| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Re-Infekt mit Malaha.net und diverse BeobachtungenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.04.2015, 19:53
| #1 |
 |  Re-Infekt mit Malaha.net und diverse Beobachtungen Hallo. Habe mir vor kurzem wegen malaha.net hier helfen lassen. Nun ist diese Site zurück. Und das nicht nur unter Win8.1 sondern auch unter Ubuntu. Außerdem scheint mir der Rechner sehr lange beim runterfahren zu brauchen. Genauer: alles ist runtergefahren, dennoch braucht der Rechner noch eine gewisse Zeit (geschätzt: 30/40 sec.) bis er sich dann tatsächlich abschaltet. Außerdem hab ich den Eindruck Alles zwei mal klicken zu müssen, um eine Reaktion zu erzeugen. Z.B. der Aufruf von Chrome aus der Startleiste. Oder ein Link auf einer Site. Und irgendwie muß ich immer mal wieder Pass- und Kennwörter eintragen. So bei WLan-Verbindung, LastPass oder anderen Verbindungen, bei denen das Kennwort gespeichert werden soll. Zu Win: defogger - gemacht FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2015 01 Ran by Kay (administrator) on *** on 27-04-2015 20:35:11 Running from C:\Users\Kay\Downloads Loaded Profiles: Kay (Available profiles: Kay) Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Malwarebytes Corporation) D:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) D:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (DEVGURU Co., LTD.) D:\Program Files (x86)\USB Drivers\25_escape\conn\ss_conn_service.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Malwarebytes Corporation) D:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Akamai Technologies, Inc.) C:\Users\Kay\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Kay\AppData\Local\Akamai\netsession_win.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\ScanToPCActivationApp.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe (VideoLAN) D:\Program Files\VideoLAN\VLC\vlc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Farbar) C:\Users\Kay\Downloads\FRST64 (1).exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicator.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [WISO Mein Geld 2015 Professional .NET] => D:\Program Files (x86)\Buhl\WISO Mein Geld 2015\mg.exe [1120568 2015-04-01] (Buhl Data Service) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-11-30] (Atheros Communications) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Run: [Google Update] => C:\Users\Kay\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-03-16] (Google Inc.) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Run: [Google+ Auto Backup] => C:\Users\Kay\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Run: [WEB.DE Application {sync-000021}] => C:\Users\Kay\AppData\Local\WEB.DE Application {sync-000021}\webde_onlinespeicher.exe [781312 2015-02-18] (1&1 Mail & Media GmbH) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Kay\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Run: [HP Photosmart Plus B210 series (NET)] => C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2014-10-06] ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2014-01-20] ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk [2015-02-19] Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-10-02] ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\Kay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2014-03-19] ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> D:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe () ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_1_20150212142954828.dll [2014-11-27] (1&1 Mail & Media GmbH) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) CHR HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/androidnews/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1888364831-2858631773-2981139133-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation) BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> d:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-10-06] (LastPass) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation) BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> d:\Program Files (x86)\LastPass\LPToolbar.dll [2014-10-06] (LastPass) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation) BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - d:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-10-06] (LastPass) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - d:\Program Files (x86)\LastPass\LPToolbar.dll [2014-10-06] (LastPass) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798 FF Homepage: hxxp://www.diesiedleronline.de/de/spielen FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-26] () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> d:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation) FF Plugin: @lastpass.com/NPLastPass -> d:\Program Files (x86)\LastPass\nplastpass64.dll [2014-10-06] (LastPass) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.1.2 -> d:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 -> d:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> d:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-26] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-04-17] (Adobe Systems, Inc.) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> d:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> d:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.) FF Plugin-x32: @lastpass.com/NPLastPass -> d:\Program Files (x86)\LastPass\nplastpass.dll [2014-10-06] (LastPass) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-05-11] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-05-11] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-1888364831-2858631773-2981139133-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> d:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-1888364831-2858631773-2981139133-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Kay\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.) FF Plugin HKU\S-1-5-21-1888364831-2858631773-2981139133-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Kay\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.) FF Plugin HKU\S-1-5-21-1888364831-2858631773-2981139133-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kay\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Extension: LastPass - C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798\Extensions\support@lastpass.com [2015-03-31] FF Extension: WOT - C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-03-31] FF Extension: ProxMate - C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2015-04-18] FF Extension: NoScript - C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-03-31] FF Extension: Adblock Plus - C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-31] FF Extension: BetterPrivacy - C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-03-31] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-21] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.spiegel.de/", "hxxp://forum.ubuntuusers.de/topic/kann-keine-programme-per-software-center-downl/", "hxxp://www.happypainting.de/", "hxxp://www.pentaxians.de/", "hxxp://www.web.de/", "hxxp://www.t-online.de/" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (ProxFlow) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2015-01-03] CHR Extension: (Do Not Track Me Facebook) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aignbmbaeiglnodbalalclggpjjihmjg [2014-02-09] CHR Extension: (Dr.Web Anti-Virus Link