| problemkind0 | 23.12.2014 15:55 |
Danke! Hier das Ergebnis des Scans:
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-12-2014 01
Ran by Home (administrator) on HOME-PC on 23-12-2014 15:43:32
Running from C:\Users\Home\Desktop
Loaded Profile: Home (Available profiles: Home)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-07-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4226526693-3076783858-1981787605-1000\...\MountPoints2: {212b2673-710f-11e2-92cf-002618bcb0a1} - J:\pushinst.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-4226526693-3076783858-1981787605-1000] => 95.159.105.2:3128
HKU\S-1-5-21-4226526693-3076783858-1981787605-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4226526693-3076783858-1981787605-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL No File [ ]
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\6x6t14os.default
FF Homepage: about:home
FF NetworkProxy: "backup.ftp", "110.77.137.220"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "110.77.137.220"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "110.77.137.220"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "213.181.73.145"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "213.181.73.145"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "213.181.73.145"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-4226526693-3076783858-1981787605-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Home\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdjvu.dll (LizardTech)
FF Extension: Fast Video Download - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\6x6t14os.default\Extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi [2013-04-03]
FF Extension: Adblock Plus - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\6x6t14os.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-01-01]
Chrome:
=======
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-27]
CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03]
CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-27]
CHR Extension: (Google-Suche) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-27]
CHR Extension: (Video Downloader professional) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2014-07-27]
CHR Extension: (iSnap - inoffizieller client for snapchat™) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkcinnjkbadjnadeikbfifiifppgebfo [2014-08-12]
CHR Extension: (Google Wallet) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-27]
CHR Extension: (Google Mail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-27]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
S2 Winmgmt; C:\PROGRA~2\CACDC436A.cpp [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [28256 2011-06-26] (Applian Technologies Inc.)
R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [28256 2011-06-26] (Applian Technologies Inc.)
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-01-26] (AVM Berlin) [File not signed]
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2007-01-26] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 MpKsl20492a5f; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DDB14F19-4FD9-447C-889D-31AA98D00E94}\MpKsl20492a5f.sys [39464 2014-12-23] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [7680 2006-10-18] ()
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-23 15:43 - 2014-12-23 15:44 - 00011183 _____ () C:\Users\Home\Desktop\FRST.txt
2014-12-23 15:42 - 2014-12-23 15:43 - 00000000 ____D () C:\FRST
2014-12-23 15:41 - 2014-12-23 15:41 - 01114112 _____ (Farbar) C:\Users\Home\Desktop\FRST.exe
2014-12-23 15:18 - 2014-12-23 15:18 - 00006326 _____ () C:\Users\Home\Downloads\yahoo_contacts(2).csv
