083 0x05bc [ CE107A1621535A382C814FCFD3B9271F ] \Device\Harddisk0\DR0\Partition3
12:01:11.0085 0x05bc \Device\Harddisk0\DR0\Partition3 - ok
12:01:11.0086 0x05bc ================ Scan generic autorun ======================
12:01:11.0086 0x05bc IgfxTray - ok
12:01:11.0089 0x05bc HotKeysCmds - ok
12:01:11.0092 0x05bc Persistence - ok
12:01:11.0094 0x05bc AVG_UI - ok
12:01:11.0097 0x05bc vProt - ok
12:01:11.0100 0x05bc SunJavaUpdateSched - ok
12:01:11.0103 0x05bc BlueStacks Agent - ok
12:01:11.0106 0x05bc VirtualCloneDrive - ok
12:01:11.0108 0x05bc Avira Systray - ok
12:01:11.0110 0x05bc avgnt - ok
12:01:11.0112 0x05bc Sidebar - ok
12:01:11.0116 0x05bc mctadmin - ok
12:01:11.0117 0x05bc Sidebar - ok
12:01:11.0118 0x05bc mctadmin - ok
12:01:11.0120 0x05bc BitTorrent - ok
12:01:11.0121 0x05bc uTorrent - ok
12:01:11.0123 0x05bc Skype - ok
12:01:11.0125 0x05bc Sidebar - ok
12:01:11.0126 0x05bc SandboxieControl - ok
12:01:11.0128 0x05bc TrueCrypt - ok
12:01:11.0129 0x05bc Vidalia - ok
12:01:11.0228 0x05bc AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.8.652 ), 0x41000 ( enabled : updated )
12:01:11.0237 0x05bc Win FW state via NFP2: enabled
12:01:13.0786 0x05bc ============================================================
12:01:13.0786 0x05bc Scan finished
12:01:13.0786 0x05bc ============================================================
12:01:13.0800 0x12d0 Detected object count: 0
12:01:13.0800 0x12d0 Actual detected object count: 0
Bin mal auf deine Antwort gespannt ob so alles passt wie ich es gemacht habe. EDIT: Hallo Schrauber, Nachdem ich das alles gemacht habe zeigt Avira jetzt das an . Werde mal auf entfernen drücken. hxxp://www.pic-upload.de/view-26513805/avira-fund.png.html MFG Geändert von ichbins2000 (25.03.2015 um 12:09 Uhr) Grund: Plötzlicher Virenfund durch Avira |
|
26.03.2015, 06:51
| #5 |
| /// the machine /// TB-Ausbilder | Rechner total verbogen MBAR bitte nochmal. Im Log steht dass Du nix gemacht hast. Ich will gerne ein sauberes MBAR Log sehen bevor wir weiter machen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.03.2015, 12:50
| #6 |
| | Rechner total verbogen Hallo Schrauber merkwürdig ich war mir 100 Prozent sicher das ich auf entfernen gedrückt habe aber hier für dich das frische LOG: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.03.26.03
rootkit: v2015.02.25.01
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
julian :: JULIAN-PC [administrator]
26.03.2015 11:55:08
mbar-log-2015-03-26 (11-55-08).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 341974
Time elapsed: 21 minute(s), 38 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
26.03.2015, 18:00
| #7 |
| /// the machine /// TB-Ausbilder | Rechner total verbogen hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.03.2015, 19:34
| #8 |
| | Rechner total verbogen Hallo Schrauber hier sind die ComboFix Logs: Code:
ATTFilter ComboFix 15-03-25.01 - julian 28.03.2015 19:15:14.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3893.2435 [GMT 1:00]
ausgeführt von:: c:\users\julian\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\julian\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-02-28 bis 2015-03-28 ))))))))))))))))))))))))))))))
.
.
2015-03-26 12:03 . 2015-03-26 12:03 -------- d-----w- c:\windows\PCHEALTH
2015-03-25 19:23 . 2015-03-28 18:08 -------- d-----w- c:\users\julian\AppData\Local\Vidalia
2015-03-25 19:23 . 2015-03-25 19:23 -------- d-----w- c:\users\julian\AppData\Local\Tor
2015-03-25 19:05 . 2015-03-26 10:19 -------- d-----w- c:\program files (x86)\Filetopia3
2015-03-25 10:19 . 2015-03-26 11:48 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-03-24 13:13 . 2015-03-24 13:13 -------- d-----w- c:\users\julian\AppData\Roaming\Avira
2015-03-24 13:10 . 2015-03-24 13:08 44088 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2015-03-24 13:06 . 2015-03-17 12:01 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2015-03-24 13:06 . 2015-03-17 12:01 132120 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-03-24 13:06 . 2015-03-17 12:01 128536 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-03-24 13:01 . 2015-03-24 13:06 -------- d-----w- c:\program files (x86)\Avira
2015-03-24 13:01 . 2015-03-24 13:06 -------- d-----w- c:\programdata\Avira
2015-03-24 13:00 . 2015-03-24 13:00 -------- d-----w- c:\programdata\Package Cache
2015-03-24 11:39 . 2015-03-28 18:25 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-24 11:38 . 2015-03-26 08:21 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-24 11:38 . 2015-03-24 11:38 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2015-03-24 11:38 . 2015-03-24 11:38 -------- d-----w- c:\programdata\Malwarebytes
2015-03-24 11:38 . 2015-03-17 05:15 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-24 11:38 . 2015-03-17 05:15 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-24 11:36 . 2015-03-25 10:51 -------- d--h--w- c:\programdata\{$1284-9213-2940-1289$}
2015-03-24 11:09 . 2015-03-25 19:23 -------- d-----w- c:\program files (x86)\Vidalia Bridge Bundle
2015-03-24 11:04 . 2015-03-28 17:31 -------- d-----w- c:\users\julian\AppData\Roaming\tor
2015-03-23 15:42 . 2015-03-23 15:42 -------- d-----w- c:\program files (x86)\AutoIt3
2015-03-22 17:31 . 2015-03-22 17:31 -------- d-----w- c:\program files\DeepSea Obfuscator 4
2015-03-22 17:31 . 2015-03-22 17:31 -------- d-----w- c:\program files\Common Files\TallApplications
2015-03-21 10:23 . 2015-03-26 12:28 -------- d-----w- c:\program files (x86)\TeamViewer
2015-03-20 17:41 . 2015-03-20 17:41 -------- d-----w- C:\Neuer Ordner
2015-03-20 17:16 . 2015-03-24 13:17 -------- d-----w- C:\FRST
2015-03-18 19:14 . 2015-03-18 19:14 -------- d-----w- c:\users\julian\AppData\Roaming\Process Hacker 2
2015-03-18 19:13 . 2015-03-18 19:13 -------- d-----w- c:\program files\Process Hacker 2
2015-03-17 15:36 . 2014-08-11 07:32 68456 ----a-w- c:\windows\system32\drivers\rockusb.sys
2015-03-13 20:36 . 2013-07-22 16:15 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2015-03-13 20:36 . 2013-07-22 16:15 1002728 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2015-03-13 20:29 . 2015-03-26 17:28 -------- d-----w- c:\users\julian\.android
2015-03-13 20:29 . 2015-03-13 20:29 -------- d-----w- c:\users\julian\AppData\Roaming\Kingosoft
2015-03-13 20:29 . 2015-03-13 20:29 -------- d-----w- c:\users\julian\AppData\Local\Kingosoft
2015-03-13 20:29 . 2015-03-13 20:41 -------- d-----w- c:\program files (x86)\Kingo ROOT
2015-03-13 19:24 . 2015-03-13 19:24 -------- d-----w- c:\program files\HashTab Shell Extension
2015-03-13 19:03 . 2015-03-26 12:03 -------- d-----w- c:\program files (x86)\Microsoft.NET
2015-03-13 19:01 . 2009-11-25 10:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2015-03-13 19:01 . 2009-11-25 10:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2015-03-13 19:01 . 2009-11-25 10:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2015-03-13 19:01 . 2009-11-25 10:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2015-03-13 19:01 . 2009-11-25 10:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2015-03-13 19:01 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2015-03-13 19:01 . 2009-11-25 10:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2015-03-13 19:01 . 2009-11-25 10:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2015-03-13 19:01 . 2009-11-25 10:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2015-03-13 19:01 . 2009-11-25 10:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2015-03-13 18:55 . 2015-03-13 18:55 -------- d-----w- c:\users\julian\AppData\Local\Diagnostics
2015-03-10 16:54 . 2015-03-10 16:54 -------- d-----w- c:\program files (x86)\Elaborate Bytes
2015-03-10 16:53 . 2015-03-10 16:53 -------- d-----w- c:\programdata\TrueCrypt
2015-03-10 16:51 . 2015-03-10 16:56 -------- d-----w- c:\users\julian\AppData\Roaming\TrueCrypt
2015-03-10 16:51 . 2015-03-10 16:51 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2015-03-10 16:51 . 2015-03-10 16:51 -------- d-----w- c:\program files\TrueCrypt
2015-03-10 15:43 . 2015-03-10 15:43 -------- d-----w- c:\users\julian\AppData\Local\Dögel_GmbH
2015-03-10 15:42 . 2015-03-10 15:42 -------- d-----w- C:\Capture
2015-03-10 15:23 . 2015-03-10 15:23 -------- d-----w- c:\program files\WinRAR
2015-03-08 20:34 . 2015-03-08 20:34 -------- d-----w- c:\programdata\BlueStacks
2015-03-08 20:34 . 2015-03-08 20:34 -------- d-----w- c:\program files (x86)\BlueStacks
2015-03-08 20:34 . 2015-03-08 20:34 -------- d-----w- c:\users\julian\AppData\Local\Bluestacks
2015-03-08 18:42 . 2015-03-08 18:42 -------- d-----w- c:\users\julian\Tracing
2015-03-08 17:27 . 2015-03-08 17:27 -------- d-----w- c:\programdata\Avg_Update_0215tb
2015-03-07 13:08 . 2015-03-07 13:08 -------- d-----w- c:\program files (x86)\Resource Hacker
2015-03-07 12:28 . 2015-03-27 16:47 -------- d-----w- c:\users\julian\VirtualBox VMs
2015-03-07 12:27 . 2015-03-28 12:43 -------- d-----w- c:\users\julian\.VirtualBox
2015-03-07 12:17 . 2015-03-02 14:20 922168 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2015-03-07 12:17 . 2015-03-02 14:18 128592 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2015-03-07 12:17 . 2015-03-07 12:17 -------- dc----w- c:\windows\system32\DRVSTORE
2015-03-07 12:16 . 2015-03-07 12:16 -------- d-----w- c:\program files\Oracle
2015-03-07 10:49 . 2015-03-07 10:49 -------- d-----w- c:\users\julian\AppData\Local\AndroRat_Binder
2015-03-07 10:48 . 2015-03-07 10:48 -------- d-----w- c:\users\julian\apktool
2015-03-07 10:42 . 2015-03-07 10:42 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-03-07 10:42 . 2015-03-07 10:41 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-03-07 10:41 . 2015-03-07 10:41 -------- d-----w- c:\programdata\Oracle
2015-03-07 10:41 . 2015-03-07 10:41 -------- d-----w- c:\program files (x86)\Java
2015-03-07 10:24 . 2015-03-07 10:24 -------- d-----r- C:\Sandbox
2015-03-07 10:22 . 2015-03-07 10:22 -------- d-----w- c:\program files\Sandboxie
2015-03-07 10:14 . 2015-03-07 10:14 -------- d-----w- c:\users\julian\AppData\Local\Vitalwerks
2015-03-07 10:14 . 2015-03-07 10:14 -------- d-----w- c:\program files (x86)\No-IP
2015-03-02 14:18 . 2015-03-02 14:18 204264 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2015-03-02 14:18 . 2015-03-02 14:18 156360 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2015-03-02 14:18 . 2015-03-02 14:18 141440 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2015-03-02 14:18 . 2015-03-02 14:18 116744 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