Checker) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleggpabliehgbeagmfhnodcijcmbonb [2014-02-09] CHR Extension: (Google Docs) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-09] CHR Extension: (Google Drive) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-09] CHR Extension: (TV) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2014-02-09] CHR Extension: (WOT) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-02-09] CHR Extension: (YouTube) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-09] CHR Extension: (My IP address) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccfphbgnmmhjfalloifioeeeokjemobf [2014-02-09] CHR Extension: (Adblock Plus) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-09] CHR Extension: (TrafficLight) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnpidifppmenkapgihekkeednfoenal [2014-02-09] CHR Extension: (Google Search) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-09] CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2014-09-18] CHR Extension: (Best Utility Apps) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnfkmehkjocihlfmcjkmdiekloihfaog [2014-02-09] CHR Extension: (VTchromizer) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbjojhplkelaegfbieplglfidafgoka [2014-02-09] CHR Extension: (Facebook Disconnect) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2014-02-09] CHR Extension: (BetaFish Adblocker) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-09] CHR Extension: (Bookmark Manager) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22] CHR Extension: (Pin It Button) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-01-16] CHR Extension: (LastPass: Free Password Manager) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-03-27] CHR Extension: (PDF Mergy) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha [2014-02-09] CHR Extension: (Subscriptions for YouTube™) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibcngljpkdlakkbhmbfhjabcblbcldbl [2015-02-27] CHR Extension: (ProxMate) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifalmiidchkjjmkkbkoaibpmoeichmki [2015-01-03] CHR Extension: (Dropbox) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-02-09] CHR Extension: (Interstellar) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\kackgkhdbldcojljaeoaghlhfbbldkil [2014-12-28] CHR Extension: (Translator Context) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdkohkdahffmjhcehilamblbpnjpmlo [2015-02-19] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13] CHR Extension: (Pinterest ™ ) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldekkfiehnegbjkcmalkfcgfecambndd [2014-02-09] CHR Extension: (Skype Click to Call) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-16] CHR Extension: (Google Maps) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-02-09] CHR Extension: (Ghostery) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-02-19] CHR Extension: (Google Wallet) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-09] CHR Extension: (Hover Zoom) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-03-16] CHR Extension: (Adblock Pro) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2014-02-09] CHR Extension: (QVIVO) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdmoikcfdlgffkebhcojlghnccgngbg [2015-02-27] CHR Extension: (Enhanced Steam) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2014-12-05] CHR Extension: (My IP address) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhoeoiodcebkkigjiooibeccnfmmkoe [2014-05-10] CHR Extension: (Gmail) - C:\Users\Kay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-09] CHR HKLM-x32\...\Chrome\Extension: [fknfdieimobmimhdkfkheeejenmdjhoe] - C:\Program Files (x86)\pandasecuritytb\chrome-newtab-search.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Kay\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2015-02-15] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [322176 2014-11-30] (Windows (R) Win 7 DDK provider) [File not signed] S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; d:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation) R2 MBAMService; d:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) S3 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed] R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) R2 ss_conn_service; D:\Program Files (x86)\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) S3 SophosVirusRemovalTool; D:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) R3 AmUHubftr; C:\Windows\System32\drivers\AmUHubftr.sys [25880 2013-12-20] (Alcor Micro, Corp.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-11-30] (Qualcomm Atheros) S3 Bulk1528; C:\Windows\System32\Drivers\Bulk1528.sys [17792 2009-10-20] (SunPlus) S2 Ca1528av; C:\Windows\System32\Drivers\Ca1528av.sys [533760 2008-12-17] (Digital Camera) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-27] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation) S3 MEMSWEEP2; C:\WINDOWS\system32\15E3.tmp [6144 2009-06-18] (Sophos Plc) [File not signed] R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) S1 UimBus; C:\Windows\System32\drivers\UimBus.sys [102664 2014-05-19] () S1 Uim_DEVIM; C:\Windows\System32\drivers\uim_devim.sys [25992 2014-05-19] () S1 Uim_IM; C:\Windows\System32\drivers\uim_im.sys [700296 2014-05-19] () R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-27 20:35 - 2015-04-27 20:35 - 00033031 _____ () C:\Users\Kay\Downloads\FRST.txt 2015-04-27 20:34 - 2015-04-27 20:35 - 00000000 ____D () C:\FRST 2015-04-27 20:34 - 2015-04-27 20:34 - 02100736 _____ (Farbar) C:\Users\Kay\Downloads\FRST64.exe 2015-04-27 20:34 - 2015-04-27 20:34 - 02100736 _____ (Farbar) C:\Users\Kay\Downloads\FRST64 (1).exe 2015-04-27 20:33 - 2015-04-27 20:33 - 00050477 _____ () C:\Users\Kay\Downloads\Defogger.exe 2015-04-27 20:33 - 2015-04-27 20:33 - 00000468 _____ () C:\Users\Kay\Downloads\defogger_disable.log 2015-04-26 20:17 - 2015-04-26 20:17 - 05008664 _____ (Adobe Systems Inc.) C:\Users\Kay\Downloads\Shockwave_Installer_Slim.exe 2015-04-26 20:17 - 2015-04-26 20:17 - 00000000 ____D () C:\WINDOWS\SysWOW64\Adobe 2015-04-26 20:12 - 2015-04-26 20:12 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\Kay\Downloads\flashplayer17_ha_install (1).exe 2015-04-26 18:46 - 2015-03-17 19:26 - 00467776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2015-04-26 18:46 - 2015-03-09 04:02 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys 2015-04-26 18:46 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll 2015-04-26 18:46 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll 2015-04-26 18:45 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll 2015-04-26 18:45 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll 2015-04-26 18:45 - 2015-03-14 04:03 - 04179968 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-04-26 18:45 - 2015-03-13 06:03 - 00239424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2015-04-26 18:45 - 2015-03-13 06:03 - 00154432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2015-04-26 18:45 - 2015-03-13 04:59 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2015-04-26 18:45 - 2015-03-13 04:38 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2015-04-26 18:45 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys 2015-04-26 18:45 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2015-04-26 18:45 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2015-04-26 18:45 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll 2015-04-26 18:45 