2014-12-23 15:17 - 2014-12-23 15:17 - 00006345 _____ () C:\Users\Home\Downloads\yahoo_contacts(1).csv
2014-12-23 13:14 - 2014-12-23 14:06 - 00000000 ____D () C:\Windows\pss
2014-12-23 13:05 - 2014-12-23 13:05 - 00000465 _____ () C:\Users\Home\Desktop\gmer.log
2014-12-23 12:49 - 2014-12-23 12:49 - 00000855 _____ () C:\Users\Home\Desktop\gmeranleiung.txt
2014-12-23 12:44 - 2014-12-23 12:44 - 00380416 _____ () C:\Users\Home\Desktop\Gmer-19357.exe
2014-12-23 12:42 - 2014-12-23 12:42 - 00000734 _____ () C:\Users\Home\Desktop\vir.txt
2014-12-23 12:39 - 2014-12-23 12:39 - 00001219 _____ () C:\Users\Home\Desktop\FSS_.txt
2014-12-23 12:22 - 2014-12-23 12:23 - 00001219 _____ () C:\Users\Home\Desktop\FSS.txt
2014-12-23 12:21 - 2014-12-23 12:21 - 00415232 _____ (Farbar) C:\Users\Home\Desktop\FSS.exe
2014-12-23 12:19 - 2014-12-23 12:21 - 00000470 _____ () C:\Users\Home\Desktop\defogger_disable.log
2014-12-23 12:19 - 2014-12-23 12:19 - 00000000 _____ () C:\Users\Home\defogger_reenable
2014-12-23 12:18 - 2014-12-23 12:18 - 00050477 _____ () C:\Users\Home\Desktop\Defogger.exe
2014-12-23 11:42 - 2014-12-23 14:07 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-23 11:41 - 2014-12-23 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-23 11:41 - 2014-12-23 11:41 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-23 11:41 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-23 11:41 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-23 11:41 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-23 11:40 - 2014-12-23 11:40 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Home\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-22 23:02 - 2014-12-22 23:02 - 00002263 _____ () C:\Users\Home\Downloads\VEREWOLF82 Picture.htm
2014-12-22 23:01 - 2014-12-22 23:01 - 00002224 _____ () C:\Users\Home\Downloads\VEREWOLF82.htm
2014-12-22 19:59 - 2014-12-22 19:59 - 00002221 _____ () C:\Users\Home\Downloads\Marcel_18.htm
2014-12-22 16:05 - 2014-12-22 17:04 - 550301804 _____ () C:\Users\Home\Downloads\Dmitry Dickov - Gladiator Webcam - full.mp4
2014-12-22 15:54 - 2014-12-22 16:57 - 521143556 _____ () C:\Users\Home\Downloads\Give Take Part 1 - xHamstercom.flv
2014-12-21 21:14 - 2014-12-21 21:14 - 00002260 _____ () C:\Users\Home\Downloads\BOYTEEN18- icture.htm
2014-12-21 21:13 - 2014-12-21 21:13 - 00002224 _____ () C:\Users\Home\Downloads\BOYTEEN18-.htm
2014-12-21 21:10 - 2014-12-21 21:10 - 00002260 _____ () C:\Users\Home\Downloads\Daniel_xl Picture.htm
2014-12-21 21:10 - 2014-12-21 21:10 - 00002257 _____ () C:\Users\Home\Downloads\Daniel_xl icture.htm
2014-12-21 21:10 - 2014-12-21 21:10 - 00002251 _____ () C:\Users\Home\Downloads\Daniel_xl ture.htm
2014-12-21 21:09 - 2014-12-21 21:09 - 00002242 _____ () C:\Users\Home\Downloads\Master-boy-geill.htm
2014-12-21 21:09 - 2014-12-21 21:09 - 00002221 _____ () C:\Users\Home\Downloads\Daniel_xl.htm
2014-12-21 21:05 - 2014-12-21 21:05 - 00002238 _____ () C:\Users\Home\Downloads\MeNowForYouPicture.htm
2014-12-21 21:05 - 2014-12-21 21:05 - 00002235 _____ () C:\Users\Home\Downloads\MeNowForYouicture.htm
2014-12-21 21:05 - 2014-12-21 21:05 - 00002232 _____ () C:\Users\Home\Downloads\MeNowForYoucture.htm
2014-12-21 21:05 - 2014-12-21 21:05 - 00002229 _____ () C:\Users\Home\Downloads\MeNowForYouture.htm
2014-12-21 21:05 - 2014-12-21 21:05 - 00002226 _____ () C:\Users\Home\Downloads\MeNowForYouure.htm
2014-12-21 21:05 - 2014-12-21 21:05 - 00002217 _____ () C:\Users\Home\Downloads\MeNowForYou.htm
2014-12-21 20:58 - 2014-12-21 20:58 - 00002226 _____ () C:\Users\Home\Downloads\ayden20xlcture.htm
2014-12-21 20:57 - 2014-12-21 20:57 - 00002232 _____ () C:\Users\Home\Downloads\ayden20xlPicture.htm
2014-12-21 20:57 - 2014-12-21 20:57 - 00002229 _____ () C:\Users\Home\Downloads\ayden20xlicture.htm