2015-02-27 21:37 . 2015-02-27 21:37 -------- d-----w- c:\program files\7-Zip
2015-02-27 20:46 . 2015-02-27 20:46 -------- d-----w- c:\users\julian\AppData\Local\Skype
2015-02-27 20:46 . 2015-03-28 18:11 -------- d-----w- c:\users\julian\AppData\Roaming\Skype
2015-02-27 20:45 . 2015-02-27 20:45 -------- d-----w- c:\program files (x86)\Common Files\Skype
2015-02-27 20:45 . 2015-02-27 20:45 -------- d-----r- c:\program files (x86)\Skype
2015-02-27 20:45 . 2015-02-27 20:46 -------- d-----w- c:\programdata\Skype
2015-02-27 20:16 . 2015-03-26 13:07 -------- d-----w- c:\program files\PeerBlock
2015-02-27 20:16 . 2015-02-27 20:16 -------- d-----w- c:\users\julian\AppData\Local\Programs
2015-02-27 20:06 . 2015-03-26 12:02 -------- d-----w- c:\users\julian\AppData\Local\JDownloader v2.0
2015-02-27 20:01 . 2015-03-17 18:29 -------- d-----w- c:\users\julian\AppData\Local\AVG Web TuneUp
2015-02-27 20:01 . 2015-02-27 20:01 -------- d-----w- c:\programdata\AVG Security Toolbar
2015-02-27 20:00 . 2015-02-27 20:00 -------- d-----w- c:\programdata\AVG Secure Search
2015-02-27 20:00 . 2015-02-27 20:00 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2015-02-27 20:00 . 2015-02-27 20:01 -------- d-----w- c:\programdata\AVG Web TuneUp
2015-02-27 20:00 . 2015-03-08 17:30 -------- d-----w- c:\program files (x86)\AVG Web TuneUp
2015-02-27 19:37 . 2015-03-28 18:25 -------- d-----w- c:\users\julian\AppData\Roaming\BitTorrent
2015-02-27 19:35 . 2015-03-28 18:25 -------- d-----w- c:\users\julian\AppData\Roaming\uTorrent
2015-02-27 19:31 . 2015-02-27 19:31 -------- d-----w- c:\users\julian\AppData\Roaming\AVG2015
2015-02-27 19:30 . 2015-02-27 19:30 -------- d-----w- c:\users\julian\AppData\Roaming\TuneUp Software
2015-02-27 19:29 . 2015-03-18 19:51 -------- d-----w- c:\programdata\AVG2015
2015-02-27 19:29 . 2015-02-27 19:29 -------- d-----w- C:\$AVG
2015-02-27 19:28 . 2015-02-27 19:28 -------- d-----w- c:\program files (x86)\AVG
2015-02-27 19:27 . 2015-03-24 10:01 -------- d-----w- c:\programdata\MFAData
2015-02-27 19:27 . 2015-02-27 21:38 -------- d-----w- c:\users\julian\AppData\Local\Avg2015
2015-02-27 19:27 . 2015-02-27 19:27 -------- d--h--w- c:\programdata\Common Files
2015-02-27 19:27 . 2015-02-27 19:27 -------- d-----w- c:\users\julian\AppData\Local\MFAData
2015-02-27 19:16 . 2015-02-27 19:16 -------- d-----w- c:\program files (x86)\Atheros
2015-02-27 19:16 . 2015-02-27 19:16 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2015-02-27 19:16 . 2015-02-27 19:16 -------- d-----w- c:\windows\Options
2015-02-27 19:16 . 2012-04-19 21:56 2811392 ----a-w- c:\windows\system32\drivers\athrx.sys
2015-02-27 19:16 . 2012-04-19 21:56 2811392 ------w- c:\windows\system32\athrx.sys
2015-02-27 19:16 . 2015-02-27 19:16 -------- d-----w- c:\programdata\Atheros
2015-02-27 19:13 . 2000-01-01 00:00 9528832 ----a-w- c:\windows\system32\igd10umd64.dll
2015-02-27 19:12 . 2015-03-24 09:58 13920 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2015-02-27 19:12 . 2015-02-27 19:12 -------- d-----w- c:\users\julian\AppData\Local\SlimWare Utilities Inc
2015-02-27 19:12 . 2015-02-27 19:12 -------- d-----w- c:\program files (x86)\SlimDrivers
2015-02-27 19:12 . 2015-03-26 12:06 -------- d-sh--w- c:\windows\Installer
2015-02-27 19:09 . 2015-02-27 19:10 -------- d-----w- c:\program files (x86)\Google
2015-02-27 19:09 . 2015-02-27 19:10 -------- d-----w- c:\users\julian\AppData\Local\Google
2015-02-27 19:09 . 2015-02-27 19:09 -------- d-----w- c:\users\julian\AppData\Local\Deployment
2015-02-27 19:09 . 2015-02-27 19:09 -------- d-----w- c:\users\julian\AppData\Local\Apps
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-19 20:26 . 2015-02-19 20:26 270816 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2015-02-03 09:47 . 2015-02-03 09:47 341472 ----a-w- c:\windows\system32\drivers\avgloga.sys
2015-01-23 08:42 . 2015-01-23 08:42 133088 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2015-01-16 10:17 . 2015-01-16 10:17 284128 ----a-w- c:\windows\system32\drivers\avgtdia.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\users\julian\AppData\Roaming\BitTorrent\BitTorrent.exe" [2015-02-27 1744472]
"uTorrent"="c:\users\julian\AppData\Roaming\uTorrent\uTorrent.exe" [2015-03-26 1442384]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-01-23 31087200]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2015-02-18 785416]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2015-03-10 1516496]
"Vidalia"="c:\program files (x86)\Vidalia Bridge Bundle\Vidalia\vidalia.exe" [2014-07-28 6239727]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-02-10 335232]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2015-02-19 855768]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2015-01-19 126712]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-03-17 704512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 WtuSystemSupport;WtuSystemSupport;c:\program files (x86)\AVG Web TuneUp\WtuSystemSupport.exe;c:\program files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 Rockusb;Driver for Rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys;c:\windows\SYSNATIVE\DRIVERS\rockusb.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
S2 vToolbarUpdater18.4.0;vToolbarUpdater18.4.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2010-06-06 23:04 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.101\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-27 19:09]
.
2015-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-27 19:09]
.
2015-03-24 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2015-01-28 12:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2000-01-01 168944]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2000-01-01 394224]
"Persistence"="c:\windows\system32\igfxpers.exe" [2000-01-01 418800]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://mysearch.avg.com/?cid={2B0A9B13-43B5-4B74-B0F5-6849EFD5CC1F}&mid=edc98f5bf0cd47cd9a79395874e1f6a2-5909d533ca05b4eefd7ef8d96be2859ebf477f79&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2015-02-27 21:01&v=4.1.0.411&pid=wtu&sg=&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files (x86)\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll
Wow6432Node-HKLM-Run-AVG_UI - c:\program files (x86)\AVG\AVG2015\avgui.exe
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Web TuneUp\vprot.exe
AddRemove-AVG Web TuneUp - c:\program files (x86)\AVG Web TuneUp\UNINSTALL.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\ Malwarebytes Anti-Malware \mbam.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-03-28 19:31:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-03-28 18:31
.
Vor Suchlauf: 11 Verzeichnis(se), 202.184.568.832 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 202.080.059.392 Bytes frei
.
- - End Of File - - FE685D12E996A6F3C82A28C990A1BFAD
B7310D12FF8857D5B67EAA63423EDB33
MFG |
|
29.03.2015, 09:39
| #9 |
| /// the machine /// TB-Ausbilder | Rechner total verbogen Bitte einen Bericht mit BLuescreenview erstellen: Windows Bluescreen Absturz analysieren und beheben - so geht's - Anleitungen Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.03.2015, 11:03
| #10 |
| | Rechner total verbogen Hallo Schrauber Hier schon mal den Bluescreen Report: Code:
ATTFilter ==================================================
Dump File : 032815-27487-01.dmp
Crash Time : 28.03.2015 20:04:26
Bug Check String : BAD_POOL_HEADER
Bug Check Code : 0x00000019
Parameter 1 : 00000000`00000020
Parameter 2 : fffffa80`0648a320
Parameter 3 : fffffa80`0648a340
Parameter 4 : 00000000`04020009
Caused By Driver : tcpip.sys
Caused By Address : tcpip.sys+edbb7
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+71f00
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\032815-27487-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7600
Dump File Size : 262.144
Dump File Time : 28.03.2015 20:05:28
==================================================
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 29.03.2015 Suchlauf-Zeit: 11:19:23 Logdatei: mbam#.txt Administrator: Ja Version: 2.01.4.1018 Malware Datenbank: v2015.03.29.03 Rootkit Datenbank: v2015.03.26.01 Lizenz: Premium Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 CPU: x64 Dateisystem: NTFS Benutzer: julian Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 358966 Verstrichene Zeit: 21 Min, 51 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 5 PUP.HackTool.LOIC, C:\Users\julian\Downloads\LOIC-1.0.8-binary.zip, In Quarantäne, [4bfc9ab1b9d16fc7fb5dd79fc53bcc34], Trojan.Inject, C:\Users\julian\Downloads\AegisCrypter6.0.7z, In Quarantäne, [48ffc4873852c4725900420cd72ae61a], Backdoor.NJBot.MSIL, C:\Users\julian\Downloads\sex.zip, In Quarantäne, [b4934308d7b3ad894299e5f4e81d17e9], Trojan.Backdoor, C:\Users\julian\Downloads\DarkCometRAT42 (1).rar, In Quarantäne, [6fd8b9927b0f49edd406f80d0ff78b75], Backdoor.Bot.njRat, C:\Users\julian\Downloads\njRAT-v0.7d.rar, In Quarantäne, [98af1a31d8b242f43985426c4cb5e11f], Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter # AdwCleaner v4.113 - Bericht erstellt 29/03/2015 um 11:47:21
# Aktualisiert 22/03/2015 von Xplode
# Datenbank : 2015-03-28.1 [Server]
# Betriebssystem : Windows 7 Home Premium (x64)
# Benutzername : julian - JULIAN-PC
# Gestarted von : C:\Users\julian\Desktop\AdwCleaner_4.113.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : vToolbarUpdater18.4.0
***** [ Dateien / Ordner ] *****
[!] Ordner Gelöscht : C:\ProgramData\AVG Secure Search
[!] Ordner Gelöscht : C:\ProgramData\AVG Security Toolbar
[!] Ordner Gelöscht : C:\Program Files (x86)\Common Files\AVG Secure Search
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
***** [ Internetbrowser ] *****
-\\ Internet Explorer v8.0.7600.16385
-\\ Mozilla Firefox v
-\\ Google Chrome v41.0.2272.101
*************************
AdwCleaner[R0].txt - [2030 Bytes] - [29/03/2015 11:45:20]
AdwCleaner[S0].txt - [1956 Bytes] - [29/03/2015 11:47:21]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2015 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.7 (03.28.2015:1)
OS: Windows 7 Home Premium x64
Ran by julian on 29.03.2015 at 11:53:20,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3484087542-3240090288-3349016086-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.03.2015 at 12:00:01,58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 |
|
29.03.2015, 16:31
| #11 |
| /// the machine /// TB-Ausbilder | Rechner total verbogen Hehe, aber mit Anlauf  ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.03.2015, 19:33