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2015-04-26 18:45 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll 2015-04-26 18:45 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll 2015-04-26 18:45 - 2015-02-13 04:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2015-04-26 18:45 - 2015-02-13 03:46 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2015-04-26 18:45 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2015-04-25 10:47 - 2015-04-25 10:47 - 00000000 ___RD () C:\Users\Kay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2015-04-23 18:13 - 2015-04-23 18:13 - 00001484 _____ () C:\Users\Public\Desktop\LibreOffice 4.4.lnk 2015-04-23 18:13 - 2015-04-23 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.4 2015-04-23 17:50 - 2015-04-23 17:59 - 224325632 _____ () C:\Users\Kay\Downloads\LibreOffice_4.4.2_Win_x86.msi 2015-04-23 17:45 - 2015-04-26 20:00 - 00000000 ____D () C:\Users\Kay\Documents\Meike 2015-04-21 19:26 - 2015-04-21 19:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-04-19 14:23 - 2015-01-06 05:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys 2015-04-19 14:23 - 2015-01-06 04:59 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys 2015-04-19 14:23 - 2015-01-06 03:12 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll 2015-04-19 14:23 - 2015-01-06 03:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll 2015-04-15 15:46 - 2015-03-23 23:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-04-15 15:46 - 2015-03-23 23:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-04-15 15:46 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll 2015-04-15 15:46 - 2015-03-23 23:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-04-15 15:46 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll 2015-04-15 15:46 - 2015-03-20 06:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll 2015-04-15 15:46 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll 2015-04-15 15:46 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll 2015-04-15 15:46 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe 2015-04-15 15:46 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe 2015-04-15 15:46 - 2015-03-20 04:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll 2015-04-15 15:46 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll 2015-04-15 15:46 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2015-04-15 15:46 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2015-04-15 15:46 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2015-04-15 15:46 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll 2015-04-15 15:46 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll 2015-04-15 15:46 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll 2015-04-15 15:46 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2015-04-15 15:46 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2015-04-15 15:46 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2015-04-15 15:46 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2015-04-15 15:46 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2015-04-15 15:46 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2015-04-15 15:46 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2015-04-15 15:46 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2015-04-15 15:46 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2015-04-15 15:46 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2015-04-15 15:46 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2015-04-15 15:46 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2015-04-15 15:46 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-04-15 15:46 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-04-15 15:46 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-04-15 15:46 - 2015-03-13 05:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-04-15 15:46 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-04-15 15:46 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-04-15 15:46 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-04-15 15:46 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-04-15 15:46 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-04-15 15:46 - 2015-03-13 05:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-04-15 15:46 - 2015-03-13 05:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-04-15 15:46 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2015-04-15 15:46 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-04-15 15:46 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-04-15 15:46 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll 2015-04-15 15:46 - 2015-03-13 04:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-04-15 15:46 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-04-15 15:46 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-04-15 15:46 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-04-15 15:46 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll 2015-04-15 15:46 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-04-15 15:46 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-04-15 15:46 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-04-15 15:46 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-04-15 15:46 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-04-15 15:46 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-04-15 15:46 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2015-04-15 15:46 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll 2015-04-15 15:46 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll 2015-04-15 15:46 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2015-04-08 19:32 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2015-04-08 19:32 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2015-04-08 19:32 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2015-04-08 19:32 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2015-04-08 19:32 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2015-04-08 19:32 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2015-04-08 19:32 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2015-04-08 19:32 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll 2015-04-07 19:31 - 2015-04-07 19:31 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\WinRAR 2015-04-07 19:31 - 2015-04-07 19:31 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-04-07 19:31 - 2015-04-07 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-04-07 19:31 - 2010-10-17 17:46 - 00000000 ____D () C:\Users\Kay\Documents\Turbine 2015-04-07 19:31 - 2010-10-12 14:17 - 00000000 ____D () C:\Users\Kay\Documents\Betsiel 2015-04-07 19:30 - 2015-04-07 19:31 - 00000000 ____D () C:\Program Files\WinRAR 2015-04-07 19:30 - 2015-04-07 19:30 - 02058768 _____ () C:\Users\Kay\Downloads\winrar-x64-521d.exe 2015-04-07 19:29 - 2015-04-07 19:29 - 00029357 _____ () C:\Users\Kay\Downloads\FilterBag.rar 2015-04-07 17:52 - 2015-04-07 17:52 - 00000000 ____D () C:\Users\Kay\AppData\Local\PluginCompendium 2015-04-07 17:49 - 2015-04-11 18:18 - 00003059 _____ () C:\Users\Kay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plugin Compendium.lnk 2015-04-07 17:47 - 2015-04-07 17:47 - 01116025 _____ () C:\Users\Kay\Downloads\PluginCompendiumSetup-1.0.3.0.zip 2015-04-04 19:47 - 2015-04-04 19:47 - 00000000 ____D () C:\Users\Kay\AppData\Local\Chromium 2015-04-04 19:44 - 2015-04-08 19:53 - 00000000 ____D () C:\Users\Kay\AppData\Local\The Lord of the Rings Online 2015-04-04 