2014-12-21 20:57 - 2014-12-21 20:57 - 00002211 _____ () C:\Users\Home\Downloads\ayden20xl.htm
2014-12-21 20:42 - 2014-12-21 20:42 - 00002260 _____ () C:\Users\Home\Downloads\EDUARD-XXL icture.htm
2014-12-21 20:42 - 2014-12-21 20:42 - 00002247 _____ () C:\Users\Home\Downloads\EDUARD-XXL cture.htm
2014-12-21 20:42 - 2014-12-21 20:42 - 00002244 _____ () C:\Users\Home\Downloads\EDUARD-XXL ture.htm
2014-12-21 20:41 - 2014-12-21 20:41 - 00002263 _____ () C:\Users\Home\Downloads\EDUARD-XXL Picture.htm
2014-12-21 20:41 - 2014-12-21 20:41 - 00002224 _____ () C:\Users\Home\Downloads\EDUARD-XXL.htm
2014-12-21 19:17 - 2014-12-21 19:18 - 00002281 _____ () C:\Users\Home\Downloads\Patrick92 Chat Picture.htm
2014-12-21 19:17 - 2014-12-21 19:17 - 00002251 _____ () C:\Users\Home\Downloads\Patrick92 Chat.htm
2014-12-21 17:28 - 2014-12-21 17:28 - 00002254 _____ () C:\Users\Home\Downloads\nrw-Paul02 Picture.htm
2014-12-21 17:28 - 2014-12-21 17:28 - 00002224 _____ () C:\Users\Home\Downloads\nrw-Paul02.htm
2014-12-20 14:22 - 2014-12-20 14:23 - 21933701 _____ () C:\Users\Home\Downloads\360p - KOLLEGAH MAJOE feat Die Gtzfried Girls - Von Salat schrumpft der Bizeps.webm
2014-12-20 14:13 - 2014-12-20 14:13 - 06686577 _____ () C:\Users\Home\Downloads\360p stereo - Harry Roy His Bat Club Boys - My Girls Pussy LYRICS.mp4
2014-12-20 14:10 - 2014-12-20 14:11 - 12900020 _____ () C:\Users\Home\Downloads\360p stereo - Harry Roy - My Girls Pussy.mp4
2014-12-20 10:19 - 2014-12-20 10:19 - 00349092 _____ () C:\Users\Home\Downloads\yahoo_contacts.csv
2014-12-19 22:41 - 2014-12-19 22:45 - 71090273 _____ () C:\Users\Home\Downloads\Big dick problems.mp4
2014-12-19 22:31 - 2014-12-19 22:36 - 99685360 _____ () C:\Users\Home\Downloads\P B D.flv
2014-12-19 22:21 - 2014-12-19 22:37 - 87073312 _____ () C:\Users\Home\Downloads\Muscle.flv
2014-12-18 19:17 - 2014-12-18 20:19 - 113446912 _____ () C:\Users\Home\Downloads\baby_sexyhot-sd-df7bf43e19a0b186ece63dd38ae502jea383ed7c3ebe6d8e611ad211492ee23d4.flv
2014-12-18 17:00 - 2014-12-18 17:00 - 12098343 _____ () C:\Users\Home\Downloads\Toni Stintzing - Food4Champs Athlet (2).mp4
2014-12-18 17:00 - 2014-12-18 17:00 - 07188848 _____ () C:\Users\Home\Downloads\Toni Stintzing - Food4Champs Athlet (3).mp4
2014-12-18 17:00 - 2014-12-18 17:00 - 01751645 _____ () C:\Users\Home\Downloads\Toni Stintzing - Food4Champs Athlet (1).mp4
2014-12-18 16:59 - 2014-12-18 16:59 - 01109266 _____ () C:\Users\Home\Downloads\Toni Stintzing - Food4Champs Athlet.mp4
2014-12-17 21:24 - 2014-12-17 23:06 - 1058687514 _____ () C:\Users\Home\Downloads\LATINSSAFADO's Cam, Photos, Videos & Live Webcam Chat on Cam4.flv
2014-12-17 12:30 - 2014-12-17 12:30 - 00337914 _____ () C:\Users\Home\Downloads\Amazon_co_uk Costache Liviu Adrian New Wish List.htm
2014-12-17 12:27 - 2014-12-17 12:27 - 00425307 _____ () C:\Users\Home\Downloads\Costache Adrian.html
2014-12-17 12:27 - 2014-12-17 12:27 - 00000000 ____D () C:\Users\Home\Downloads\Costache Adrian_files
2014-12-16 22:51 - 2014-12-16 23:26 - 512243600 _____ () C:\Users\Home\Downloads\Bigstudx's Cam, Photos, Videos & Live Webcam Chat on Cam4_1.flv
2014-12-16 22:16 - 2014-12-16 23:26 - 276174562 _____ () C:\Users\Home\Downloads\ekstazybest-sd-9c29bfadda57eb1a081933e8c652211bd0096a0f171a42c7a320789d7dca5e02
2014-12-16 21:42 - 2014-12-16 23:10 - 562542278 _____ () C:\Users\Home\Downloads\Hot_ove's Cam, Photos, Videos & Live Webcam Chat on Cam4.flv
2014-12-16 21:18 - 2014-12-16 22:10 - 219211356 _____ () C:\Users\Home\Downloads\thickbigdick95-sd-d44914c8861ac658a64e923115a56b2c90739e899d2f827990474487f9031216.flv
2014-12-16 18:51 - 2014-12-16 19:57 - 269505505 _____ () C:\Users\Home\Downloads\morbidburning-ws-1caeb68f8d13bc937e9de099a565d019bf3f1995de47453f86068e4c51237279.flv