| #12 |
| | Rechner total verbogen Hi Leider macht mein PC irgendwelche Hintergrundgeräuche wovon ich nichts weiß. Werde dann mal mit ESET loslegen. Code:
ATTFilter Results of screen317's Security Check version 0.99.97 Windows 7 x64 (UAC is enabled) Out of date service pack!! ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` AVG Web TuneUp Java 8 Update 40 Java version 32-bit out of Date! Java 64-bit 8 Update 31 Google Chrome (41.0.2272.101) Google Chrome (41.0.2272.89) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=21f0965dd813fd449404ec9e03060723
# engine=23139
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-29 06:17:15
# local_time=2015-03-29 08:17:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 2592626 179282885 0 0
# scanned=134706
# found=1
# cleaned=1
# scan_time=2663
sh=151066DD5DB7991D30E45FFC6E179A56F7080247 ft=1 fh=4730518e951b5039 vn="MSIL/Bladabindi.BH Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Windows\pss\7ca6a7fec2df0d82a777ae67fbedc9eb.exe.Startup"
Danke das du mir hilfst trotz das so ein Müll auf meinem PC war. Geändert von ichbins2000 (29.03.2015 um 19:38 Uhr) |
|
30.03.2015, 05:28
| #13 |
| /// the machine /// TB-Ausbilder | Rechner total verbogen Das frische FRST log bitte noch. Was genau meinst Du mit Hintergrundgeräuschen?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.03.2015, 10:31
| #14 |
| | Rechner total verbogen Es war der Ton einer Windows Informationsmeldung , jedoch auf dem Bildschirm war nichts zu sehen. Hier das frische FRST Log: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by julian (administrator) on JULIAN-PC on 30-03-2015 11:23:07 Running from C:\Users\julian\Desktop Loaded Profiles: julian (Available profiles: julian) Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe (TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Farbar) C:\Users\julian\Desktop\FRST64 (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation) HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [855768 2015-02-19] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-17] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3484087542-3240090288-3349016086-1000\...\Run: [BitTorrent] => C:\Users\julian\AppData\Roaming\BitTorrent\BitTorrent.exe [1744472 2015-02-27] (BitTorrent Inc.) HKU\S-1-5-21-3484087542-3240090288-3349016086-1000\...\Run: [uTorrent] => C:\Users\julian\AppData\Roaming\uTorrent\uTorrent.exe [1442384 2015-03-26] (BitTorrent Inc.) HKU\S-1-5-21-3484087542-3240090288-3349016086-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.) HKU\S-1-5-21-3484087542-3240090288-3349016086-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [785416 2015-02-18] (Sandboxie Holdings, LLC) HKU\S-1-5-21-3484087542-3240090288-3349016086-1000\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2015-03-10] (TrueCrypt Foundation) HKU\S-1-5-21-3484087542-3240090288-3349016086-1000\...\Run: [Vidalia] => C:\Program Files (x86)\Vidalia Bridge Bundle\Vidalia\vidalia.exe [6239727 2014-07-29] () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3484087542-3240090288-3349016086-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3484087542-3240090288-3349016086-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-07] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-07] (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\julian\AppData\Roaming\Mozilla\Firefox\Profiles\qeCXqXKr.default FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-07] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-07] (Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-27] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-27] (Google Inc.) FF Extension: Avira Browser Safety - C:\Users\julian\AppData\Roaming\Mozilla\Firefox\Profiles\qeCXqXKr.default\Extensions\abs@avira.com [2015-03-24] Chrome: ======= CHR Profile: C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-27] CHR Extension: (Google Docs) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-27] CHR Extension: (Google Drive) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-27] CHR Extension: (YouTube) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-27] CHR Extension: (Google Search) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-27] CHR Extension: (Google Sheets) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-27] CHR Extension: (Avira Browser Safety) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-03-24] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13] CHR Extension: (Google Wallet) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-27] CHR Extension: (WebRTC Block) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphkkbaidamjmhfanlpblblcadhfbkdm [2015-03-03] CHR Extension: (Gmail) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-27] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-17] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-17] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG) S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2015-02-19] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2015-02-19] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [794328 2015-02-19] (BlueStack Systems, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175112 2015-02-18] (Sandboxie Holdings, LLC) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) S2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe" [X] S2 avgwd; "C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe" [X] S2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [270816 2015-02-19] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-01-23] (AVG Technologies CZ, s.r.o.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-17] (Avira Operations GmbH & Co. KG) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [284128 2015-01-16] (AVG Technologies CZ, s.r.o.) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-17] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG) R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2015-02-19] (BlueStack Systems) S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-03-26] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-30] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation) S3 Rockusb; C:\Windows\System32\DRIVERS\rockusb.sys [68456 2014-08-11] (Fuzhou Rockchip Electronics Co,Ltd.) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [237064 2015-02-18] (Sandboxie Holdings, LLC) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13920 2015-03-24] () S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116744 2015-03-02] (Oracle Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-29 20:33 - 2015-03-29 20:33 - 00852604 _____ () C:\Users\julian\Downloads\SecurityCheck.exe 2015-03-29 19:12 - 2015-03-29 19:12 - 02347384 _____ (ESET) C:\Users\julian\Desktop\esetsmartinstaller_deu.exe 2015-03-29 19:12 - 2015-03-29 19:12 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-03-29 19:11 - 2015-03-29 19:12 - 02347384 _____ (ESET) C:\Users\julian\Downloads\esetsmartinstaller_deu.exe 2015-03-29 14:05 - 2015-03-29 14:07 - 25728853 ____R () C:\Users\julian\Downloads\WPA-PSK WORDLIST 2 (107 MB).rar 2015-03-29 14:05 - 2015-03-29 14:07 - 09766944 ____R () C:\Users\julian\Downloads\WPA-PSK WORDLIST (40 MB).rar 2015-03-29 14:01 - 2012-06-21 14:49 - 900000000 _____ () C:\Users\julian\Desktop\8Digit.lst 2015-03-29 14:00 - 2015-03-29 14:01 - 04293377 _____ () C:\Users\julian\Downloads\8Digit.rar 2015-03-29 13:58 - 2015-03-29 13:58 - 00000000 ____D () C:\Users\julian\Downloads\Tor Browser Windows 3.6.2 Unblock Any WebSite GOPI SAHI @ SilverRG 2015-03-29 13:47 - 2015-03-29 13:47 - 00040180 _____ () C:\Users\julian\Downloads\ubuntu-14.04.2-desktop-amd64.iso (1).torrent 2015-03-29 12:50 - 2015-03-29 12:51 - 31094527 ____R (Igor Pavlov) C:\Users\julian\Downloads\PirateBrowser_0.6b.exe 2015-03-29 12:00 - 2015-03-29 12:00 - 00001354 _____ () C:\Users\julian\Desktop\JRT.txt 2015-03-29 11:52 - 2015-03-29 11:52 - 01389240 _____ (Thisisu) C:\Users\julian\Downloads\JRT.exe 2015-03-29 11:52 - 2015-03-29 11:52 - 01389240 _____ (Thisisu) C:\Users\julian\Desktop\JRT.exe 2015-03-29 11:49 - 2015-03-29 11:49 - 00002103 _____ () C:\Users\julian\Desktop\AdwCleaner[S0].txt 2015-03-29 11:44 - 2015-03-29 11:47 - 00000000 ____D () C:\AdwCleaner 2015-03-29 11:44 - 2015-03-29 11:44 - 02168320 _____ () C:\Users\julian\Downloads\AdwCleaner_4.113.exe 2015-03-29 11:44 - 2015-03-29 11:44 - 02168320 _____ () C:\Users\julian\Desktop\AdwCleaner_4.113.exe 2015-03-29 11:41 - 2015-03-29 11:41 - 00001732 _____ () C:\Users\julian\Desktop\mbam#.txt 2015-03-29 11:15 - 2015-03-29 11:15 - 00001854 _____ () C:\Users\julian\Desktop\bericht.txt 2015-03-29 11:15 - 2015-03-29 11:15 - 00000951 _____ () C:\Users\julian\Desktop\BlueScreenView.cfg 2015-03-29 11:14 - 2015-03-29 11:14 - 00067310 _____ () C:\Users\julian\Downloads\bluescreenview_v1.55.zip 2015-03-29 11:14 - 2015-01-29 11:11 - 00061024 _____ (NirSoft) C:\Users\julian\Desktop\BlueScreenView.exe 2015-03-28 20:31 - 2015-03-28 20:31 - 00022251 _____ () C:\ComboFix.txt 2015-03-28 20:12 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-03-28 20:12 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-03-28 20:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-03-28 20:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-03-28 20:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-03-28 20:12 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2015-03-28 20:12 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2015-03-28 20:12 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2015-03-28 20:11 - 2015-03-28 20:31 - 00000000 ____D () C:\Qoobox 2015-03-28 20:11 - 2015-03-28 20:29 - 00000000 ____D () C:\Windows\erdnt 2015-03-28 20:10 - 2015-03-28 20:10 - 05615749 ____R (Swearware) C:\Users\julian\Desktop\ComboFix.exe 2015-03-28 20:10 - 2015-03-28 20:10 - 05615749 _____ (Swearware) C:\Users\julian\Downloads\ComboFix.exe 2015-03-28 20:05 - 2015-03-28 20:05 - 00262144 _____ () C:\Windows\Minidump\032815-27487-01.dmp 2015-03-28 14:08 - 2015-03-28 14:08 - 00000195 ____R () C:\Users\julian\Downloads\proxies.txt 2015-03-26 21:07 - 2015-03-26 21:07 - 00000887 _____ () C:\Users\julian\Downloads\Opencellid - measurements of 262-3-40068-135575806 (size 1).kml 2015-03-26 21:07 - 2015-03-26 21:07 - 00000262 _____ () C:\Users\julian\Downloads\Opencellid - measurements of 262-3-40068-135575806 (size 1).csv 2015-03-26 17:05 - 2015-03-26 17:27 - 647823360 _____ () C:\Users\julian\Downloads\Windows_XP_Professional_SP3_Nov_2013_Incl_SATA_Drivers.iso 2015-03-26 14:06 - 2015-03-26 14:06 - 00000400 _____ () C:\Windows\ODBC.INI 2015-03-26 14:05 - 2015-03-26 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2015-03-26 14:03 - 2015-03-26 14:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2015-03-26 14:03 - 2015-03-26 14:03 - 00000000 ____D () C:\Windows\PCHEALTH 2015-03-26 13:01 - 2015-03-26 13:01 - 00000000 ____D () C:\Users\julian\Downloads\Microsoft Office Pro 2003 11.8411.8405 SP3 RePack by D!akov 2015-03-26 12:49 - 2015-03-26 14:01 - 00000000 ____D () C:\Users\julian\Downloads\MS Off 03 pandora 2015-03-26 12:17 - 2009-07-14 03:39 - 00000028 _____ () C:\Windows\Systems.ini 2015-03-26 10:11 - 2015-03-26 10:11 - 00003296 ____N () C:\bootsqm.dat 2015-03-25 22:13 - 2015-03-25 22:14 - 00000000 ____D () C:\Users\julian\Downloads\Adolf Hitler Paintings 2015-03-25 21:23 - 2015-03-30 11:16 - 00000000 ____D () C:\Users\julian\AppData\Local\Vidalia 2015-03-25 21:23 - 2015-03-25 21:23 - 00000000 ____D () C:\Users\julian\AppData\Local\Tor 2015-03-25 21:05 - 2015-03-26 12:19 - 00000000 ____D () C:\Program Files (x86)\Filetopia3 2015-03-25 21:05 - 2015-03-25 21:05 - 00000962 _____ () C:\Users\julian\Desktop\Filetopia.lnk 2015-03-25 21:05 - 2015-03-25 21:05 - 00000000 ____D () C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Filetopia 2015-03-25 21:05 - 2015-03-25 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Filetopia 2015-03-25 21:04 - 2015-03-25 21:04 - 01842176 _____ () C:\Users\julian\Downloads\ftop3.exe 2015-03-25 20:55 - 2015-03-25 20:56 - 00000000 ____D () C:\Users\julian\Downloads\MUTE 2015-03-25 20:55 - 2015-03-25 20:55 - 04639202 _____ () C:\Users\julian\Downloads\MUTE_fileSharing-0.5.1_Windows.exe 2015-03-25 19:35 - 2015-03-25 19:35 - 09378598 _____ () C:\Users\julian\Downloads\vidalia-bridge-bundle-0.2.4.23-0.2.21 (1).exe 2015-03-25 12:58 - 2015-03-25 12:58 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\julian\Downloads\tdsskiller44 (1).exe 2015-03-25 12:58 - 2015-03-25 12:58 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\julian\Desktop\tdsskiller44 (1).exe 2015-03-25 12:19 - 2015-03-26 13:48 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-03-25 12:18 - 2015-03-26 13:48 - 00000000 ____D () C:\Users\julian\Desktop\mbar 2015-03-25 12:18 - 2015-03-25 12:18 - 16502728 _____ (Malwarebytes Corp.) C:\Users\julian\Downloads\mbar-1.09.1.1004 (1).exe 2015-03-25 12:18 - 2015-03-25 12:18 - 16502728 _____ (Malwarebytes Corp.) C:\Users\julian\Desktop\mbar-1.09.1.1004 (1).exe 2015-03-25 12:16 - 2015-03-25 12:17 - 16502728 _____ (Malwarebytes Corp.) C:\Users\julian\Downloads\mbar-1.09.1.1004.exe 2015-03-24 15:17 - 2015-03-24 15:17 - 00038833 _____ () C:\Users\julian\Desktop\Shortcut.txt 2015-03-24 15:15 - 2015-03-24 15:17 - 00022498 _____ () C:\Users\julian\Desktop\Addition.txt 2015-03-24 15:14 - 2015-03-30 11:23 - 00013386 _____ () C:\Users\julian\Desktop\FRST.txt 2015-03-24 15:13 - 2015-03-24 15:13 - 00000000 ____D () C:\Users\julian\AppData\Roaming\Avira 2015-03-24 15:10 - 2015-03-24 15:08 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-03-24 15:08 - 2015-03-24 15:08 - 00000000 ____D () C:\Users\julian\AppData\Roaming\Mozilla 2015-03-24 15:06 - 2015-03-17 14:01 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-03-24 15:06 - 2015-03-17 14:01 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-03-24 15:06 - 2015-03-17 14:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2015-03-24 15:01 - 2015-03-24 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-03-24 15:01 - 2015-03-24 15:06 - 00000000 ____D () C:\ProgramData\Avira 2015-03-24 15:01 - 2015-03-24 15:06 - 00000000 ____D () C:\Program Files (x86)\Avira 2015-03-24 15:01 - 2015-03-24 15:01 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk 2015-03-24 15:00 - 2015-03-24 15:00 - 04515896 _____ (Avira Operations & Co. KG) C:\Users\julian\Downloads\avira_de_av_55115fdd78351__wsm.exe 2015-03-24 15:00 - 2015-03-24 15:00 - 00000000 ____D () C:\ProgramData\Package Cache 2015-03-24 13:52 - 2015-03-24 13:52 - 02095616 _____ (Farbar) C:\Users\julian\Desktop\FRST64 (1).exe 2015-03-24 13:51 - 2015-03-24 13:52 - 02095616 _____ (Farbar) C:\Users\julian\Downloads\FRST64 (1).exe 2015-03-24 13:43 - 2015-03-24 13:44 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\julian\Downloads\tdsskiller44.exe 2015-03-24 13:39 - 2015-03-30 11:15 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-24 13:38 - 2015-03-26 10:21 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-24 13:38 - 2015-03-24 13:38 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-24 13:38 - 2015-03-24 13:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-24 13:38 - 2015-03-24 13:38 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-24 13:38 - 2015-03-24 13:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-03-24 13:38 - 2015-03-17 07:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-24 13:38 - 2015-03-17 07:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-24 13:37 - 2015-03-24 13:38 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\julian\Downloads\mbam-setup-2.1.4.1018.exe 2015-03-24 13:36 - 2015-03-25 12:51 - 00000000 ___HD () C:\ProgramData\{$1284-9213-2940-1289$} 2015-03-24 13:36 - 2015-03-24 13:36 - 00000000 _____ () C:\Users\julian\AppData\Roaming\system.ini 2015-03-24 13:09 - 2015-03-25 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bridge Bundle 2015-03-24 13:09 - 2015-03-25 21:23 - 00000000 ____D () C:\Program Files (x86)\Vidalia Bridge Bundle 2015-03-24 13:08 - 2015-03-24 13:09 - 09378598 _____ () C:\Users\julian\Downloads\vidalia-bridge-bundle-0.2.4.23-0.2.21.exe 2015-03-24 13:04 - 2015-03-30 11:16 - 00000000 ____D () C:\Users\julian\AppData\Roaming\tor 2015-03-24 12:49 - 2015-03-24 12:49 - 00000000 ____D () C:\Users\julian\Desktop\Tor Browser 2015-03-24 12:48 - 2015-03-24 12:49 - 34737321 _____ () C:\Users\julian\Downloads\torbrowser-install-4.0.5_de.exe 2015-03-24 12:10 - 2015-03-24 12:18 - 00000000 ____D () C:\Users\julian\Downloads\40 Textures Wallpapers 1920x1200 Px [Set 5] 2015-03-24 12:07 - 2015-03-24 12:08 - 00000000 ____D () C:\Users\julian\Downloads\40 Cityscapes Wallpapers 2560x1600 [Set 1] 2015-03-23 17:42 - 2015-03-23 17:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3 2015-03-23 17:42 - 2015-03-23 17:42 - 00000000 ____D () C:\Program Files (x86)\AutoIt3 2015-03-23 17:41 - 2015-03-23 17:41 - 11878040 _____ (AutoIt Team) C:\Users\julian\Downloads\autoit-v3-setup.exe 2015-03-23 17:26 - 2015-03-23 17:26 - 00000030 _____ () C:\Users\julian\Desktop\ico.rc 2015-03-23 17:23 - 2015-03-23 17:23 - 00461798 _____ () C:\Users\julian\Downloads\BosonCrypter Free V2.zip 2015-03-22 20:04 - 2015-03-22 20:05 - 00000000 ____D () C:\Users\julian\Downloads\40 Macro Wallpapers 1920x1200 [Set 43] 2015-03-22 19:34 - 2015-03-22 19:34 - 00002414 _____ () C:\Users\julian\Documents\DeepSea.log 2015-03-22 19:31 - 2015-03-22 19:31 - 00000000 ____D () C:\Users\julian\Documents\DeepSea Obfuscator v4 (Licensed) Samples 2015-03-22 19:31 - 2015-03-22 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeepSea Obfuscator 4 2015-03-22 19:31 - 2015-03-22 19:31 - 00000000 ____D () C:\Program Files\DeepSea Obfuscator 4 2015-03-22 19:31 - 2015-03-22 19:31 - 00000000 ____D () C:\Program Files\Common Files\TallApplications 2015-03-22 19:30 - 2015-03-22 19:31 - 05608968 _____ (TallApplications ) C:\Users\julian\Downloads\DeepSeaSetup.exe 2015-03-22 19:03 - 2015-03-22 19:03 - 00571466 _____ () C:\Users\julian\Downloads\Call Crypter Refud ByRoda.rar 2015-03-22 18:45 - 2015-03-22 18:45 - 04770164 _____ () C:\Users\julian\Downloads\DarkCometRAT3.0.1.rar 2015-03-22 18:37 - 2015-03-22 18:37 - 00000000 ____D () C:\Users\julian\Downloads\Malwarebytes AntiMalware Premium v2.0.2.1012 ML Incl Keygen-BRD [TorDigger] 2015-03-21 12:23 - 2015-03-26 14:28 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2015-03-21 12:22 - 2015-03-21 12:22 - 07824680 _____ (TeamViewer GmbH) C:\Users\julian\Downloads\TeamViewer_Setup_de.exe 2015-03-20 20:44 - 2015-03-20 21:25 - 1549615104 _____ () C:\Users\julian\Downloads\linuxmint-17.1-cinnamon-64bit.iso 2015-03-20 20:13 - 2015-03-20 20:31 - 1297121280 _____ () C:\Users\julian\Downloads\debian-live-7.8.0-amd64-kde-desktop.iso 2015-03-20 19:41 - 2015-03-20 19:41 - 00000000 ____D () C:\Neuer Ordner 2015-03-20 19:40 - 2015-03-20 19:40 - 09630677 _____ () C:\Users\julian\Downloads\Oma_DriverAssistant_3.7z 2015-03-20 19:34 - 2015-03-20 19:34 - 00000320 _____ () C:\DriverInstall2015-03-20.txt 2015-03-20 19:26 - 2015-03-20 19:26 - 00000473 _____ () C:\Users\julian\Downloads\CrewRKTablets_RK31_KK_Omni_parameter_8GB_tabs.7z 2015-03-20 19:26 - 2015-03-20 19:26 - 00000460 _____ () C:\Users\julian\Downloads\CrewRKTablets_RK31_KK_Omni_parameter_dynamic.7z 2015-03-20 19:26 - 2014-08-21 20:22 - 00000609 _____ () C:\Users\julian\Desktop\parameter 2015-03-20 19:26 - 2014-06-01 20:36 - 00000609 _____ () C:\Users\julian\Desktop\parameter_8GB 2015-03-20 19:18 - 2015-03-20 19:18 - 00031742 _____ () C:\Users\julian\Downloads\Shortcut.txt 2015-03-20 19:17 - 2015-03-20 19:18 - 00020571 _____ () C:\Users\julian\Downloads\Addition.txt 2015-03-20 19:16 - 2015-03-30 11:23 - 00000000 ____D () C:\FRST 2015-03-20 19:16 - 2015-03-20 19:18 - 00053712 _____ () C:\Users\julian\Downloads\FRST.txt 2015-03-20 19:16 - 2015-03-20 19:16 - 02095616 _____ (Farbar) C:\Users\julian\Downloads\FRST64.exe 2015-03-20 19:10 - 2015-03-20 19:11 - 02721569 _____ () C:\Users\julian\Downloads\RK31_kernel_3036_tab89_tolino.7z 2015-03-20 18:34 - 2015-03-20 18:34 - 01496626 _____ () C:\Users\julian\Downloads\flash_tool_1.5.zip 2015-03-19 19:51 - 2015-03-19 19:51 - 00001534 _____ () C:\Users\julian\Downloads\Opencellid - measurements of 262-1-41817-31 (size 2).kml 2015-03-19 19:51 - 2015-03-19 19:51 - 00000337 _____ () C:\Users\julian\Downloads\Opencellid - measurements of 262-1-41817-31 (size 2).csv 2015-03-18 21:14 - 2015-03-18 21:14 - 00000000 ____D () C:\Users\julian\AppData\Roaming\Process Hacker 2 2015-03-18 21:13 - 2015-03-18 22:00 - 00001885 _____ () C:\Users\julian\Desktop\Process Hacker 2.lnk 2015-03-18 21:13 - 2015-03-18 21:13 - 01932448 _____ (wj32 ) C:\Users\julian\Downloads\processhacker-2.33-setup.exe 2015-03-18 21:13 - 2015-03-18 21:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2 2015-03-18 21:13 - 2015-03-18 21:13 - 00000000 ____D () C:\Program Files\Process Hacker 2 2015-03-18 20:47 - 2015-03-18 20:48 - 00000000 ____D () C:\Users\julian\Downloads\Desktop Wallpapers - Miscellaneous [1680x1050-2560x1600]-2015 2015-03-18 20:40 - 2015-03-23 16:43 - 00014058 _____ () C:\Users\julian\Desktop\proxies.txt 2015-03-17 17:37 - 2015-03-17 17:37 - 00000000 ____D () C:\Users\julian\Desktop\RK Rom Dumper and Flasher for Windows 2015-03-17 17:36 - 2015-03-17 17:37 - 01253619 _____ () C:\Users\julian\Downloads\rk_tool21_how_to.zip 2015-03-17 17:36 - 2014-08-11 09:59 - 00000000 ____D () C:\Users\julian\Desktop\Release_DriverAssitant 2015-03-17 17:36 - 2014-08-11 09:32 - 00068456 _____ (Fuzhou Rockchip Electronics Co,Ltd.) C:\Windows\system32\Drivers\rockusb.sys 2015-03-17 17:29 - 2015-03-17 17:35 - 09571721 _____ () C:\Users\julian\Downloads\Release_DriverAssitant.rar 2015-03-16 22:32 - 2015-03-16 22:32 - 00000000 ____D () C:\Users\julian\Downloads\The Sims 3 v1.5.21 MOD 2015-03-15 15:41 - 2015-03-15 15:41 - 00591404 _____ () C:\Users\julian\Downloads\RockChip Batch Tool v1.7.zip 2015-03-15 15:41 - 2014-07-01 08:33 - 00000000 ____D () C:\Users\julian\Desktop\RockChip Batch Tool v1.7 2015-03-15 15:10 - 2014-06-08 11:59 - 00195258 _____ () C:\Users\julian\Desktop\RK3188Loader(L)_V2.10.bin 2015-03-15 15:08 - 2015-03-15 15:08 - 00177759 _____ () C:\Users\julian\Downloads\RK3188LoaderL_V2.10.7z 2015-03-15 15:00 - 2015-03-15 15:00 - 00000000 ____D () C:\Users\julian\Desktop\flash 2015-03-15 14:59 - 2013-08-29 19:59 - 00194738 _____ () C:\Users\julian\Desktop\RK3188Loader(L)_V1.24.bin 2015-03-15 14:57 - 2015-03-15 14:57 - 00546536 _____ () C:\Users\julian\Downloads\Oma_DevelopTool_Refresh.7z 2015-03-15 14:35 - 2015-03-15 14:35 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2015-03-15 14:28 - 2015-03-15 14:28 - 00000334 _____ () C:\DriverInstall2015-03-15.txt 2015-03-15 14:20 - 2015-03-20 18:20 - 00000000 ____D () C:\Users\julian\Desktop\cROM 2015-03-15 14:12 - 2015-03-15 14:20 - 352564223 _____ () C:\Users\julian\Downloads\Oma_RK31_tolino_tab8.9_JB_4.2.2_v1.0.7z 2015-03-13 22:40 - 2015-03-13 22:40 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf 2015-03-13 22:36 - 2015-03-13 22:36 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2015-03-13 22:36 - 2013-07-22 18:15 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll 2015-03-13 22:36 - 2013-07-22 18:15 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll 2015-03-13 22:35 - 2013-12-06 22:49 - 00000000 ____D () C:\Users\julian\Desktop\RK3188_ROOT_Everal 2015-03-13 22:30 - 2015-03-13 22:32 - 08671276 _____ () C:\Users\julian\Downloads\RK3188_ROOT_Everal.rar 2015-03-13 22:29 - 2015-03-26 19:28 - 00000000 ____D () C:\Users\julian\.android 2015-03-13 22:29 - 2015-03-13 22:41 - 00000000 ____D () C:\Program Files (x86)\Kingo ROOT 2015-03-13 22:29 - 2015-03-13 22:29 - 00001035 _____ () C:\Users\Public\Desktop\Kingo ROOT.lnk 2015-03-13 22:29 - 2015-03-13 22:29 - 00000000 ____D () C:\Users\julian\AppData\Roaming\Kingosoft 2015-03-13 22:29 - 2015-03-13 22:29 - 00000000 ____D () C:\Users\julian\AppData\Local\Kingosoft 2015-03-13 22:29 - 2015-03-13 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingo ROOT 2015-03-13 22:28 - 2015-03-13 22:28 - 18459176 _____ (Kingosoft Technology Ltd. ) C:\Users\julian\Downloads\android134_root.exe 2015-03-13 21:24 - 2015-03-13 21:24 - 01903054 _____ () C:\Users\julian\Downloads\HashTab_v5.2.0.14.zip 2015-03-13 21:24 - 2015-03-13 21:24 - 00000000 ____D () C:\Program Files\HashTab Shell Extension 2015-03-13 21:12 - 2015-03-13 21:24 - 766509056 _____ () C:\Users\julian\Downloads\ubuntu-12.04.4-desktop-i386.iso 2015-03-13 21:05 - 2015-03-27 17:12 - 03427810 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-03-13 21:01 - 2009-11-25 12:47 - 01942856 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2015-03-13 21:01 - 2009-11-25 12:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2015-03-13 21:01 - 2009-11-25 12:47 - 00444752 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll 2015-03-13 21:01 - 2009-11-25 12:47 - 00320352 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe 2015-03-13 21:01 - 2009-11-25 12:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll 2015-03-13 21:01 - 2009-11-25 12:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe 2015-03-13 21:01 - 2009-11-25 12:47 - 00109912 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll 2015-03-13 21:01 - 2009-11-25 12:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll 2015-03-13 21:01 - 2009-11-25 12:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll 2015-03-13 21:01 - 2009-11-25 12:47 - 00048960 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll 2015-03-13 20:59 - 2015-03-13 20:59 - 01005568 _____ (Microsoft Corporation) C:\Users\julian\Downloads\dotNetFx45_Full_setup.exe 2015-03-10 18:55 - 2015-03-10 18:55 - 01835008 _____ () C:\Users\julian\Documents\TrueCrypt Rescue Disk.iso 2015-03-10 18:55 - 2015-03-10 18:55 - 00001254 _____ () C:\Users\Public\Desktop\Virtual CloneDrive.lnk 2015-03-10 18:54 - 2015-03-10 18:54 - 01640984 _____ () C:\Users\julian\Downloads\SetupVirtualCloneDrive5470.exe 2015-03-10 18:54 - 2015-03-10 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes 2015-03-10 18:54 - 2015-03-10 18:54 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes 2015-03-10 18:53 - 2015-03-10 18:53 - 00000000 ____D () C:\ProgramData\TrueCrypt 2015-03-10 18:51 - 2015-03-10 18:56 - 00000000 ____D () C:\Users\julian\AppData\Roaming\TrueCrypt 2015-03-10 18:51 - 2015-03-10 18:51 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys 2015-03-10 18:51 - 2015-03-10 18:51 - 00000875 _____ () C:\Users\Public\Desktop\TrueCrypt.lnk 2015-03-10 18:51 - 2015-03-10 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt 2015-03-10 18:51 - 2015-03-10 18:51 - 00000000 ____D () C:\Program Files\TrueCrypt 2015-03-10 18:50 - 2015-03-10 18:50 - 03466248 _____ (TrueCrypt Foundation) C:\Users\julian\Downloads\truecrypt_setup_7.1a.exe 2015-03-10 18:20 - 2015-03-10 18:20 - 01581750 _____ () C:\Users\julian\Downloads\GPTool.rar 2015-03-10 18:20 - 2015-03-10 18:20 - 00000000 ____D () C:\Users\julian\Desktop\gptool 2015-03-10 18:14 - 2015-03-10 18:16 - 28764152 _____ () C:\Users\julian\Downloads\WPA wordlist.tar.gz.part 2015-03-10 18:03 - 2015-03-10 18:03 - 00029578 _____ () C:\Users\julian\Downloads\ubuntu-12.04.4-desktop-i386.iso (5).torrent 2015-03-10 18:02 - 2015-03-10 18:02 - 00029578 _____ () C:\Users\julian\Downloads\ubuntu-12.04.4-desktop-i386.iso (4).torrent 2015-03-10 18:02 - 2015-03-10 18:02 - 00029578 _____ () C:\Users\julian\Downloads\ubuntu-12.04.4-desktop-i386.iso (3).torrent 2015-03-10 18:02 - 2015-03-10 18:02 - 00029578 _____ () C:\Users\julian\Downloads\ubuntu-12.04.4-desktop-i386.iso (2).torrent 2015-03-10 18:01 - 2015-03-10 18:01 - 00029578 _____ () C:\Users\julian\Downloads\ubuntu-12.04.4-desktop-i386.iso.torrent 2015-03-10 18:01 - 2015-03-10 18:01 - 00029578 _____ () C:\Users\julian\Downloads\ubuntu-12.04.4-desktop-i386.iso (1).torrent 2015-03-10 17:43 - 2015-03-10 17:43 - 00000000 ____D () C:\Users\julian\AppData\Local\Dögel_GmbH 2015-03-10 17:42 - 2015-03-10 17:42 - 00000000 ____D () C:\Capture 2015-03-10 17:41 - 2015-03-10 17:41 - 10444504 _____ () C:\Users\julian\Downloads\Evalaze_Free_2.2.0.0.zip 2015-03-10 17:23 - 2015-03-10 17:23 - 02058768 _____ () C:\Users\julian\Downloads\winrar-x64-521d.exe 2015-03-10 17:23 - 2015-03-10 17:23 - 00848808 _____ () C:\Users\julian\Downloads\BuBBle Protector FUD ByRoda.rar 2015-03-10 17:23 - 2015-03-10 17:23 - 00000000 ____D () C:\Users\julian\AppData\Roaming\WinRAR 2015-03-10 17:23 - 2015-03-10 17:23 - 00000000 ____D () C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-03-10 17:23 - 2015-03-10 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-03-10 17:23 - 2015-03-10 17:23 - 00000000 ____D () C:\Program Files\WinRAR 2015-03-08 22:35 - 2015-03-08 22:35 - 00001807 _____ () C:\Users\Public\Desktop\Start BlueStacks.lnk 2015-03-08 22:35 - 2015-03-08 22:35 - 00001780 _____ () C:\Users\Public\Desktop\Apps.lnk 2015-03-08 22:34 - 2015-03-08 22:40 - 00000000 ____D () C:\ProgramData\BlueStacksSetup 2015-03-08 22:34 - 2015-03-08 22:34 - 00000000 ____D () C:\Users\julian\AppData\Local\Bluestacks 2015-03-08 22:34 - 2015-03-08 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 2015-03-08 22:34 - 2015-03-08 22:34 - 00000000 ____D () C:\ProgramData\BlueStacks 2015-03-08 22:34 - 2015-03-08 22:34 - 00000000 ____D () C:\Program Files (x86)\BlueStacks 2015-03-08 22:33 - 2015-03-08 22:33 - 13555608 _____ (BlueStack Systems Inc.) C:\Users\julian\Downloads\BlueStacks-ThinInstaller.exe 2015-03-08 22:30 - 2015-03-08 22:30 - 00270282 _____ () C:\Users\julian\Downloads\info.staticfree.android.twentyfourhour_8.apk 2015-03-08 22:30 - 2015-03-08 22:30 - 00270282 _____ () C:\Users\julian\Desktop\info.staticfree.android.twentyfourhour_8.apk 2015-03-08 21:53 - 2015-03-08 21:53 - 00068628 _____ () C:\Users\julian\Desktop\Framework.apk 2015-03-08 21:33 - 2015-03-29 20:17 - 00000000 ____D () C:\Windows\pss 2015-03-08 20:42 - 2015-03-08 20:42 - 00000000 ____D () C:\Users\julian\Tracing 2015-03-08 19:27 - 2015-03-08 19:27 - 00000000 ____D () C:\ProgramData\Avg_Update_0215tb 2015-03-08 00:10 - 2015-03-10 18:12 - 00000000 ____D () C:\Users\julian\Downloads\GTA.San.Andreas.Karma-iND 2015-03-08 00:08 - 2015-03-08 00:09 - 00001092 _____ () C:\Users\julian\Downloads\d65932923198b89757fc167281f3c972 (1).dlc 2015-03-08 00:08 - 2015-03-08 00:08 - 00001092 _____ () C:\Users\julian\Downloads\d65932923198b89757fc167281f3c972.dlc 2015-03-07 23:13 - 2015-03-07 23:13 - 00000000 ____D () C:\Users\julian\Desktop\omegle 2015-03-07 23:12 - 2015-03-07 23:13 - 01246754 _____ () C:\Users\julian\Downloads\YOSFree Bin 1.4.3.5.zip 2015-03-07 22:32 - 2015-03-07 22:32 - 00000113 _____ () C:\Users\julian\Desktop\Neues Textdokument.txt 2015-03-07 15:08 - 2015-03-07 15:08 - 00748246 _____ ( ) C:\Users\julian\Downloads\reshack_setup.exe 2015-03-07 15:08 - 2015-03-07 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker 2015-03-07 15:08 - 2015-03-07 15:08 - 00000000 ____D () C:\Program Files (x86)\Resource Hacker 2015-03-07 14:28 - 2015-03-27 18:47 - 00000000 ____D () C:\Users\julian\VirtualBox VMs 2015-03-07 14:27 - 2015-03-29 19:33 - 00000000 ____D () C:\Users\julian\.VirtualBox 2015-03-07 14:27 - 2015-03-07 14:27 - 00836500 _____ () C:\Users\julian\Desktop\FINISHED.apk 2015-03-07 14:26 - 2015-03-07 14:26 - 00799497 _____ () C:\Users\julian\Downloads\com.orphan.amplayer_1.apk 2015-03-07 14:26 - 2015-03-07 14:26 - 00799497 _____ () C:\Users\julian\Desktop\com.orphan.amplayer_1.apk 