17:05 - 2015-04-04 17:05 - 00281728 _____ () C:\WINDOWS\Minidump\040415-21484-01.dmp 2015-04-04 15:05 - 2015-04-04 15:05 - 00000000 ____D () C:\Users\Kay\AppData\Local\Akamai 2015-04-04 15:04 - 2015-04-04 18:27 - 00000000 ____D () C:\Users\Kay\AppData\Local\Turbine 2015-04-04 15:03 - 2015-04-12 14:44 - 00000000 ____D () C:\Users\Kay\Documents\The Lord of the Rings Online 2015-04-04 15:03 - 2015-04-04 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbine 2015-04-04 15:02 - 2015-04-04 15:03 - 64386312 _____ (Turbine, Inc. ) C:\Users\Kay\Downloads\lotrolive.exe 2015-04-02 20:31 - 2015-04-02 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-04-02 19:14 - 2015-04-02 19:14 - 02210270 _____ () C:\Users\Kay\Downloads\wsusoffline954.zip 2015-03-31 16:06 - 2015-03-31 16:06 - 00000000 ____D () C:\Users\Kay\Desktop\Alte Firefox-Daten 2015-03-31 15:42 - 2015-03-31 15:42 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX 2015-03-31 15:42 - 2015-03-31 15:42 - 00000000 ___SD () C:\WINDOWS\system32\GWX 2015-03-31 15:40 - 2015-04-09 17:34 - 00004532 _____ () C:\WINDOWS\PFRO.log 2015-03-30 17:09 - 2015-03-30 17:09 - 00243648 _____ () C:\Users\Kay\Downloads\Firefox Setup Stub 36.0.4.exe 2015-03-30 16:58 - 2015-03-30 16:58 - 05344528 _____ (Piriform Ltd) C:\Users\Kay\Downloads\ccsetup504.exe 2015-03-30 16:32 - 2015-03-30 16:39 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-03-30 16:31 - 2015-03-30 16:31 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Kay\Downloads\mbar-1.09.1.1004.exe 2015-03-30 16:29 - 2015-03-30 16:31 - 00000000 ____D () C:\Users\Kay\Downloads\RootkitRevealer 2015-03-30 16:29 - 2015-03-30 16:29 - 00231390 _____ () C:\Users\Kay\Downloads\RootkitRevealer.zip 2015-03-30 16:02 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\WINDOWS\system32\15E3.tmp 2015-03-30 15:59 - 2015-03-30 16:53 - 00000000 ____D () C:\Program Files (x86)\Sophos 2015-03-30 15:59 - 2015-03-30 15:59 - 01339288 _____ () C:\Users\Kay\Downloads\sar_15_sfx.exe 2015-03-30 15:59 - 2009-06-18 12:54 - 00006144 ____N (Sophos Plc) C:\WINDOWS\system32\F208.tmp 2015-03-29 19:04 - 2015-04-04 16:08 - 00016338 _____ () C:\Users\Kay\Desktop\Tai Chi Chuan – Yang Stile nach Ip Tai Tak.ods ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-27 20:34 - 2014-01-20 22:19 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-27 20:20 - 2014-03-16 13:40 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1888364831-2858631773-2981139133-1001UA.job 2015-04-27 20:20 - 2014-03-16 13:40 - 00001078 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1888364831-2858631773-2981139133-1001Core.job 2015-04-27 20:11 - 2015-03-18 16:12 - 01961252 _____ () C:\WINDOWS\WindowsUpdate.log 2015-04-27 18:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-04-27 17:56 - 2015-01-22 20:52 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-04-27 17:51 - 2014-10-26 16:05 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{687F2EEC-A316-484A-B958-97FEC835D3B2} 2015-04-27 17:48 - 2014-01-20 21:52 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1888364831-2858631773-2981139133-1001 2015-04-27 17:47 - 2014-02-20 14:54 - 00000000 ___DO () C:\Users\Kay\SkyDrive 2015-04-27 17:46 - 2013-11-14 09:26 - 01767420 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-04-27 17:46 - 2013-11-14 09:11 - 00757720 _____ () C:\WINDOWS\system32\perfh007.dat 2015-04-27 17:46 - 2013-11-14 09:11 - 00155508 _____ () C:\WINDOWS\system32\perfc007.dat 2015-04-27 17:43 - 2015-03-24 18:45 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-04-27 17:43 - 2014-01-20 22:19 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-27 17:41 - 2015-03-27 15:36 - 00004543 _____ () C:\WINDOWS\setupact.log 2015-04-27 17:41 - 2015-03-01 11:40 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\ClassicShell 2015-04-27 17:41 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-04-27 17:41 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-04-26 21:33 - 2014-03-22 16:30 - 00000000 ____D () C:\Users\Kay\Documents\WISO Mein Geld 2015-04-26 20:14 - 2014-10-17 21:33 - 00000000 ____D () C:\Users\Kay\AppData\Local\Adobe 2015-04-26 20:13 - 2015-01-22 20:52 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-04-26 18:56 - 2013-08-22 16:44 - 00549272 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-04-26 18:46 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2015-04-26 18:46 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers 2015-04-26 18:46 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-04-26 12:17 - 2015-02-14 17:51 - 00000000 ____D () C:\Users\Kay\AppData\Local\CrashDumps 2015-04-26 12:17 - 2014-05-07 19:37 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\vlc 2015-04-25 10:48 - 2015-03-12 15:20 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\dvdcss 2015-04-23 19:51 - 2014-07-02 17:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-04-23 18:13 - 2014-03-27 13:46 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4 2015-04-23 18:13 - 2014-02-24 22:22 - 00336896 ___SH () C:\Users\Kay\Desktop\Thumbs.db 2015-04-18 16:35 - 2014-01-20 22:20 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-04-17 15:59 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-04-16 20:44 - 2014-02-20 14:49 - 00000000 ____D () C:\Users\Kay 2015-04-16 20:43 - 2014-01-20 22:56 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\Skype 2015-04-16 19:30 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-04-15 16:12 - 2014-05-10 14:38 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-04-15 16:12 - 2014-01-20 22:10 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-04-15 16:08 - 2014-01-20 22:10 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-04-15 16:07 - 2013-08-22 15:25 - 00000167 _____ () C:\WINDOWS\win.ini 2015-04-14 01:24 - 2013-08-22 17:38 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-04-14 01:24 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-04-11 18:18 - 2014-12-03 18:33 - 00000000 ____D () C:\Users\Kay\Desktop\Spiele 2015-04-09 18:05 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppCompat 2015-04-08 20:47 - 2014-04-04 17:44 - 00000000 ____D () C:\Users\Kay\AppData\Local\Battle.net 2015-04-08 19:32 - 2014-12-10 17:37 - 00000000 ____D () C:\WINDOWS\system32\appraiser 2015-04-08 19:32 - 2014-07-15 16:13 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2015-04-08 19:29 - 2014-04-04 16:10 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2015-04-07 17:14 - 2014-12-11 18:06 - 00190464 ___SH () C:\Users\Kay\Documents\Thumbs.db 2015-04-07 16:50 - 2015-02-14 11:57 - 00000000 ____D () C:\Users\Kay\AppData\Local\HP 2015-04-04 17:05 - 2015-03-27 20:50 - 00000000 ____D () C:\WINDOWS\Minidump 2015-04-04 15:03 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-04-02 21:01 - 2015-02-23 23:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2015-04-02 21:01 - 2015-02-15 19:21 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\Samsung 2015-04-02 21:01 - 2015-02-15 19:21 - 00000000 ____D () C:\Users\Kay\AppData\Local\Samsung 2015-04-02 21:01 - 2015-02-15 19:09 - 00000000 ____D () C:\ProgramData\Samsung 2015-04-02 20:48 - 2014-09-30 15:56 - 00000000 ____D () C:\Users\Kay\AppData\Local\Deployment 2015-04-02 20:48 - 2014-09-18 14:43 - 00000000 ____D () C:\Users\Kay\AppData\Local\Glyph 2015-04-02 20:48 - 2014-09-18 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph 2015-03-30 17:08 - 2015-03-24 19:05 - 00000000 ____D () C:\Users\Kay\Desktop\Sicherheit 2015-03-30 16:58 - 2015-03-01 11:44 - 