2014-12-16 16:13 - 2014-12-16 16:40 - 363254625 _____ () C:\Users\Home\Downloads\Live Muscle Show_13.flv
2014-12-16 14:57 - 2014-12-16 14:57 - 00083578 _____ () C:\Users\Home\Downloads\Medion MD96500 auseinanderbauen und reinigen _ Bloggen von zu Hause.htm
2014-12-16 11:54 - 2014-12-16 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTransport2
2014-12-16 11:54 - 2014-12-16 11:54 - 00000000 ____D () C:\Program Files\StreamTransport2
2014-12-16 09:01 - 2014-12-16 09:02 - 00000000 ____D () C:\Users\Home\AppData\Local\Adobe
2014-12-15 22:34 - 2014-12-15 22:49 - 78060716 _____ () C:\Users\Home\Downloads\Barrett_Loooong_Redtube_Free_MILF_Porn_Videos_Blonde_Movies_Clips.flv
2014-12-15 22:16 - 2014-12-15 22:45 - 160201685 _____ () C:\Users\Home\Downloads\twinks webcam amateur.mp4
2014-12-15 22:11 - 2014-12-15 22:35 - 124683655 _____ () C:\Users\Home\Downloads\wonderful young people bycam GayBoysTube.mp4
2014-12-15 22:08 - 2014-12-15 22:32 - 54882508 _____ () C:\Users\Home\Downloads\Swedish threesome.flv
2014-12-15 21:58 - 2014-12-15 22:12 - 130376576 _____ () C:\Users\Home\Downloads\Tyler Johnson and Johnny Cruz.mp4
2014-12-15 21:57 - 2014-12-15 22:04 - 71026832 _____ () C:\Users\Home\Downloads\Maw and Luke (British lads).mp4
2014-12-15 21:54 - 2014-12-15 22:33 - 158383566 _____ () C:\Users\Home\Downloads\Daniel James and Alex Silvers.mp4
2014-12-15 21:50 - 2014-12-15 22:22 - 233233136 _____ () C:\Users\Home\Downloads\2 Sexiest Athletic Str8 Boys Go GayHot AssesCumshots.flv
2014-12-15 21:49 - 2014-12-15 22:49 - 328296197 _____ () C:\Users\Home\Downloads\Czech Hunter 170.mp4
2014-12-15 21:48 - 2014-12-15 21:54 - 53587506 _____ () C:\Users\Home\Downloads\Kayden JP Underground.mp4
2014-12-15 21:46 - 2014-12-15 21:57 - 76363333 _____ () C:\Users\Home\Downloads\Damien Crosse - Kayden Grey.flv
2014-12-15 21:46 - 2014-12-15 21:51 - 43416903 _____ () C:\Users\Home\Downloads\(JB) 2 Big Dick BM suck ea others Dick.mp4
2014-12-15 21:45 - 2014-12-15 22:38 - 272480696 _____ () C:\Users\Home\Downloads\18 Plays Together Scene 2 Lance Luciano Liam Magnuson Darius Ferdynand.mp4
2014-12-15 21:40 - 2014-12-15 22:29 - 189190423 _____ () C:\Users\Home\Downloads\Kayden Gray amp Ben Grey.mp4
2014-12-15 21:37 - 2014-12-15 22:13 - 167851498 _____ () C:\Users\Home\Downloads\Josh Charters Kayden Gray.mp4
2014-12-15 21:35 - 2014-12-15 21:36 - 07589492 _____ () C:\Users\Home\Downloads\Hung and hairy British hunk wanking.mp4
2014-12-15 21:34 - 2014-12-15 21:57 - 117658250 _____ () C:\Users\Home\Downloads\Cherie Deville Minivan Milf Muff.flv
2014-12-15 21:32 - 2014-12-15 21:41 - 121489490 _____ () C:\Users\Home\Downloads\TimTales Drew Brodyand Kayden Gray.mp4
2014-12-15 09:49 - 2014-12-15 09:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-11 23:56 - 2014-11-07 02:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 23:56 - 2014-11-04 01:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 09:37 - 2014-11-24 21:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 09:37 - 2014-11-24 21:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 09:37 - 2014-11-24 21:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 09:37 - 2014-11-24 21:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-11 09:37 - 2014-11-24 21:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 09:37 - 2014-11-24 21:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-11 09:37 - 2014-11-24 21:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 09:37 - 2014-11-24 21:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 09:37 - 2014-11-24 21:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 09:37 - 2014-11-24 21:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-11 09:37 - 