2015-03-07 14:18 - 2015-03-07 14:24 - 348127232 _____ () C:\Users\julian\Downloads\android-x86-4.4-RC2.iso 2015-03-07 14:17 - 2015-03-07 14:17 - 00001076 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk 2015-03-07 14:17 - 2015-03-07 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox 2015-03-07 14:17 - 2015-03-02 16:20 - 00922168 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys 2015-03-07 14:17 - 2015-03-02 16:18 - 00128592 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys 2015-03-07 14:16 - 2015-03-07 14:16 - 00000000 ____D () C:\Program Files\Oracle 2015-03-07 14:12 - 2015-03-07 14:15 - 111197384 _____ (Oracle Corporation) C:\Users\julian\Downloads\VirtualBox-4.3.24-98716-Win.exe 2015-03-07 12:49 - 2015-03-07 12:49 - 00000000 ____D () C:\Users\julian\AppData\Local\AndroRat_Binder 2015-03-07 12:48 - 2015-03-07 12:48 - 00068664 _____ () C:\Users\julian\Desktop\System App Mover.apk 2015-03-07 12:48 - 2015-03-07 12:48 - 00000000 ____D () C:\Users\julian\apktool 2015-03-07 12:42 - 2015-03-07 12:42 - 00000000 ____D () C:\ProgramData\Sun 2015-03-07 12:42 - 2015-03-07 12:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-03-07 12:42 - 2015-03-07 12:41 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-03-07 12:41 - 2015-03-07 12:41 - 00000000 ____D () C:\ProgramData\Oracle 2015-03-07 12:41 - 2015-03-07 12:41 - 00000000 ____D () C:\Program Files (x86)\Java 2015-03-07 12:40 - 2015-03-07 12:40 - 00561576 _____ (Oracle Corporation) C:\Users\julian\Downloads\chromeinstall-8u40.exe 2015-03-07 12:28 - 2015-03-07 12:28 - 00061285 _____ () C:\Users\julian\Downloads\de.j4velin.systemappmover_161.apk 2015-03-07 12:24 - 2015-03-07 12:24 - 00000000 ___RD () C:\Sandbox 2015-03-07 12:23 - 2015-03-07 12:23 - 10303034 _____ () C:\Users\julian\Downloads\Androrat by Laceratus.zip 2015-03-07 12:22 - 2015-03-29 18:57 - 00001670 _____ () C:\Windows\Sandboxie.ini 2015-03-07 12:22 - 2015-03-07 12:47 - 00001020 _____ () C:\Users\julian\Desktop\Sandboxed Web Browser.lnk 2015-03-07 12:22 - 2015-03-07 12:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie 2015-03-07 12:22 - 2015-03-07 12:22 - 00000000 ____D () C:\Program Files\Sandboxie 2015-03-07 12:21 - 2015-03-07 12:21 - 06980616 _____ (Sandboxie Holdings, LLC) C:\Users\julian\Downloads\SandboxieInstall.exe 2015-03-07 12:16 - 2015-03-07 12:16 - 00100790 _____ () C:\Users\julian\Downloads\WormFC.zip 2015-03-07 12:14 - 2015-03-07 12:14 - 00239648 _____ () C:\Users\julian\Downloads\DUCSetup_v4_1_0.exe 2015-03-07 12:14 - 2015-03-07 12:14 - 00000000 ____D () C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC 2015-03-07 12:14 - 2015-03-07 12:14 - 00000000 ____D () C:\Users\julian\AppData\Local\Vitalwerks 2015-03-07 12:14 - 2015-03-07 12:14 - 00000000 ____D () C:\Program Files (x86)\No-IP 2015-03-07 12:10 - 2015-03-07 12:10 - 03069958 _____ () C:\Users\julian\Downloads\ICryptex Free Edition - Update 02.03.2015.zip 2015-03-03 19:45 - 2015-03-03 19:46 - 19192342 _____ () C:\Users\julian\Downloads\Windows_7_TOP50Gadgets.zip 2015-03-02 16:18 - 2015-03-02 16:18 - 00204264 _____ (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll 2015-03-02 16:18 - 2015-03-02 16:18 - 00156360 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys 2015-03-02 16:18 - 2015-03-02 16:18 - 00141440 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys 2015-03-02 16:18 - 2015-03-02 16:18 - 00116744 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSB.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-30 11:21 - 2009-07-14 06:45 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-30 11:21 - 2009-07-14 06:45 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-30 11:17 - 2015-02-27 21:37 - 00000000 ____D () C:\Users\julian\AppData\Roaming\BitTorrent 2015-03-30 11:17 - 2010-06-07 00:35 - 00212532 _____ () C:\Windows\WindowsUpdate.log 2015-03-30 11:16 - 2015-02-27 22:46 - 00000000 ____D () C:\Users\julian\AppData\Roaming\Skype 2015-03-30 11:16 - 2015-02-27 21:35 - 00000000 ____D () C:\Users\julian\AppData\Roaming\uTorrent 2015-03-30 11:12 - 2009-07-14 06:51 - 00021107 _____ () C:\Windows\setupact.log 2015-03-29 11:55 - 2009-10-24 18:10 - 00734338 _____ () C:\Windows\system32\perfh010.dat 2015-03-29 11:55 - 2009-10-24 18:10 - 00147142 _____ () C:\Windows\system32\perfc010.dat 2015-03-29 11:55 - 2009-10-24 18:01 - 00740008 _____ () C:\Windows\system32\perfh00C.dat 2015-03-29 11:55 - 2009-10-24 18:01 - 00149876 _____ () C:\Windows\system32\perfc00C.dat 2015-03-29 11:55 - 2009-10-24 17:51 - 00702426 _____ () C:\Windows\system32\perfh007.dat 2015-03-29 11:55 - 2009-10-24 17:51 - 00150052 _____ () C:\Windows\system32\perfc007.dat 2015-03-29 11:55 - 2009-07-14 07:13 - 03398150 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-28 20:31 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2015-03-28 20:25 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2015-03-28 20:22 - 2015-02-27 21:17 - 00137030 _____ () C:\Windows\PFRO.log 2015-03-28 20:05 - 2010-06-07 01:01 - 327081447 _____ () C:\Windows\MEMORY.DMP 2015-03-28 20:05 - 2010-06-07 01:01 - 00000000 ____D () C:\Windows\Minidump 2015-03-26 16:58 - 2015-02-27 21:09 - 00087400 _____ () C:\Users\julian\AppData\Local\GDIPFONTCACHEV1.DAT 2015-03-26 16:57 - 2009-07-14 06:45 - 00363936 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-26 15:07 - 2015-02-27 22:16 - 00000000 ____D () C:\Program Files\PeerBlock 2015-03-26 14:07 - 2010-06-07 00:40 - 00000000 ____D () C:\Users\julian 2015-03-26 14:06 - 2009-07-14 04:34 - 00000499 _____ () C:\Windows\win.ini 2015-03-26 14:05 - 2009-07-14 09:45 - 00000000 ____D () C:\Windows\ShellNew 2015-03-26 14:02 - 2015-02-27 22:06 - 00000000 ____D () C:\Users\julian\AppData\Local\JDownloader v2.0 2015-03-26 14:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system 2015-03-25 12:53 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\addins 2015-03-24 13:54 - 2015-02-27 21:12 - 00000412 _____ () C:\Windows\Tasks\SlimDrivers Startup.job 2015-03-24 13:14 - 2015-02-27 21:09 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-24 12:01 - 2015-02-27 21:27 - 00000000 ____D () C:\ProgramData\MFAData 2015-03-24 12:00 - 2015-02-27 21:12 - 00002840 _____ () C:\Windows\System32\Tasks\SlimDrivers Startup 2015-03-24 11:58 - 2015-02-27 21:12 - 00013920 _____ () C:\Windows\system32\Drivers\SWDUMon.sys 2015-03-24 11:58 - 2015-02-27 21:09 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-24 11:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-22 19:31 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\MSBuild 2015-03-22 19:31 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2015-03-21 11:34 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\system32\WCN 2015-03-21 11:34 - 2009-07-14 07:37 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts 2015-03-21 11:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\MUI 2015-03-21 11:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism 2015-03-21 11:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\com 2015-03-18 21:51 - 2015-02-27 21:29 - 00000000 ____D () C:\ProgramData\AVG2015 2015-03-17 20:29 - 2015-02-27 22:01 - 00000000 ____D () C:\Users\julian\AppData\Local\AVG Web TuneUp 2015-03-13 20:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-03-10 18:05 - 2015-02-27 22:21 - 545343947 _____ () C:\Users\julian\Downloads\g0tmi1k-wordlist.7z 2015-03-08 22:35 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries 2015-03-08 19:30 - 2015-02-27 22:00 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp 2015-03-07 15:09 - 2010-06-07 00:40 - 00000000 ____D () C:\Users\julian\AppData\Local\VirtualStore 2015-03-03 19:54 - 2010-01-09 11:34 - 00871318 _____ () C:\Users\julian\Desktop\NetworkMeterv2.4.gadget 2015-02-28 11:14 - 2015-02-27 22:16 - 00001780 _____ () C:\Users\julian\Desktop\PeerBlock.lnk ==================== Files in the root of some directories ======= 2015-03-24 13:36 - 2015-03-24 13:36 - 0000000 _____ () C:\Users\julian\AppData\Roaming\system.ini Some content of TEMP: ==================== C:\Users\julian\AppData\Local\Temp\avgnt.exe C:\Users\julian\AppData\Local\Temp\Quarantine.exe C:\Users\julian\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-21 11:21 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by julian at 2015-03-30 11:24:24
Running from C:\Users\julian\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3484087542-3240090288-3349016086-1000\...\uTorrent) (Version: 3.4.2.39710 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
AutoIt v3.3.12.0 (HKLM-x32\...\AutoItv3) (Version: 3.3.12.0 - AutoIt Team)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5751 - AVG Technologies)
AVG 2015 (Version: 15.0.4315 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5751 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies)
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
BitTorrent (HKU\S-1-5-21-3484087542-3240090288-3349016086-1000\...\BitTorrent) (Version: 7.9.2.38914 - BitTorrent Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.14.4604 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{01961AE4-2F93-408B-AAED-AC582C4F5059}) (Version: 0.9.14.4604 - BlueStack Systems, Inc.)
DeepSea Obfuscator v4 (Licensed) (4.4.4.86) (HKLM\...\0222D721-97AC-49E8-9127-EA65AD781F85_is1) (Version: 4.4.4.86 - TallApplications)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Filetopia Client v3.04 (HKLM-x32\...\Filetopia Client v3.04) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HashTab 5.2.0.14 (HKLM\...\HashTab) (Version: 5.2.0.14 - Implbits Software)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kingo ROOT version 1.3.4.2252 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.3.4.2252 - Kingosoft Technology Ltd.)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.7969.0 - Microsoft Corporation)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.1.0 - Vitalwerks Internet Solutions LLC)
Oracle VM VirtualBox 4.3.24 (HKLM\...\{15E093DF-951E-46CB-B3EC-E1287E7A2319}) (Version: 4.3.24 - Oracle Corporation)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Process Hacker 2.33 (r5590) (HKLM\...\Process_Hacker2_is1) (Version: 2.33.0.5590 - wj32)
Resource Hacker Version 3.6.0 (HKLM-x32\...\ResourceHacker_is1) (Version: - )
Sandboxie 4.16 (64-bit) (HKLM\...\Sandboxie) (Version: 4.16 - Sandboxie Holdings, LLC)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
SlimDrivers (HKLM-x32\...\{03E312F7-8697-4BC4-A90F-33D34EECE18C}) (Version: 2.2.44488 - SlimWare Utilities, Inc.)