00000000 ____D () C:\Program Files\CCleaner 2015-03-30 16:56 - 2015-01-01 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thrustmaster 2015-03-30 16:40 - 2015-02-14 11:58 - 00000000 ____D () C:\Program Files (x86)\HP 2015-03-30 16:39 - 2015-03-27 21:20 - 00000406 _____ () C:\DelFix.txt 2015-03-30 16:32 - 2015-03-24 18:45 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys ==================== Files in the root of some directories ======= 2014-01-20 23:03 - 2014-10-06 18:29 - 13024768 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe 2014-10-04 14:43 - 2014-10-04 14:43 - 0001285 _____ () C:\Users\Kay\AppData\Local\recently-used.xbel 2014-02-22 20:41 - 2014-02-22 20:41 - 0210145 _____ () C:\ProgramData\1393094319.bdinstall.bin 2015-03-21 14:06 - 2015-03-21 14:06 - 0037755 _____ () C:\ProgramData\1426939573.bdinstall.bin 2015-03-21 14:06 - 2015-03-21 14:06 - 0098733 _____ () C:\ProgramData\1426939582.bdinstall.bin 2015-02-14 11:57 - 2015-02-14 11:57 - 0000057 _____ () C:\ProgramData\Ament.ini 2015-02-12 19:15 - 2015-02-12 19:15 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-11-06 16:41 - 2014-11-28 14:36 - 0000215 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc Files to move or delete: ==================== C:\Users\Kay\fbchathistory.dat Some content of TEMP: ==================== C:\Users\Kay\AppData\Local\Temp\AFWOESQAP.exe C:\Users\Kay\AppData\Local\Temp\FZYVGIVTUMMXC.exe C:\Users\Kay\AppData\Local\Temp\HKUXA.exe C:\Users\Kay\AppData\Local\Temp\KURBHFG.exe C:\Users\Kay\AppData\Local\Temp\Quarantine.exe C:\Users\Kay\AppData\Local\Temp\sqlite3.dll C:\Users\Kay\AppData\Local\Temp\tmp5FCD.exe C:\Users\Kay\AppData\Local\Temp\unrar.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-26 21:13 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2015 01
Ran by *** at 2015-04-27 20:35:45
Running from C:\Users\***\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1888364831-2858631773-2981139133-500 - Administrator - Disabled)
Gast (S-1-5-21-1888364831-2858631773-2981139133-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1888364831-2858631773-2981139133-1003 - Limited - Enabled)
*** (S-1-5-21-1888364831-2858631773-2981139133-1001 - Administrator - Enabled) => C:\Users\***
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
„Der Herr der Ringe Online™“ v1301.0055.0535.4025 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 1301.0055.0535.4025 - Turbine, Inc.)
7-Zip 9.20 (HKLM-x32\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7.1 64-bit (HKLM\...\{BC86B82C-8C0E-4408-9AC1-6B0F2D636963}) (Version: 5.7.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Alcor Micro Generic Hub Filter Driver (HKLM-x32\...\AmUHubftr) (Version: 2.0.11.0 - Alcor Micro Corp.)
Alcor Micro Generic Hub Filter Driver (x32 Version: 2.0.11.0 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.26.3317.04170 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (x32 Version: 20.26.3317.04170 - Alcor Micro Corp.) Hidden
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Double Action: Boogaloo (HKLM-x32\...\Steam App 317360) (Version: - Double Action Factory)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version: - Trendy Entertainment)
DxO Optics Pro 7 (HKLM\...\{64579E10-6249-4BB1-B1D1-8EF55042DB45}) (Version: 7.5.5 - DxO Labs)
Elite Dangerous Launcher version 0.4.2220.0 (HKLM-x32\...\{696F8871-C91D-4CB1-825D-36BE18065575}_is1) (Version: 0.4.2220.0 - Frontier Developments)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\Google+ Auto Backup) (Version: 1.0.27.161 - Google, Inc.)
HP Photosmart Plus B210 series - Grundlegende Software für das Gerät (HKLM\...\{1686185A-3D85-428D-8786-ACB403B9D420}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart Plus B210 series Hilfe (HKLM-x32\...\{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}) (Version: 140.0.54.54 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Inkscape 0.48.5 (HKLM-x32\...\Inkscape) (Version: 0.48.5 - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
LastPass (Nur deinstallieren) (HKLM-x32\...\LastPass) (Version: - LastPass)
LibreOffice 4.4.2.2 (HKLM-x32\...\{99A395EF-A310-40BB-B7A3-E3FF07CC38FC}) (Version: 4.4.2.2 - The Document Foundation)
LOTRO Plugin Compendium (HKLM-x32\...\{3BF7818D-2482-4676-A237-915A11A97847}) (Version: 1.0.3 - Lunarwater)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\MyFreeCodec) (Version: - )
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.336 - Qualcomm Atheros Communications)
Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.35.0 - Ralink)
RawTherapee Version 4.1 (HKLM\...\{128459AB-59A7-430A-8BD0-3D8803D50400}_is1) (Version: 4.1 - rawtherapee.com)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.37.1119.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7383 - Realtek Semiconductor Corp.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15022.8 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15022.8 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Sigils of Elohim (HKLM-x32\...\Steam App 321480) (Version: - Croteam)
Ski Challenge 15 (HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\sc15-GAMETWIST_MAIN) (Version: - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SPCA1528 PC Driver (HKLM-x32\...\{570C2A84-A145-4DF0-AE9D-012584DF09DC}) (Version: 2.2.4.0 - )
Spore (HKLM-x32\...\Steam App 17390) (Version: - Maxis™)
Spore: Creepy & Cute Parts Pack (HKLM-x32\...\Steam App 17440) (Version: - Maxis™)
Spore: Galactic Adventures (HKLM-x32\...\Steam App 24720) (Version: - EA - Maxis)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Thrustmaster Force Feedback Driver (HKLM-x32\...\{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}) (Version: 2.FFD.2009 - Thrustmaster)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 8.51a - Ghisler Software GmbH)
Unity Web Player (HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WEB.DE Club SmartFax (HKLM-x32\...\WEB.DE Club SmartFax) (Version: 2.00.235 - 1&1 Mail & Media GmbH)
WEB.DE Online-Speicher 1.11.4174.0 (HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\WEB.DE Application {sync-000021}) (Version: 1.11.4174.0 - 1&1 Mail & Media GmbH)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WISO Mein Geld 2015 Professional .NET (HKLM-x32\...\WISO Mein Geld 2015 Professional .NET) (Version: - Buhl Data Service GmbH)
WISO Mein Geld 2015 Professional .NET (x32 Version: 20.0.0.0 - Buhl Data Service GmbH) Hidden
WISO Steuer-Sparbuch 2014 (HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\{E1438C8A-2806-4C22-89EE-5A4B24A91358}) (Version: 21.04.8571 - Buhl Data Service GmbH)
XP Codec Pack (HKLM-x32\...\XP Codec Pack) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1888364831-2858631773-2981139133-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\***\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1888364831-2858631773-2981139133-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\***\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
==================== Restore Points =========================
19-04-2015 14:23:15 Windows Update
23-04-2015 18:08:28 Installed LibreOffice 4.4.2.2
26-04-2015 18:46:09 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {010E7686-1413-4B97-B29D-1346B0475713} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {011B42D3-DFDF-4C79-BC17-EF6717F44986} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1888364831-2858631773-2981139133-1001UA => C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-16] (Google Inc.)
Task: {12B50314-F009-4C5B-939B-73CCCD536726} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {13896B67-0FCD-42C2-A928-DC02BAFFFCAD} - System32\Tasks\{6644215F-D573-4448-B8E2-12B972183707} => pcalua.exe -a "C:\Program Files (x86)\pandasecuritytb\uninstall.exe"
Task: {187B46F7-A8B8-4F63-94EF-393FD2B00E9E} - System32\Tasks\{70F927D6-EBE1-457D-A298-444941E8E902} => pcalua.exe -a "C:\Users\***\Desktop\Galaxy S3 - Mini\SAMSUNG_USB_Driver_for_Mobile_Phones.exe" -d "C:\Users\***\Desktop\Galaxy S3 - Mini"
Task: {223F329D-8215-47C4-AA31-63FB0AA849B8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {2F19BF84-ECD9-489B-B717-18E7D00AD177} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => Rundll32.exe url.dll,OpenURL e:\e67415113b809610ca462725cd5d34\ipoint\Setup64\Files\1031\Deu.rtf
Task: {32B7C5A6-BB23-410F-B2AE-CBB4CC1E0E3D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {3AF644C2-3E4D-4A96-8523-77213AB94E38} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1888364831-2858631773-2981139133-1001Core => C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-16] (Google Inc.)
Task: {429F3195-6748-4F5E-96B8-3E37FA18CCE7} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {4679C4EE-C734-4604-BD63-6160E8463D64} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {53F8794E-726C-4A97-9BB8-347ECDC5CB94} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {5A73AB7F-ABDA-4DEA-ACE4-066E9E744A0C} - System32\Tasks\{A8A0A7FB-B363-4CBD-91B8-947FA6EA8EAA} => pcalua.exe -a C:\Users\***\Downloads\k30v106.EXE -d C:\Users\***\Downloads
Task: {A5E82587-9B7C-48C7-9AC0-1CB1E18567C4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {B671B73A-6466-4C62-8944-AB4234A03A18} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {C1A592A2-0BE6-40DF-8D3F-C4054E83B55A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {C21A6710-6FA5-4A4D-A3DF-E78657BB0A88} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {CCD12F32-F26B-4D65-AC15-47067E5AFC39} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-26] (Adobe Systems Incorporated)
Task: {E4DB78B9-F79B-43E6-ADAA-5FFD26A4E94B} - System32\Tasks\drivers => C:\Program Files (x86)\UpdateStar Drivers\drivers.exe
Task: {E6473095-90EA-4F76-8B45-7E3BF6D1CCF9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-20] (Google Inc.)
Task: {F6FDE532-F25A-40C7-AAAF-B33AF91282B9} - System32\Tasks\{2B43B2A3-A783-4ECE-BEF2-BEE44272E399} => pcalua.exe -a "C:\Users\***\Desktop\Galaxy3 Mini - Android Update\SAMSUNG_USB_Driver (1)\SAMSUNG_USB_Driver_for_Mobile_Phones.exe" -d "C:\Users\***\Desktop\Galaxy3 Mini - Android Update\SAMSUNG_USB_Driver (1)"
Task: {F8B7D53C-30BE-4304-A3B5-8FF174B4638A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-20] (Google Inc.)
Task: {FA170A4D-7F12-467C-93EF-E7E6B2C86269} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1888364831-2858631773-2981139133-1001Core.job => C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1888364831-2858631773-2981139133-1001UA.job => C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-05-10 14:26 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-11-30 19:28 - 2014-11-30 19:28 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-11-30 19:24 - 2014-11-30 19:24 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2014-11-30 19:30 - 2014-11-30 19:30 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-07-30 11:38 - 2014-07-30 11:38 - 00121363 _____ () d:\Program Files\VideoLAN\VLC\libvlc.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 02524691 _____ () d:\Program Files\VideoLAN\VLC\libvlccore.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00713235 _____ () d:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00031251 _____ () d:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00034323 _____ () d:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00070163 _____ () d:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 02376211 _____ () d:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00106515 _____ () d:\Program Files\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00263699 _____ () d:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00080915 _____ () d:\Program Files\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00051219 _____ () d:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00063507 _____ () d:\Program Files\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00608275 _____ () d:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 01022995 _____ () d:\Program Files\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00125459 _____ () d:\Program Files\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00043539 _____ () d:\Program Files\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00017427 _____ () d:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00140307 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 02218003 _____ () d:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00318995 _____ () d:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 01470995 _____ () d:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00058387 _____ () d:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00043027 _____ () d:\Program Files\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00190995 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00091667 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 12501523 _____ () d:\Program Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00071187 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00123923 _____ () d:\Program Files\VideoLAN\VLC\plugins\access\libaccess_http_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00081939 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00028179 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00085523 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00018963 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libtta_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00025619 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00024595 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libwav_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 01261075 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libsid_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00126483 _____ () d:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00152595 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libogg_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 01739283 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00017939 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libdirac_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00928787 _____ () d:\Program Files\VideoLAN\VLC\plugins\access\liblive555_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00023571 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libsmf_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00021011 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libpva_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00017939 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libxa_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00018963 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00021011 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libvoc_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00017939 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libau_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00574483 _____ () d:\Program Files\VideoLAN\VLC\plugins\demux\libgme_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00039955 _____ () d:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00330771 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00019475 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00192019 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00833555 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00019475 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00025619 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00024595 _____ () d:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00035859 _____ () d:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00024083 _____ () d:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00071699 _____ () d:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00042003 _____ () d:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00021523 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00023059 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00029715 _____ () d:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00028691 _____ () d:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00021523 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00085523 _____ () d:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00022035 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00341011 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00021523 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 01505811 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00023059 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00417811 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00230931 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00029715 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 01745427 _____ () d:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00017427 _____ () d:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00023059 _____ () d:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00139795 _____ () d:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00186387 _____ () d:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00081939 _____ () d:\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 01506835 _____ () d:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00025619 _____ () d:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00016915 _____ () d:\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00017939 _____ () d:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00017939 _____ () d:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00017427 _____ () d:\Program Files\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00018963 _____ () d:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
2014-07-30 11:38 - 2014-07-30 11:38 - 00029715 _____ () d:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
2015-02-19 21:34 - 2014-01-10 18:21 - 00082944 ____R () C:\Program Files (x86)\Ralink\Common\ndisflt.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-03-31 16:08 - 2015-03-31 16:08 - 01020928 _____ () C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xj48727q.default-1427810809798\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2015-04-18 16:35 - 2015-04-13 23:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-18 16:35 - 2015-04-13 23:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\***\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\***\Downloads\2009_FFD_2.exe:BDU
AlternateDataStreams: C:\Users\***\Downloads\br2014Free101.exe:BDU
AlternateDataStreams: C:\Users\***\Downloads\ClassicShellSetup_4_1_0.exe:BDU
AlternateDataStreams: C:\Users\***\Downloads\DNGConverter_8_7_1.exe:BDU
AlternateDataStreams: C:\Users\***\Downloads\Kies3Setup.exe:BDU
AlternateDataStreams: C:\Users\***\Downloads\KiesSetup.exe:BDU
AlternateDataStreams: C:\Users\***\Downloads\PSB210_1315-1.exe:BDU
AlternateDataStreams: C:\Users\***\Downloads\xq2pnrwj.exe:BDU
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SophosVirusRemovalTool => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\Control Panel\Desktop\\Wallpaper -> E:\Bilder\Wallpapers\IMGP0918-1.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "StartCCC"
HKLM\...\StartupApproved\Run: => "IntelliPoint"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "ThrustTSR"
HKLM\...\StartupApproved\Run32: => "WISO Mein Geld 2015 Professional .NET"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\StartupApproved\StartupFolder: => "WISO Mein Steuer-Sparbuch heute.lnk"
HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\StartupApproved\Run: => "Google+ Auto Backup"
HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\StartupApproved\Run: => "Ubuntu One Icon"
HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\StartupApproved\Run: => "Ubuntu One"
HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\StartupApproved\Run: => "WEB.DE Application {sync-000021}"
HKU\S-1-5-21-1888364831-2858631773-2981139133-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [RemoteDesktop-Shadow-In-TCP] => (Allow) %SystemRoot%\system32\RdpSa.exe
FirewallRules: [WFDPRINT-DAFWSD-Out-Active] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [WFDPRINT-DAFWSD-In-Active] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [PlayTo-In-RTSP-PlayToScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-RTSP-LocalSubnetScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-RTSP-NoScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-Out-UDP-PlayToScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-Out-UDP-LocalSubnetScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-UDP-PlayToScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-UDP-LocalSubnetScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [TPMVSCMGR-Server-Out-TCP] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [TPMVSCMGR-Server-In-TCP] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [TPMVSCMGR-Server-Out-TCP-NoScope] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [TPMVSCMGR-Server-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\RmtTpmVscMgrSvr.exe
FirewallRules: [EventForwarder-In-TCP] => (Allow) %SystemRoot%\system32\NetEvtFwdr.exe
FirewallRules: [NETDIS-DAS-In-UDP] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [NETDIS-DAS-In-UDP-Active] => (Allow) %SystemRoot%\system32\dashost.exe
FirewallRules: [ProximityUxHost-Sharing-Out-TCP-NoScope] => (Allow) %SystemRoot%\system32\proximityuxhost.exe
FirewallRules: [ProximityUxHost-Sharing-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\proximityuxhost.exe
FirewallRules: [Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper] => (Allow) %systemroot%\system32\wininit.exe
FirewallRules: [Wininit-Shutdown-In-Rule-TCP-RPC] => (Allow) %systemroot%\system32\wininit.exe
FirewallRules: [TCP Query User{00AF6728-F0B0-4052-AE5F-8B3077E3FC0C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{3C7AE69E-2733-4B32-86AE-9547DC1ADB4C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{BE9AE20E-9FF2-43C6-B1D5-B9D9F47469F4}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2D215BD9-891E-4FA9-8DC3-65A0D9668FF4}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{52C4A13B-C420-49DA-8CA1-97373B940B41}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{D6281D2C-5F85-4386-B9A0-A660F06C8B76}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{F0D2E862-1A47-4408-AF35-5F27AAC4DC22}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{2AA1DFD6-312E-4DD9-B109-C20E0ECCA36A}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [TCP Query User{D81D86BC-E0B3-45BF-A894-6D9C2A82E449}C:\users\***\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\***\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{3CB4847B-E1E0-48F0-8699-4E71C654CE55}C:\users\***\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\***\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{EDCDA70B-DF1A-48F3-BD4E-B9F2853EDF8E}D:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe] => (Allow) D:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe
FirewallRules: [UDP Query User{E6EE7A41-8A78-4ABD-80E9-3FA2D53AF160}D:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe] => (Allow) D:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe
FirewallRules: [{7C6A2AAD-7F73-44E4-8E0C-F996237331A9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BE376B36-920A-4902-82BE-6CF699D14293}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{8E4C68F3-525B-491B-9D9A-273394BFC787}C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [UDP Query User{E00CD392-19D4-434B-A05F-84142498B2F2}C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [TCP Query User{71C511BF-12BB-4651-9031-6688F51B8BF9}C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{390EC187-5C6C-4A45-8FEA-AAEA00AF3977}C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe
FirewallRules: [TCP Query User{4D23AC9C-24EF-4146-B952-3A1065E63EC7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{3D1DE240-0821-41A5-B028-7F55E3D43906}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{13DFE2D0-73A5-4A69-A21D-93EF4184CE6F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{767917D7-DC42-4B63-B01E-44195DA16C3C}C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{FDBEA3A4-5B6A-4A48-BB4B-16D2C151F6C3}C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe
==================== Faulty Device Manager Devices =============
Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8168
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Bluetooth-Gerät (RFCOMM-Protokoll-TDI)
Description: Bluetooth-Gerät (RFCOMM-Protokoll-TDI)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RFCOMM
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Bluetooth-Gerät (PAN)
Description: Bluetooth-Gerät (PAN)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/27/2015 05:41:12 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "select * from __InstanceModificationEvent where targetinstance isa '__ArbitratorConfiguration'" konnte im Namespace "//./root" aufgrund des Fehlers "0x80041033" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (04/26/2015 09:13:47 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "(H:)" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (04/26/2015 00:31:03 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "\\?\Volume{40074772-7e2b-407c-8063-16df5dc9932e}\" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (04/26/2015 00:30:38 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "(H:)" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (04/26/2015 00:24:24 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "(H:)" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (04/26/2015 00:17:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005473b
ID des fehlerhaften Prozesses: 0x1570
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Vollständiger Name des fehlerhaften Pakets: vlc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: vlc.exe5
Error: (04/26/2015 11:56:08 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "(H:)" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (04/25/2015 08:54:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17736, Zeitstempel: 0x550f4336
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005473b
ID des fehlerhaften Prozesses: 0x2f48
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Vollständiger Name des fehlerhaften Pakets: vlc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: vlc.exe5
Error: (04/25/2015 01:21:40 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "\\?\Volume{40074772-7e2b-407c-8063-16df5dc9932e}\" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (04/25/2015 01:08:58 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "(H:)" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
System errors:
=============
Error: (04/27/2015 08:08:40 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 20. Der Windows-SChannel-Fehlerstatus lautet: 960.
Error: (04/27/2015 05:41:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SPCA1528 Video Camera Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error: (04/27/2015 05:39:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SPCA1528 Video Camera Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error: (04/26/2015 06:56:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SPCA1528 Video Camera Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error: (04/26/2015 06:30:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SPCA1528 Video Camera Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error: (04/26/2015 11:33:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SPCA1528 Video Camera Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error: (04/25/2015 01:53:04 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (04/25/2015 10:45:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SPCA1528 Video Camera Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error: (04/24/2015 07:55:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SPCA1528 Video Camera Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error: (04/24/2015 04:04:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "SPCA1528 Video Camera Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Microsoft Office Sessions:
=========================
Error: (04/27/2015 05:41:12 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./rootselect * from __InstanceModificationEvent where targetinstance isa '__ArbitratorConfiguration'0x80041033
Error: (04/26/2015 09:13:47 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: (H:)Falscher Parameter. (0x80070057)
Error: (04/26/2015 00:31:03 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: \\?\Volume{40074772-7e2b-407c-8063-16df5dc9932e}\Falscher Parameter. (0x80070057)
Error: (04/26/2015 00:30:38 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: (H:)Falscher Parameter. (0x80070057)
Error: (04/26/2015 00:24:24 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: (H:)Falscher Parameter. (0x80070057)
Error: (04/26/2015 00:17:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.3.9600.17736550f4336c0000005000000000005473b157001d0800a2abe018dd:\Program Files\VideoLAN\VLC\vlc.exeC:\WINDOWS\SYSTEM32\ntdll.dll6b264054-ebfd-11e4-8048-88f97f675951
Error: (04/26/2015 11:56:08 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: (H:)Falscher Parameter. (0x80070057)
Error: (04/25/2015 08:54:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.3.9600.17736550f4336c0000005000000000005473b2f4801d07f73d31db526d:\Program Files\VideoLAN\VLC\vlc.exeC:\WINDOWS\SYSTEM32\ntdll.dll82d39ae9-eb7c-11e4-8047-e8760068cc4d
Error: (04/25/2015 01:21:40 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: \\?\Volume{40074772-7e2b-407c-8063-16df5dc9932e}\Falscher Parameter. (0x80070057)
Error: (04/25/2015 01:08:58 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: (H:)Falscher Parameter. (0x80070057)
CodeIntegrity Errors:
===================================
Date: 2015-04-26 11:56:35.795
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2015-04-26 11:56:35.472
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2015-04-26 11:56:35.147
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2015-04-26 11:56:34.875
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2015-04-26 11:56:34.579
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2015-04-26 11:56:34.018
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2015-04-25 12:34:01.659
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2015-04-25 12:34:00.976
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2015-04-25 12:34:00.478
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
Date: 2015-04-25 12:33:59.960
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Emsisoft Anti-Malware\a2hooks32.dll that did not meet the Store signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz
Percentage of memory in use: 40%
Total physical RAM: 8159.15 MB
Available physical RAM: 4854.77 MB
Total Pagefile: 16351.15 MB
Available Pagefile: 12480.68 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:75.22 GB) (Free:16.55 GB) NTFS
Drive d: (Win) (Fixed) (Total:270.45 GB) (Free:46.25 GB) NTFS
Drive e: (Elements) (Fixed) (Total:465.64 GB) (Free:282.52 GB) FAT32
Drive h: () (Fixed) (Total:0.49 GB) (Free:0.48 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 000AB2A8)
Partition: GPT Partition Type.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BDD4B8D6)
Partition 1: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.3 GB) - (Type=83)
========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 8D399BC0)
Partition 1: (Active) - (Size=465.8 GB) - (Type=0C)
==================== End Of Log ============================
Rechner friert vollständig ein. Kein An-/Aus-Schalter, kein "Affengriff". Noch nicht mal der Reset-Knopf geht. Und der geht durchaus. Habs getestet. Freue mich wieder mal über Hilfe... LG verrant |
| Themen zu Re-Infekt mit Malaha.net und diverse Beobachtungen |
| adobe, adware, akamai, browser, ccsetup, defender, explorer, feedback, firefox, flash player, format, geld, google, helper, homepage, install.exe, mozilla, photoshop, rundll, scan, services.exe, software, svchost.exe, system, tracker, usb, warnung, windows, wiso |
Baum-Darstellung