2014-11-24 21:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 09:37 - 2014-11-24 21:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 09:37 - 2014-11-24 21:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-11 09:37 - 2014-11-24 21:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-11 09:36 - 2014-11-24 21:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-11 09:36 - 2014-11-24 21:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 09:36 - 2014-11-24 21:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 09:36 - 2014-11-24 21:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 09:36 - 2014-11-24 21:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-11 09:36 - 2014-11-24 21:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 09:36 - 2014-11-24 21:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 09:36 - 2014-11-24 21:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 09:33 - 2014-12-03 03:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-23 15:42 - 2013-07-08 17:37 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4226526693-3076783858-1981787605-1000UA.job
2014-12-23 14:56 - 2014-07-27 19:39 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-23 14:12 - 2006-11-02 13:52 - 01528915 _____ () C:\Windows\WindowsUpdate.log
2014-12-23 14:07 - 2014-07-27 19:39 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-23 14:07 - 2006-11-02 14:01 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-23 14:07 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-23 14:07 - 2006-11-02 13:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-23 14:07 - 2006-11-02 13:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-23 13:07 - 2013-01-01 19:21 - 00066532 _____ () C:\Windows\PFRO.log
2014-12-23 12:19 - 2013-01-01 17:28 - 00000000 ____D () C:\Users\Home
2014-12-22 23:11 - 2013-06-29 15:43 - 00000000 ____D () C:\Users\Home\AppData\Roaming\vlc
2014-12-22 18:42 - 2013-07-08 17:37 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4226526693-3076783858-1981787605-1000Core.job
2014-12-22 13:53 - 2013-07-10 11:24 - 00000000 ____D () C:\Program Files\CamStudio 2.7
2014-12-22 13:36 - 2013-03-26 17:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-21 21:25 - 2014-02-12 22:19 - 00000000 ____D () C:\Users\Home\.VirtualBox
2014-12-21 19:20 - 2013-03-22 23:34 - 00007301 _____ () C:\Users\Home\.swfinfo
2014-12-20 13:37 - 2014-07-24 13:19 - 05234113 _____ () C:\Users\Home\Downloads\Jazzorchester Excellos Five mit Lucie Bernardo- Jazzband aus Krähwinkel (Berlin 1925).mp4
2014-12-19 22:57 - 2006-11-02 11:33 - 01566310 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-16 09:02 - 2013-02-07 13:12 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-16 09:02 - 2013-02-07 13:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-16 08:59 - 2013-01-01 23:51 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-15 21:15 - 2014-09-25 20:18 - 05357991 _____ () C:\Users\Home\Downloads\360p stereo - Eugen Rex Prominente in Pantoffeln - Couplet 1935.mp4
2014-12-15 21:15 - 2014-09-25 20:11 - 04521541 _____ () C:\Users\Home\Downloads\Isiphon Orchester Refraingesang Es sprach der Scheich zum Emir Aufnahme 1920.mp4
2014-12-15 21:13 - 2014-04-13 20:34 - 07675493 _____ () C:\Users\Home\Downloads\SÄLLIWENN & MONTÄNNAR (DIE SCHLAGERMAFIA) - EIN UNBEKANNTER STUNTMAN.mp4
2014-12-13 14:43 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-12-12 17:39 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-11 09:41 - 2013-08-15 10:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 09:36 - 2006-11-02 11:24 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-12-05 11:13 - 2013-09-04 11:42 - 00013632 _____ () C:\Users\Home\Documents\Unbenannt 1Zahn Bri.odt