Tor 0.2.4.23 (HKLM-x32\...\Tor) (Version: - )
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Vidalia 0.2.21 (HKLM-x32\...\Vidalia) (Version: - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3484087542-3240090288-3349016086-1000_Classes\CLSID\{01E9FAE9-3819-4dd9-B1D9-998A1C62D1F8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3484087542-3240090288-3349016086-1000_Classes\CLSID\{25815CC0-43F4-3C75-8C3A-A139D9ADE740}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
==================== Restore Points =========================
25-03-2015 12:51:07 Malwarebytes Anti-Rootkit Restore Point
26-03-2015 14:03:07 Microsoft Office Professional Edition 2003 wird installiert
26-03-2015 14:33:48 Gerätetreiber-Paketinstallation: Fuzhou Rockchip Class for rockusb devices
26-03-2015 14:34:15 Gerätetreiber-Paketinstallation: Rockchip, Inc. Android Device
26-03-2015 18:38:09 Gerätetreiber-Paketinstallation: Fuzhou Rockchip Class for rockusb devices
26-03-2015 18:38:45 Gerätetreiber-Paketinstallation: Rockchip, Inc. Android Device
26-03-2015 19:14:37 Gerätetreiber-Paketinstallation: Fuzhou Rockchip Class for rockusb devices
26-03-2015 19:14:57 Gerätetreiber-Paketinstallation: Rockchip, Inc. Android Device
26-03-2015 19:25:05 Gerätetreiber-Paketinstallation: Fuzhou Rockchip Class for rockusb devices
26-03-2015 19:25:22 Gerätetreiber-Paketinstallation: Rockchip, Inc. Android Device
26-03-2015 19:28:04 Gerätetreiber-Paketinstallation: Fuzhou Rockchip Class for rockusb devices
26-03-2015 19:28:22 Gerätetreiber-Paketinstallation: Rockchip, Inc. Android Device
28-03-2015 20:12:36 ComboFix created restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2015-03-28 20:21 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {26A12C05-C1FE-47A2-9B19-64B79D9C0F60} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-27] (Google Inc.)
Task: {6C9AC9D4-9621-4067-A6E5-D86F89A14564} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-27] (Google Inc.)
Task: {E93AC64D-E885-4A8F-996D-4D412331EB36} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2015-01-28] (SlimWare Utilities, Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
==================== Loaded Modules (whitelisted) ==============
2015-02-27 21:13 - 2000-01-01 02:00 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-03-03 19:46 - 2015-03-03 19:46 - 00004096 _____ () C:\Users\julian\AppData\Local\Microsoft\Windows Sidebar\Gadgets\TechnoBaseFM.Gadget\TechnoBaseFMGadget.dll
2010-06-07 01:07 - 2015-03-14 12:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2010-06-07 01:07 - 2015-03-14 12:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2010-06-07 01:07 - 2015-03-14 12:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3484087542-3240090288-3349016086-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\julian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^julian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^7ca6a7fec2df0d82a777ae67fbedc9eb.exe => C:\Windows\pss\7ca6a7fec2df0d82a777ae67fbedc9eb.exe.Startup
MSCONFIG\startupreg: 7ca6a7fec2df0d82a777ae67fbedc9eb => "C:\Users\julian\AppData\Local\Temp\explorer.exe" ..
==================== Accounts: =============================
Administrator (S-1-5-21-3484087542-3240090288-3349016086-500 - Administrator - Disabled)
Gast (S-1-5-21-3484087542-3240090288-3349016086-501 - Limited - Disabled)
julian (S-1-5-21-3484087542-3240090288-3349016086-1000 - Administrator - Enabled) => C:\Users\julian
==================== Faulty Device Manager Devices =============
Name: PS/2-kompatible Maus
Description: PS/2-kompatible Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/30/2015 11:12:58 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/29/2015 08:32:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Error: (03/29/2015 07:12:30 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Error: (03/29/2015 07:12:27 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Error: (03/29/2015 07:12:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Error: (03/29/2015 07:12:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Error: (03/29/2015 07:00:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Skype.exe, Version: 7.1.0.105, Zeitstempel: 0x54c25acc
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdbdf
Ausnahmecode: 0xe0fafafa
Fehleroffset: 0x0000b727
ID des fehlerhaften Prozesses: 0x830
Startzeit der fehlerhaften Anwendung: 0xSkype.exe0
Pfad der fehlerhaften Anwendung: Skype.exe1
Pfad des fehlerhaften Moduls: Skype.exe2
Berichtskennung: Skype.exe3
Error: (03/29/2015 07:00:18 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/29/2015 02:05:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm NOTEPAD.EXE, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 5e4
Startzeit: 01d06a18311e8747
Endzeit: 0
Anwendungspfad: C:\Windows\system32\NOTEPAD.EXE
Berichts-ID: d120cd00-d60b-11e4-9f42-e81132051f51
Error: (03/29/2015 01:54:15 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={49CF6B0D-7089-4AC0-9419-D7302F00D234}: Der Benutzer "julian-PC\julian" hat eine Verbindung mit dem Namen "VPN-Verbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0.
System errors:
=============
Error: (03/30/2015 11:12:58 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (03/30/2015 11:12:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AVG WatchDog" wurde aufgrund folgenden Fehlers nicht gestartet:
%%5
Error: (03/30/2015 11:12:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AVGIDSAgent" wurde aufgrund folgenden Fehlers nicht gestartet:
%%5
Error: (03/30/2015 11:12:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WtuSystemSupport" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (03/29/2015 07:00:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (03/29/2015 06:57:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (03/29/2015 06:57:48 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMService erreicht.
Error: (03/29/2015 06:56:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AVG WatchDog" wurde aufgrund folgenden Fehlers nicht gestartet:
%%5
Error: (03/29/2015 06:56:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AVGIDSAgent" wurde aufgrund folgenden Fehlers nicht gestartet:
%%5
Error: (03/29/2015 06:56:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "WtuSystemSupport" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (03/30/2015 11:12:58 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/29/2015 08:32:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (03/29/2015 07:12:30 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestC:\Users\julian\Desktop\esetsmartinstaller_deu.exe
Error: (03/29/2015 07:12:27 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestC:\Users\julian\Desktop\esetsmartinstaller_deu.exe
Error: (03/29/2015 07:12:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestC:\Users\julian\Desktop\esetsmartinstaller_deu.exe
Error: (03/29/2015 07:12:22 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestC:\Users\julian\Desktop\esetsmartinstaller_deu.exe
Error: (03/29/2015 07:00:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Skype.exe7.1.0.10554c25accKERNELBASE.dll6.1.7600.163854a5bdbdfe0fafafa0000b72783001d06a4165d29616C:\Program Files (x86)\Skype\Phone\Skype.exeC:\Windows\syswow64\KERNELBASE.dll1b1032e0-d635-11e4-864d-e81132051f51
Error: (03/29/2015 07:00:18 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (03/29/2015 02:05:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: NOTEPAD.EXE6.1.7600.163855e401d06a18311e87470C:\Windows\system32\NOTEPAD.EXEd120cd00-d60b-11e4-9f42-e81132051f51
Error: (03/29/2015 01:54:15 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {49CF6B0D-7089-4AC0-9419-D7302F00D234}julian-PC\julianVPN-Verbindung0
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 39%
Total physical RAM: 3892.52 MB
Available physical RAM: 2364.61 MB
Total Pagefile: 7783.2 MB
Available Pagefile: 5601.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:238.07 GB) (Free:184.28 GB) NTFS
Drive f: (Backup) (Fixed) (Total:97.66 GB) (Free:76.32 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0008D427)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter Users shortcut scan result (x64) Version: 11-03-2015
Ran by julian at 2015-03-30 11:25:16
Running from C:\Users\julian\Desktop
Boot Mode: Normal
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Benutzerhandbuch für die Konsolenversion von RAR.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Hilfe zu WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Was ist neu in dieser Version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bridge Bundle\Uninstall.lnk -> C:\Program Files (x86)\Vidalia Bridge Bundle\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bridge Bundle\Vidalia Website.lnk -> C:\Program Files (x86)\Vidalia Bridge Bundle\Vidalia\Vidalia Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bridge Bundle\Vidalia.lnk -> C:\Program Files (x86)\Vidalia Bridge Bundle\Vidalia\vidalia.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bridge Bundle\Tor\Tor Website.lnk -> C:\Program Files (x86)\Vidalia Bridge Bundle\Tor\Tor Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bridge Bundle\Tor\Tor.lnk -> C:\Program Files (x86)\Vidalia Bridge Bundle\Tor\tor.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bridge Bundle\Tor\Documents\Tor Documentation.lnk -> C:\Program Files (x86)\Vidalia Bridge Bundle\Tor\Documents ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bridge Bundle\Tor\Documents\Tor Manual.lnk -> C:\Program Files (x86)\Vidalia Bridge Bundle\Tor\Documents\tor-reference.html (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bridge Bundle\Tor\Documents\Tor Specification.lnk -> C:\Program Files (x86)\Vidalia Bridge Bundle\Tor\Documents\tor-spec.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt\TrueCrypt.lnk -> C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers\SlimDrivers.lnk -> C:\Windows\Installer\{03E312F7-8697-4BC4-A90F-33D34EECE18C}\Icon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker\Resource Hacker.lnk -> C:\Program Files (x86)\Resource Hacker\ResHacker.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2\PE Viewer.lnk -> C:\Program Files\Process Hacker 2\peview.exe (wj32)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2\Process Hacker 2.lnk -> C:\Program Files\Process Hacker 2\ProcessHacker.exe (wj32)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2\Uninstall Process Hacker 2.lnk -> C:\Program Files\Process Hacker 2\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2\Help and Support\Changelog.lnk -> C:\Program Files\Process Hacker 2\CHANGELOG.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock\PeerBlock.lnk -> C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock\Uninstall PeerBlock.lnk -> C:\Program Files\PeerBlock\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock\Help and Support\ReadMe.lnk -> C:\Program Files\PeerBlock\readme.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox\License (English).lnk -> C:\Program Files\Oracle\VirtualBox\License_en_US.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox\Oracle VM VirtualBox.lnk -> C:\Program Files\Oracle\VirtualBox\VirtualBox.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox\User manual (CHM, English).lnk -> C:\Program Files\Oracle\VirtualBox\VirtualBox.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox\User manual (PDF, English).lnk -> C:\Program Files\Oracle\VirtualBox\doc\UserManual.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Access 2003.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\accicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2003.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office InfoPath 2003.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\inficon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Outlook 2003.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office PowerPoint 2003.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Publisher 2003.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\pubs.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2003.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digitale Signatur für VBA-Projekte.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Spracheinstellungen.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Access Snapshot Viewer.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Imaging.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\mspicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Document Scanning.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\mspicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Malwarebytes Anti-Malware entfernen.lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \ Malwarebytes Anti-Malware .lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \Chameleon\Windows\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingo ROOT\Kingo ROOT.lnk -> C:\Program Files (x86)\Kingo ROOT\Kingo Root.exe (Kingosoft)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingo ROOT\Uninstall Kingo ROOT.lnk -> C:\Program Files (x86)\Kingo ROOT\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Java konfigurieren.lnk -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Filetopia\Filetopia.lnk -> C:\Program Files (x86)\Filetopia3\Filetopia.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes\VirtualCloneDrive\Anleitung.lnk -> C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\HelpLauncher.exe (Elaborate Bytes AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes\VirtualCloneDrive\Uninstall.lnk -> C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes\VirtualCloneDrive\Virtual CloneDrive Revision History.lnk -> C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\manual\changes_vcd.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes\VirtualCloneDrive\Virtual CloneDrive.lnk -> C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDPrefs.exe (Elaborate Bytes AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeepSea Obfuscator 4\DeepSea Obfuscator Help.lnk -> C:\Program Files\DeepSea Obfuscator 4\DeepSea.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeepSea Obfuscator 4\DeepSea Obfuscator.lnk -> C:\Program Files\DeepSea Obfuscator 4\DeepSeaUI.exe (TallApplications)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks\Start BlueStacks.lnk -> C:\Program Files (x86)\BlueStacks\HD-StartLauncher.exe (BlueStack Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira Free Antivirus Hilfe.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\avwin.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira Free Antivirus starten.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Desktop\Avira im Internet.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\weblink.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2015.lnk -> C:\Program Files (x86)\AVG\AVG2015\avgui.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Help File.lnk -> C:\Program Files (x86)\AutoIt3\AutoIt.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x64).lnk -> C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe (AutoIt Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\AutoIt Window Info (x86).lnk -> C:\Program Files (x86)\AutoIt3\Au3Info.exe (AutoIt Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Compile Script to .exe (x64).lnk -> C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exe (AutoIt Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Compile Script to .exe (x86).lnk -> C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exe (AutoIt Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Examples.lnk -> C:\Program Files (x86)\AutoIt3\Examples ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Run Script (x64).lnk -> C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe (AutoIt Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Run Script (x86).lnk -> C:\Program Files (x86)\AutoIt3\AutoIt3.exe (AutoIt Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\SciTE Script Editor.lnk -> C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe (Neil Hodgson neilh@scintilla.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoIt v3 Website.lnk -> C:\Program Files (x86)\AutoIt3\AutoIt v3 Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\Browse Extras.lnk -> C:\Program Files (x86)\AutoIt3\Extras ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoItX\AutoItX Help File.lnk -> C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Extras\AutoItX\VBScript Examples.lnk -> C:\Program Files (x86)\AutoIt3\AutoItX\ActiveX\VBScript (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Program Files\7-Zip\7zFM.exe (Igor Pavlov)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files\7-Zip\7-zip.chm ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\Links\Desktop.lnk -> C:\Users\julian\Desktop ()
Shortcut: C:\Users\julian\Links\Downloads.lnk -> C:\Users\julian\Downloads ()
Shortcut: C:\Users\julian\Desktop\BitTorrent.lnk -> C:\Users\julian\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\julian\Desktop\Filetopia.lnk -> C:\Program Files (x86)\Filetopia3\Filetopia.exe ()
Shortcut: C:\Users\julian\Desktop\JDownloader 2.lnk -> C:\Users\julian\AppData\Local\JDownloader v2.0\JDownloader2.exe (AppWork GmbH)
Shortcut: C:\Users\julian\Desktop\PeerBlock.lnk -> C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
Shortcut: C:\Users\julian\Desktop\Process Hacker 2.lnk -> C:\Program Files\Process Hacker 2\ProcessHacker.exe (wj32)
Shortcut: C:\Users\julian\Desktop\µTorrent.lnk -> C:\Users\julian\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\julian\Desktop\Tor Browser\Start Tor Browser.lnk -> C:\Users\julian\Desktop\Tor Browser\Browser\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk -> C:\Users\julian\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -> C:\Users\julian\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Benutzerhandbuch für die Konsolenversion von RAR.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Hilfe zu WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Was ist neu in dieser Version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC\DUC.lnk -> C:\Program Files (x86)\No-IP\DUC40.exe ()
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC\License.lnk -> C:\Program Files (x86)\No-IP\License.txt ()
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC\Uninstall.lnk -> C:\Program Files (x86)\No-IP\Uninstall.exe ()
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2 Deinstallationsprogramm.lnk -> C:\Users\julian\AppData\Local\JDownloader v2.0\Uninstall JDownloader.exe (AppWork GmbH)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2 Update & Rescue.lnk -> C:\Users\julian\AppData\Local\JDownloader v2.0\JDownloader2Update.exe (AppWork GmbH)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader 2.lnk -> C:\Users\julian\AppData\Local\JDownloader v2.0\JDownloader2.exe (AppWork GmbH)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\EUROTOOL.LNK -> C:\Program Files (x86)\Microsoft Office\OFFICE11\Makro\EUROTOOL.XLA ()
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Makro.LNK -> C:\Program Files (x86)\Microsoft Office\OFFICE11\Makro ()
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Office\Zuletzt verwendet\Vorlagen.LNK -> C:\Users\julian\AppData\Roaming\Microsoft\Vorlagen ()
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk -> C:\Users\julian\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\JDownloader 2.lnk -> C:\Users\julian\AppData\Local\JDownloader v2.0\JDownloader2.exe (AppWork GmbH)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk -> C:\Program Files\Oracle\VirtualBox\VirtualBox.exe ()
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -> C:\Users\julian\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Vidalia.lnk -> C:\Program Files (x86)\Vidalia Bridge Bundle\Vidalia\vidalia.exe ()
Shortcut: C:\Users\Public\Desktop\Apps.lnk -> C:\Users\Public\Libraries\Apps.library-ms ()
Shortcut: C:\Users\Public\Desktop\AVG 2015.lnk -> C:\Program Files (x86)\AVG\AVG2015\avgui.exe (No File)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Kingo ROOT.lnk -> C:\Program Files (x86)\Kingo ROOT\Kingo Root.exe (Kingosoft)
Shortcut: C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation)
Shortcut: C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk -> C:\Program Files\Oracle\VirtualBox\VirtualBox.exe ()
Shortcut: C:\Users\Public\Desktop\Skype.lnk -> C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe ()
Shortcut: C:\Users\Public\Desktop\SlimDrivers.lnk -> C:\Windows\Installer\{03E312F7-8697-4BC4-A90F-33D34EECE18C}\Icon.exe ()
Shortcut: C:\Users\Public\Desktop\Start BlueStacks.lnk -> C:\Program Files (x86)\BlueStacks\HD-StartLauncher.exe (BlueStack Systems, Inc.)
Shortcut: C:\Users\Public\Desktop\TrueCrypt.lnk -> C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
Shortcut: C:\Users\Public\Desktop\Virtual CloneDrive.lnk -> C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDPrefs.exe (Elaborate Bytes AG)
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bridge Bundle\Tor\Torrc.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) -> C:\Users\julian\AppData\Local\Vidalia\torrc
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt\Uninstall TrueCrypt.lnk -> C:\Program Files\TrueCrypt\TrueCrypt Setup.exe (TrueCrypt Foundation) -> /u
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers\SlimDrivers Help.lnk -> C:\Windows\Installer\{03E312F7-8697-4BC4-A90F-33D34EECE18C}\Icon.exe () -> -help
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Programm mit Sandboxie starten.lnk -> C:\Program Files\Sandboxie\Start.exe (Sandboxie Holdings, LLC) -> /box:__ask__ run_dialog
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Sandboxie Control.lnk -> C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Sandboxie Deinstallieren.lnk -> C:\Windows\Installer\SandboxieInstall64.exe (Sandboxie Holdings, LLC) -> /remove
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Sandboxie Startmenü.lnk -> C:\Program Files\Sandboxie\Start.exe (Sandboxie Holdings, LLC) -> /box:__ask__ start_menu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Webbrowser mit Sandboxie starten.lnk -> C:\Program Files\Sandboxie\Start.exe (Sandboxie Holdings, LLC) -> default_browser
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie\Windows Explorer mit Sandboxie starten.lnk -> C:\Program Files\Sandboxie\Start.exe (Sandboxie Holdings, LLC) -> .
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2003 Assistent zum Speichern eigener Einstellungen.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\opwicon.exe () -> /u
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Anwendungswiederherstellung.lnk -> C:\Windows\Installer\{90110407-6000-11D3-8CFE-0150048383C9}\misc.exe () -> -c
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Auf Updates prüfen.lnk -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Info zu Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeepSea Obfuscator 4\Check for updates.lnk -> C:\Program Files\Common Files\TallApplications\Update\TallApplications.Update.exe (TallApplications) -> /title DeepSea Obfuscator v4 (Licensed) Updater
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira.lnk -> C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) -> /showMiniGui
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3\Check For Updates.lnk -> C:\Program Files (x86)\AutoIt3\AutoIt3.exe (AutoIt Team) -> "C:\Program Files (x86)\AutoIt3\Extras\AutoUpdateIt\AutoUpdateIt.au3"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\ProgramData\BlueStacks\UserData\Library\My Apps\Help.lnk -> C:\Program Files (x86)\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -p com.bluestacks.help -a com.bluestacks.help.HelpActivity
ShortcutWithArgument: C:\ProgramData\BlueStacks\UserData\Library\App Stores\1Mobile Market.lnk -> C:\Program Files (x86)\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -p me.onemobile.android -a me.onemobile.android.MainPagerActivity
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\julian\Desktop\Sandboxed Web Browser.lnk -> C:\Program Files\Sandboxie\Start.exe (Sandboxie Holdings, LLC) -> default_browser
ShortcutWithArgument: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Filetopia\Uninstall Filetopia Client v3.04.lnk -> C:\Program Files (x86)\Filetopia3\UNWISE.EXE () -> C:\PROGRA~2\FILETO~1\INSTALL.LOG
ShortcutWithArgument: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff
ShortcutWithArgument: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\julian\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\julian\AppData\Roaming\Microsoft\Windows\SendTo\Sandboxie - DefaultBox.lnk -> C:\Program Files\Sandboxie\Start.exe (Sandboxie Holdings, LLC) -> /box:DefaultBox
ShortcutWithArgument: C:\Users\julian\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook starten.lnk -> C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation) -> /recycle
ShortcutWithArgument: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk -> C:\Program Files\Sandboxie\Start.exe (Sandboxie Holdings, LLC) -> default_browser
ShortcutWithArgument: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\julian\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Auto0Shutdown0Restyled0Pierre.gadget\core\hibernation.lnk -> C:\Windows\System32\shutdown.exe (Microsoft Corporation) -> -h -f
ShortcutWithArgument: C:\Users\julian\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Auto0Shutdown0Restyled0Pierre.gadget\core\logoff.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> user32.dll, LockWorkStation
ShortcutWithArgument: C:\Users\julian\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Auto0Shutdown0Restyled0Pierre.gadget\core\restart.lnk -> C:\Windows\System32\shutdown.exe (Microsoft Corporation) -> -r -f -t 01
ShortcutWithArgument: C:\Users\julian\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Auto0Shutdown0Restyled0Pierre.gadget\core\shutdown.lnk -> C:\Windows\System32\shutdown.exe (Microsoft Corporation) -> -s -f -t 01
ShortcutWithArgument: C:\Users\Public\Desktop\Avira.lnk -> C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) -> /showMiniGui
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt\TrueCrypt Website.url -> hxxp://www.truecrypt.org/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2\Help and Support\Process Hacker 2 on the Web.url -> hxxp://processhacker.sourceforge.net/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock\Help and Support\Forums.url -> hxxp://forums.peerblock.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock\Help and Support\Homepage.url -> hxxp://www.peerblock.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock\Help and Support\User Manual.url -> hxxp://www.peerblock.com/userguide
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingo ROOT\Kingo ROOT on the Web.url -> hxxp://www.kingoapp.com/
InternetURL: C:\Users\julian\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\julian\Favorites\Windows Live\Windows Live Ideas.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72700
InternetURL: C:\Users\julian\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\julian\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72682
InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN Auto.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72680
InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN Fernsehen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72659
InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72640
InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN Nachrichten.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72636
InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN Sport.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72635
InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72520
InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72629
InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72406
InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72893
InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\julian\Favorites\Links\Vorgeschlagene Sites.url -> https://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\julian\Favorites\Links\Web Slice-Katalog.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
==================== End of log =============================
|
|
30.03.2015, 17:26
| #15 |
| /// the machine /// TB-Ausbilder | Rechner total verbogen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter
C:\Windows\pss\7ca6a7fec2df0d82a777ae67fbedc9eb.exe.Startup
HKU\S-1-5-21-3484087542-3240090288-3349016086-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
S2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe" [X]
S2 avgwd; "C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe" [X]
S2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [X]
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Meine Frage wegen der Geräusche? Windows Update machen, da fehlen 4 Jahre Updates.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
WARNUNG an die MITLESER: 
Linear-Darstellung