2014-11-28 19:45 - 2013-02-21 17:01 - 00017408 _____ () C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some content of TEMP:
====================
C:\Users\Home\AppData\Local\Temp\12-6-legacy_vista_win7_32_dd_ccc_whql.exe
C:\Users\Home\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Home\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Home\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Home\AppData\Local\Temp\vlc-2.1.5-win32.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-23 14:13
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-12-2014 01
Ran by Home at 2014-12-23 15:44:52
Running from C:\Users\Home\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{EAB74CB6-760C-2136-FC77-9549721FB84A}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.0.3018 - CDBurnerXP)
Cool & Quiet (HKLM\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version: - )
DjVuLibre DjView 3.5.25.4+4.9.2 (HKLM\...\DjVuLibre+DjView) (Version: 3.5.25.4+4.9.2 - DjVuZone)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{BE09DD64-706D-4975-8034-E561C270D1E5}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
LibreOffice 4.0 Help Pack (German) (HKLM\...\{766DEEF2-5E05-42EF-B4BC-1BB0D2888229}) (Version: 4.0.0.3 - The Document Foundation)
LibreOffice 4.0.0.3 (HKLM\...\{8EA569F1-97AF-4C3E-A0CB-4846C2D35A81}) (Version: 4.0.0.3 - The Document Foundation)
Lizardtech DjVu Control (HKLM\...\{105CFC7C-6992-11D5-BD9D-000102C10FD8}) (Version: - )
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
Oracle VM VirtualBox 4.3.12 (HKLM\...\{D90E08B8-E7BB-4D29-8249-8670D4CC24BD}) (Version: 4.3.12 - Oracle Corporation)
Pamela Pro 4.8 (HKLM\...\Pamela) (Version: 4.8 - Scendix Software-Vertriebsges. mbH)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Replay Media Catcher 4 (4.3.2) (HKLM\...\Replay Media Catcher 4) (Version: 4.3.2 - Applian Technologies)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
StreamTransport version: 1.1.6.2 (HKLM\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version: - )
SumatraPDF (HKLM\...\SumatraPDF) (Version: 2.5.2 - Krzysztof Kowalczyk)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4226526693-3076783858-1981787605-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Home\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-4226526693-3076783858-1981787605-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Home\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-4226526693-3076783858-1981787605-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Home\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-4226526693-3076783858-1981787605-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Home\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
==================== Restore Points =========================
Could not list restore points.
Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2011-12-09 20:49 - 00000786 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.applian.securesites.com
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2FB57A11-B83E-48B8-8725-E268CF992A16} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4226526693-3076783858-1981787605-1000Core => C:\Users\Home\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-08] (Facebook Inc.)
Task: {4D8CCE75-E9EA-4CB8-80F8-C76A53CEACAC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-27] (Google Inc.)
Task: {9925CEA9-CFB9-4E20-9A67-2B5D59D073AD} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation)
Task: {9CE5CBC2-65CC-4453-85A6-81AD7BA24A42} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4226526693-3076783858-1981787605-1000UA => C:\Users\Home\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-08] (Facebook Inc.)
Task: {DB27BA26-7124-4257-831A-32C22748B491} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-27] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4226526693-3076783858-1981787605-1000Core.job => C:\Users\Home\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4226526693-3076783858-1981787605-1000UA.job => C:\Users\Home\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-07-04 06:09 - 2012-07-04 06:09 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll
2012-07-04 01:16 - 2012-07-04 01:16 - 00369152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-12-12 17:44 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 17:44 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-15 09:49 - 2014-12-15 09:49 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-12-16 09:02 - 2014-12-16 09:02 - 16843952 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Home\Downloads\360p stereo - Bei uns in Budapest - Rose Barsony 1933.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Home\Downloads\360p stereo - Betriebskapelle Montblanc Hamburg - Montblanc Marsch - 1939.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Home\Downloads\360p stereo - Eugen Rex Prominente in Pantoffeln - Couplet 1935.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Home\Downloads\Bully Buhlan- Also wissen se, nee - Berlinern anno 1948.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Home\Downloads\Eugen Rex- Das heutige Berlin (Kabarettvortrag 1935).mp4:TOC.WMV
AlternateDataStreams: C:\Users\Home\Downloads\Hamborger Kedelklopper (Der Kesselreiniger) Charly Wittong.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Home\Downloads\I lift up my finger and I say 'tweet tweet' and Popsy Wopsy - The Dead Victorians.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Home\Downloads\Ins blaue Leben Jazz-Orchester Gesang Harry Hilm.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Home\Downloads\Isiphon Orchester Refraingesang Es sprach der Scheich zum Emir Aufnahme 1920.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Home\Downloads\Jazzorchester Excellos Five mit Lucie Bernardo- Jazzband aus Krähwinkel (Berlin 1925).mp4:TOC.WMV
AlternateDataStreams: C:\Users\Home\Downloads\Joachim ERler-Chest Day 11 Weeks out [19 yrs old].mp4:TOC.WMV
AlternateDataStreams: C:\Users\Home\Downloads\Mike Sommerfeld Posing Video_389454308_n.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Home\Downloads\Mike Sommerfeld Posing Video_747967293_n.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Home\Downloads\mike sommerfeld-Shoulders 2014.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Home\Downloads\Mike Sommerfeld_1048172732_n.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Home\Downloads\Paul O'Montis singt- Meinem Mädel aus Wien hab' ich Rosen geschickt (Aufn. 1928).mp4:TOC.WMV
AlternateDataStreams: C:\Users\Home\Downloads\Peter Igelhoff mit Doddy Delisson- Ich möcht' so gerne wissen, ob sich die Fische küssen.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Home\Downloads\Polizisten hören Helene Fischer's 'Atemlos' im Polizeiauto.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Home\Downloads\SÄLLIWENN & MONTÄNNAR (DIE SCHLAGERMAFIA) - EIN UNBEKANNTER STUNTMAN.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Home\Downloads\The Fall Guy - The Unknown Stuntman Lee Majors.mp4:TOC.WMV
AlternateDataStreams: C:\Users\Home\Downloads\Tom Astor - Unbekannter Stuntman.mp4:TOC.WMV
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^Home^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^90B75C4E6.lnk => C:\Windows\pss\90B75C4E6.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Home^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tintenwarnungen überwachen - HP Officejet 6600.lnk => C:\Windows\pss\Tintenwarnungen überwachen - HP Officejet 6600.lnk.Startup
========================= Accounts: ==========================
Administrator (S-1-5-21-4226526693-3076783858-1981787605-500 - Administrator - Disabled)
Gast (S-1-5-21-4226526693-3076783858-1981787605-501 - Limited - Disabled)
Home (S-1-5-21-4226526693-3076783858-1981787605-1000 - Administrator - Enabled) => C:\Users\Home
==================== Faulty Device Manager Devices =============
Could not list Devices. Check "winmgmt" service or repair WMI.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/23/2014 00:59:43 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
Error: (12/22/2014 01:31:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel 0x4549b0e1, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.19034, Zeitstempel 0x52f2ec86, Ausnahmecode 0x0eedfade, Fehleroffset 0x0003fd1e,
Prozess-ID 0x8a8, Anwendungsstartzeit rundll32.exe0.
Error: (12/22/2014 10:33:45 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\HOME\DOWNLOADS\NRW-PAUL02-DATEIEN\STYLE.CSS> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (12/22/2014 10:33:45 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\HOME\DOWNLOADS\NRW-PAUL02-DATEIEN\DLPROTECT.JS> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (12/22/2014 10:31:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel 0x4549b0e1, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.19034, Zeitstempel 0x52f2ec86, Ausnahmecode 0x0eedfade, Fehleroffset 0x0003fd1e,
Prozess-ID 0x940, Anwendungsstartzeit rundll32.exe0.
Error: (12/21/2014 10:51:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung rtmpsuck.exe, Version 0.0.0.0, Zeitstempel 0x50edf98d, fehlerhaftes Modul rtmpsuck.exe, Version 0.0.0.0, Zeitstempel 0x50edf98d, Ausnahmecode 0xc0000005, Fehleroffset 0x00002ae4,
Prozess-ID 0x2fa8, Anwendungsstartzeit rtmpsuck.exe0.
Error: (12/21/2014 07:12:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung rtmpsuck.exe, Version 0.0.0.0, Zeitstempel 0x50edf98d, fehlerhaftes Modul rtmpsuck.exe, Version 0.0.0.0, Zeitstempel 0x50edf98d, Ausnahmecode 0xc0000005, Fehleroffset 0x00002ae4,
Prozess-ID 0x7ca0, Anwendungsstartzeit rtmpsuck.exe0.
Error: (12/21/2014 06:56:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16599, Zeitstempel 0x5473964b, fehlerhaftes Modul RTMPDumpHelper.dll, Version 0.0.0.0, Zeitstempel 0x526013cf, Ausnahmecode 0xc0000005, Fehleroffset 0x000010df,
Prozess-ID 0x19b8, Anwendungsstartzeit iexplore.exe0.
Error: (12/21/2014 11:08:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel 0x4549b0e1, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.19034, Zeitstempel 0x52f2ec86, Ausnahmecode 0x0eedfade, Fehleroffset 0x0003fd1e,
Prozess-ID 0x8d4, Anwendungsstartzeit rundll32.exe0.
Error: (12/20/2014 01:01:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung vlc.exe, Version 2.1.5.0, Zeitstempel 0x00000004, fehlerhaftes Modul vlc.exe, Version 2.1.5.0, Zeitstempel 0x00000004, Ausnahmecode 0xc0000005, Fehleroffset 0x000018c5,
Prozess-ID 0xf68, Anwendungsstartzeit vlc.exe0.
System errors:
=============
Error: (12/23/2014 02:16:14 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Error: (12/23/2014 02:08:44 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Error: (12/23/2014 01:19:02 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Error: (12/23/2014 01:16:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Error: (12/23/2014 01:10:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Error: (12/23/2014 01:08:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Error: (12/23/2014 11:13:30 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Error: (12/23/2014 11:11:30 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Error: (12/22/2014 03:26:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Error: (12/22/2014 02:08:38 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Microsoft Office Sessions:
=========================
Error: (12/23/2014 00:59:43 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
Error: (12/22/2014 01:31:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe6.0.6000.163864549b0e1kernel32.dll6.0.6002.1903452f2ec860eedfade0003fd1e8a801d01de316bb7f4c
Error: (12/22/2014 10:33:45 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\HOME\DOWNLOADS\NRW-PAUL02-DATEIEN\STYLE.CSS
Error: (12/22/2014 10:33:45 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\HOME\DOWNLOADS\NRW-PAUL02-DATEIEN\DLPROTECT.JS
Error: (12/22/2014 10:31:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe6.0.6000.163864549b0e1kernel32.dll6.0.6002.1903452f2ec860eedfade0003fd1e94001d01dc9ffddc692
Error: (12/21/2014 10:51:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rtmpsuck.exe0.0.0.050edf98drtmpsuck.exe0.0.0.050edf98dc000000500002ae42fa801d01d5f2d70462b
Error: (12/21/2014 07:12:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rtmpsuck.exe0.0.0.050edf98drtmpsuck.exe0.0.0.050edf98dc000000500002ae47ca001d01d46cc8d5bb3
Error: (12/21/2014 06:56:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165995473964bRTMPDumpHelper.dll0.0.0.0526013cfc0000005000010df19b801d01d4766d6cb73
Error: (12/21/2014 11:08:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe6.0.6000.163864549b0e1kernel32.dll6.0.6002.1903452f2ec860eedfade0003fd1e8d401d01d060fe9c6f3
Error: (12/20/2014 01:01:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000004vlc.exe2.1.5.000000004c0000005000018c5f6801d01c4bfb9c57e6
CodeIntegrity Errors:
===================================
Date: 2014-12-23 15:44:48.876
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-23 15:44:48.704
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-23 15:44:48.533
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-23 15:44:48.361
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-23 15:44:34.415
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-23 15:44:34.243
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-23 15:44:34.087
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-23 15:44:33.915
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-23 15:44:33.510
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-23 15:44:33.323
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E7300 @ 2.66GHz
Percentage of memory in use: 41%
Total physical RAM: 3070.44 MB
Available physical RAM: 1789.67 MB
Total Pagefile: 6389.9 MB
Available Pagefile: 4706.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1888.25 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:107.42 GB) (Free:33.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:125.46 GB) (Free:0.66 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 0007971F)
Partition 1: (Active) - (Size=107.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=125.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
FRST 32-Bit | FRST 64-Bit
WARNUNG an die MITLESER: