| Kuddel123 | 03.06.2015 16:41 |
Windows 8:picexa.exe
Hallo,
ich habe seit eben die Datei "picexa.exe".
Leider weiß ich nicht wo ich die Datei her habe.
Ich habe die Datei schon unter Windows/Systemsteuerung/Programme deinstalliert.
Anbei schon mal die FRST.txt, die Addition.txt sowie die Gmer.txt Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by läppy (administrator) on NOTEBOOK on 03-06-2015 17:20:58
Running from C:\Users\läppy\Downloads
Loaded Profiles: läppy (Available Profiles: läppy)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
() C:\Program Files (x86)\Edimax\Edimax Wireless LAN\WPSService20.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\läppy\Downloads\Defogger.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-04-14] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1298824626-3041435518-3372511409-1001\...\Run: [GoogleChromeAutoLaunch_2001DB9A8CCE5CFBEE009DE785FE790C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.)
HKU\S-1-5-21-1298824626-3041435518-3372511409-1001\...\Run: [Google Update] => C:\Users\läppy\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-04-01] (Google Inc.)
HKU\S-1-5-21-1298824626-3041435518-3372511409-1001\...\Run: [MusicManager] => C:\Users\läppy\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7475200 2015-04-01] (Google Inc.)
HKU\S-1-5-21-1298824626-3041435518-3372511409-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
HKU\S-1-5-21-1298824626-3041435518-3372511409-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung)
HKU\S-1-5-21-1298824626-3041435518-3372511409-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-03-25]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-01] (Avast Software s.r.o.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1298824626-3041435518-3372511409-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-01] (Avast Software s.r.o.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-01] (Avast Software s.r.o.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{6FDB5192-C3BE-4E9C-82A8-531302FB2FD6}: [NameServer] 192.168.178.1,8.8.8.8
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-1298824626-3041435518-3372511409-1001: @tools.google.com/Google Update;version=3 -> C:\Users\läppy\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-1298824626-3041435518-3372511409-1001: @tools.google.com/Google Update;version=9 -> C:\Users\läppy\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-20] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-24]
Chrome:
=======
CHR Profile: C:\Users\läppy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\läppy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-06-03]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\läppy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-03]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\läppy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-06-03]
CHR Extension: (Google Wallet) - C:\Users\läppy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-03]
CHR HKU\S-1-5-21-1298824626-3041435518-3372511409-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-24]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-01] (Avast Software s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2635552 2015-03-05] (IObit)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [1055008 2015-03-05] (IObit)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 WPSService20; C:\Program Files (x86)\Edimax\Edimax Wireless LAN\WPSService20.exe [96768 2013-05-15] () [File not signed]
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-01] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-01] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-01] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-01] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4221952 2015-03-24] (Qualcomm Atheros Communications, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [136408 2015-06-03] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
U0 qvvv; C:\Windows\System32\drivers\wsjqg.sys [79064 2015-06-03] (Malwarebytes Corporation)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [2968280 2013-11-15] (Realtek Semiconductor Corporation )
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [788696 2014-12-23] (Realsil Semiconductor Corporation)
U5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [376024 2014-12-26] (Realsil Semiconductor Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-03 17:20 - 2015-06-03 17:21 - 00014625 _____ () C:\Users\läppy\Downloads\FRST.txt
2015-06-03 17:20 - 2015-06-03 17:21 - 00000000 ____D () C:\FRST
2015-06-03 17:20 - 2015-06-03 17:20 - 02108928 _____ (Farbar) C:\Users\läppy\Downloads\FRST64.exe
2015-06-03 17:19 - 2015-06-03 17:19 - 00000244 _____ () C:\Users\läppy\Downloads\defogger_enable.log
2015-06-03 17:19 - 2015-06-03 17:19 - 00000000 _____ () C:\Users\läppy\defogger_reenable
2015-06-03 17:18 - 2015-06-03 17:20 - 00000472 _____ () C:\Users\läppy\Downloads\defogger_disable.log
2015-06-03 17:17 - 2015-06-03 17:17 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\wsjqg.sys
2015-06-03 17:17 - 2015-06-03 17:17 - 00050477 _____ () C:\Users\läppy\Downloads\Defogger.exe
2015-06-03 16:59 - 2015-06-03 17:00 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-03 16:58 - 2015-06-03 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-03 16:58 - 2015-06-03 16:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-06-03 16:58 - 2015-06-03 16:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-03 16:58 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-03 16:58 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-03 16:58 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-03 16:55 - 2015-06-03 16:56 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\läppy\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-03 16:46 - 2015-06-03 16:48 - 00000000 ____D () C:\AdwCleaner
2015-06-03 16:46 - 2015-06-03 16:46 - 02231296 _____ () C:\Users\läppy\Downloads\AdwCleaner_4.206.exe
2015-06-03 16:29 - 2015-06-03 17:17 - 00000000 ____D () C:\Program Files (x86)\MiuiTab
2015-06-03 16:29 - 2015-06-03 16:29 - 00000000 ____D () C:\Users\läppy\AppData\Roaming\Picexa Viewer
2015-06-03 16:21 - 2015-06-03 16:21 - 00000000 ____D () C:\Users\läppy\AppData\Local\GWX
2015-06-01 17:02 - 2015-06-01 17:02 - 00016833 _____ () C:\Users\läppy\Documents\BWL_ arbeit.odt
2015-06-01 16:25 - 2015-06-01 17:01 - 00000000 ____D () C:\Users\läppy\Desktop\bwl
2015-05-26 22:16 - 2015-05-26 22:16 - 00258204 _____ () C:\Users\läppy\Downloads\repository.bromix.zip
2015-05-26 22:15 - 2015-05-26 22:15 - 00025864 _____ () C:\Users\läppy\Downloads\repository.kodinerds.helix-1.0.14.zip
2015-05-26 18:06 - 2015-05-26 18:06 - 00016823 _____ () C:\Users\läppy\Documents\VWL_ arbeit.odt
2015-05-24 17:37 - 2015-05-24 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-24 17:36 - 2015-05-24 17:36 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-24 17:36 - 2015-05-24 17:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-24 11:29 - 2015-05-24 11:29 - 01504768 _____ () C:\Users\läppy\Downloads\bouquets_backup500hd.tar
2015-05-23 21:28 - 2015-05-23 21:28 - 00000320 _____ () C:\Users\läppy\Desktop\MyHarmony.appref-ms
2015-05-23 21:28 - 2015-05-23 21:28 - 00000000 ____D () C:\Users\läppy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logitech
2015-05-23 21:28 - 2015-05-23 21:28 - 00000000 ____D () C:\Users\läppy\AppData\Roaming\Logitech
2015-05-23 21:27 - 2015-05-23 22:00 - 00000000 ____D () C:\Users\läppy\AppData\Local\Deployment
2015-05-23 21:27 - 2015-05-23 21:27 - 00410392 _____ (Logitech) C:\Users\läppy\Downloads\MyHarmony-App.exe
2015-05-23 21:27 - 2015-05-23 21:27 - 00000000 ____D () C:\Users\läppy\AppData\Local\Apps\2.0
2015-05-23 18:06 - 2015-05-23 18:07 - 62052874 _____ () C:\Users\läppy\Downloads\atemio4you-2.3.4-atemionemesis-20141125_usb.zip
2015-05-23 18:04 - 2015-05-23 18:05 - 63709721 _____ () C:\Users\läppy\Downloads\openatv-4.2-atemionemesis-20150523_usb.zip
2015-05-23 17:58 - 2015-05-23 18:00 - 66062623 _____ () C:\Users\läppy\Downloads\atemio4you-3.0-HD-nightly-atemionemesis-20150518_usb.zip
2015-05-23 17:36 - 2015-05-23 17:36 - 00000000 ____D () C:\Users\läppy\Documents\oscam
2015-05-23 17:34 - 2015-05-23 17:34 - 06471520 _____ (Tim Kosse) C:\Users\läppy\Downloads\FileZilla_3.11.0.1_win64-setup.exe
2015-05-23 16:46 - 2015-05-23 16:46 - 05638167 _____ () C:\Users\läppy\Downloads\XpeedFB_Uni.zip
2015-05-23 16:44 - 2015-05-23 16:52 - 69936570 _____ () C:\Users\läppy\Downloads\opennfr-5.0-atemionemesis-20150426_usb.zip
2015-05-23 12:45 - 2015-05-23 12:45 - 00110767 _____ () C:\Users\läppy\Downloads\plugin.audio.googlemusic.exp-1.3.zip
2015-05-23 12:34 - 2015-05-23 12:34 - 00270609 _____ () C:\Users\läppy\Downloads\plugin.audio.googlemusic-0.8exp19.zip
2015-05-23 12:34 - 2015-05-23 12:34 - 00270609 _____ () C:\Users\läppy\Downloads\plugin.audio.googlemusic-0.8exp19 (1).zip
2015-05-23 12:34 - 2015-05-23 12:34 - 00151090 _____ () C:\Users\läppy\Downloads\script.module.gmusicapi-2013.02.28.zip
2015-05-23 12:34 - 2015-05-23 12:34 - 00099143 _____ () C:\Users\läppy\Downloads\script.module.mutagen-1.21.0.zip
2015-05-17 19:22 - 2015-05-17 19:22 - 00000122 _____ () C:\Users\läppy\Downloads\stream (7).m3u
2015-05-13 14:20 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 14:20 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 14:13 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 14:13 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 14:13 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 14:13 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 14:13 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 14:13 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 14:13 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 14:13 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 14:13 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 14:13 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 14:13 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 14:13 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-13 14:13 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 14:13 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 14:13 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 14:13 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-13 14:13 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 14:13 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 14:13 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-13 14:13 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 14:13 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-13 14:13 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 14:13 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 14:13 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 14:13 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 14:13 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 14:13 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 14:13 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-13 14:13 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 14:13 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-13 14:13 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 14:13 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-13 14:13 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 14:13 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 14:13 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 14:13 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 14:13 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 14:13 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 14:13 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 14:13 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 14:13 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 14:13 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 14:13 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 14:13 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 14:13 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 14:13 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-13 14:13 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 14:13 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-13 14:13 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 14:13 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-05-13 14:13 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-05-13 14:13 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-05-13 14:13 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-05-13 14:13 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-05-13 14:13 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-05-13 14:13 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-13 14:13 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 14:13 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 14:13 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 14:13 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-05-13 14:13 - 2015-03-17 19:26 - 00467776 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-05-13 14:13 - 2015-03-13 06:03 - 00239424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-05-13 14:13 - 2015-03-13 06:03 - 00154432 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-05-13 14:13 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-05-13 14:13 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-05-13 14:13 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-05-13 14:13 - 2015-03-13 02:29 - 00410017 _____ () C:\Windows\system32\ApnDatabase.xml
2015-05-13 14:13 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 14:13 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 14:13 - 2015-03-09 04:02 - 00057856 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-05-13 14:13 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 14:13 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-05-13 14:13 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 14:13 - 2015-03-05 01:09 - 01429504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 14:13 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-05-13 14:13 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-13 14:13 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-05-13 14:13 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-05-12 12:57 - 2015-05-12 12:57 - 00031131 _____ () C:\Users\läppy\Downloads\iptvde (1).m3u
2015-05-11 20:01 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-05-11 20:01 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-05-09 18:57 - 2015-05-09 18:57 - 00002572 _____ () C:\Users\läppy\Desktop\Windows 7 USB DVD Download Tool.lnk
2015-05-09 18:57 - 2015-05-09 18:57 - 00000000 ____D () C:\Users\läppy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2015-05-09 18:57 - 2015-05-09 18:57 - 00000000 ____D () C:\Users\läppy\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2015-05-09 18:53 - 2015-05-09 18:53 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2015-05-09 18:53 - 2015-05-09 18:53 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-05-09 18:53 - 2015-05-09 18:53 - 00000000 ____D () C:\Program Files\MSBuild
2015-05-09 18:53 - 2015-05-09 18:53 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-05-09 18:49 - 2013-08-03 06:48 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2015-05-09 18:49 - 2013-08-03 06:41 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2015-05-09 18:38 - 2015-05-09 18:38 - 04831232 _____ (Geza Kovacs) C:\Users\läppy\Downloads\unetbootin-windows-608.exe
2015-05-09 18:26 - 2015-05-09 18:27 - 69999448 _____ (Microsoft Corporation) C:\Users\läppy\Downloads\NDP452-KB2901907-x86-x64-AllOS-ENU.exe
2015-05-09 18:24 - 2015-05-09 18:24 - 02721168 _____ (Microsoft Corporation) C:\Users\läppy\Downloads\Windows7-USB-DVD1024-tool.exe
2015-05-09 18:22 - 2015-05-09 18:22 - 00005474 _____ () C:\Users\läppy\Downloads\eicfg_removal_utility (1).zip
2015-05-09 18:20 - 2015-05-09 18:23 - 2509058048 _____ () C:\Users\läppy\Desktop\de_windows_7_professional_with_sp1_x86_dvd_u_677093.iso
2015-05-09 18:18 - 2015-05-09 18:21 - 224325632 _____ () C:\Users\läppy\Downloads\LibreOffice_4.4.2_Win_x86.msi
2015-05-09 17:46 - 2015-05-09 17:46 - 00000000 ____D () C:\Users\läppy\AppData\Roaming\Steganos VPN
2015-05-09 17:45 - 2015-05-09 18:00 - 00000000 ____D () C:\Users\läppy\AppData\Roaming\Steganos
2015-05-09 17:45 - 2015-05-09 17:46 - 21367016 _____ (Steganos Software GmbH) C:\Users\läppy\Downloads\okayfreedom.exe
2015-05-09 17:45 - 2015-05-09 17:45 - 02756408 _____ (Steganos Software GmbH) C:\Users\läppy\Downloads\okayfreedomintdle11.exe
2015-05-09 13:05 - 2015-05-09 13:05 - 02536027 _____ () C:\Users\läppy\Downloads\Density_Sky_Go_Start Red Bull TV.6.apk
2015-05-09 13:01 - 2015-05-09 13:01 - 03273470 _____ () C:\Users\läppy\Downloads\Tasker.4.6u3.apk
2015-05-09 13:00 - 2015-05-09 13:00 - 24922247 _____ () C:\Users\läppy\Downloads\de_sky_bw-3193.apk
2015-05-09 12:55 - 2015-05-09 12:55 - 03283640 _____ () C:\Users\läppy\Downloads\FireTV-Bluetooth-Settings (1).apk
2015-05-07 18:28 - 2015-05-07 18:28 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2015-05-07 18:28 - 2015-05-07 18:28 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-03 17:19 - 2015-03-24 17:57 - 00000000 ____D () C:\Users\läppy
2015-06-03 17:17 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Performance
2015-06-03 17:04 - 2015-03-24 18:02 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1298824626-3041435518-3372511409-1001
2015-06-03 17:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-06-03 16:59 - 2015-03-24 17:55 - 01156445 _____ () C:\Windows\WindowsUpdate.log
2015-06-03 16:57 - 2015-04-01 07:47 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1298824626-3041435518-3372511409-1001UA.job
2015-06-03 16:57 - 2015-04-01 07:47 - 00001086 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1298824626-3041435518-3372511409-1001Core.job
2015-06-03 16:51 - 2015-04-01 07:51 - 00000000 ___RD () C:\Users\läppy\Google Drive
2015-06-03 16:51 - 2015-03-24 18:22 - 00000000 ___DO () C:\Users\läppy\SkyDrive
2015-06-03 16:50 - 2015-03-24 18:16 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-03 16:50 - 2013-08-22 16:46 - 00024946 _____ () C:\Windows\setupact.log
2015-06-03 16:50 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-03 16:49 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-06-03 16:48 - 2015-03-24 18:17 - 00001302 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-03 16:48 - 2015-03-24 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-03 16:48 - 2015-03-24 17:57 - 00001007 _____ () C:\Users\läppy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-03 16:32 - 2015-03-24 18:16 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-01 16:29 - 2015-04-22 12:45 - 00001260 _____ () C:\Users\läppy\Desktop\Scanner.lnk
2015-06-01 16:29 - 2015-03-25 22:51 - 00208896 ___SH () C:\Users\läppy\Desktop\Thumbs.db
2015-05-31 13:54 - 2015-04-01 21:43 - 00000000 ____D () C:\Users\läppy\Desktop\ExcelWord Dokumente
2015-05-31 12:46 - 2015-03-24 19:27 - 00000000 ____D () C:\ProgramData\ProductData
2015-05-26 22:14 - 2015-03-03 16:14 - 00000000 ____D () C:\Users\läppy\Desktop\Fire TV
2015-05-26 16:34 - 2015-03-24 18:18 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-05-24 17:28 - 2015-03-29 16:57 - 00000000 ____D () C:\Users\läppy\AppData\Roaming\FileZilla
2015-05-21 17:28 - 2015-03-24 17:58 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-21 17:28 - 2013-08-23 01:24 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2015-05-21 17:28 - 2013-08-23 01:24 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2015-05-20 17:38 - 2015-04-04 12:30 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 17:38 - 2015-04-04 12:30 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-20 17:38 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-20 16:52 - 2015-04-01 07:47 - 00004084 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1298824626-3041435518-3372511409-1001UA
2015-05-20 16:52 - 2015-04-01 07:47 - 00003704 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1298824626-3041435518-3372511409-1001Core
2015-05-20 16:27 - 2015-03-24 18:16 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-20 16:27 - 2015-03-24 18:16 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-19 17:24 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2015-05-17 21:16 - 2015-03-24 18:36 - 00000000 ____D () C:\Users\läppy\AppData\Roaming\vlc
2015-05-13 14:35 - 2013-08-22 16:44 - 00403864 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 14:33 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-05-13 14:33 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 14:20 - 2015-03-24 19:20 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 14:16 - 2015-03-24 19:20 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 14:14 - 2013-08-23 01:26 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-09 18:53 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2015-05-09 18:53 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\MUI
2015-05-09 18:47 - 2015-03-29 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
2015-05-09 18:47 - 2015-03-29 16:37 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 10.0
2015-05-09 18:09 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-09 18:00 - 2015-03-25 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-05-09 18:00 - 2015-03-25 22:33 - 00000000 ____D () C:\Program Files (x86)\HP
2015-05-09 18:00 - 2015-03-25 22:32 - 00001823 _____ () C:\ProgramData\hpzinstall.log
2015-05-09 17:59 - 2013-08-23 01:26 - 00000000 ____D () C:\Windows\ShellNew
2015-05-07 18:28 - 2015-04-01 07:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-05 19:59 - 2015-03-24 20:48 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-05 19:59 - 2015-03-24 20:48 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2015-03-31 18:07 - 2015-04-18 16:28 - 0000600 _____ () C:\Users\läppy\AppData\Local\PUTTY.RND
2015-03-25 15:10 - 2015-03-25 15:10 - 0007599 _____ () C:\Users\läppy\AppData\Local\Resmon.ResmonCfg
2015-03-25 22:32 - 2015-05-09 18:00 - 0001823 _____ () C:\ProgramData\hpzinstall.log
Some files in TEMP:
====================
C:\Users\läppy\AppData\Local\Temp\Del2BF2.exe
C:\Users\läppy\AppData\Local\Temp\Quarantine.exe
C:\Users\läppy\AppData\Local\Temp\sqlite3.dll
C:\Users\läppy\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-03 15:38
==================== End of log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by läppy at 2015-06-03 17:21:51
Running from C:\Users\läppy\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1298824626-3041435518-3372511409-500 - Administrator - Disabled)
Gast (S-1-5-21-1298824626-3041435518-3372511409-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1298824626-3041435518-3372511409-1003 - Limited - Enabled)
läppy (S-1-5-21-1298824626-3041435518-3372511409-1001 - Administrator - Enabled) => C:\Users\läppy
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4500_G510nz_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
4500G510nz (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 5.1.7 - CEWE Stiftung u Co. KGaA)
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Edimax Wireless LAN (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.00.0205.2 - )
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
FileZilla Client 3.10.3-rc1 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3-rc1 - Tim Kosse)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.3.320 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 4500 G510n-z 14.0 Rel. 6 (HKLM\...\{6B9B2E57-D988-4258-8A2C-6F3657A600BD}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4101 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
LibreOffice 4.4.1.2 (HKLM-x32\...\{4A754DA6-6E12-40AF-BAF0-B7D60C6BE005}) (Version: 4.4.1.2 - The Document Foundation)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{A106D33E-6B43-42C0-9BFC-D03303261FA7}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - DEU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{9634d50a-0c4d-4f52-8a9f-894a2baae370}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-1298824626-3041435518-3372511409-1001\...\MusicManager) (Version: - Google, Inc.)
MyHarmony (HKU\S-1-5-21-1298824626-3041435518-3372511409-1001\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.370.71 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 2.1.0 - IObit)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
TightVNC (HKLM\...\{D2372F87-7DA2-47F7-A102-AF2181B8EAA2}) (Version: 2.7.10.0 - GlavSoft LLC.)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1298824626-3041435518-3372511409-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\läppy\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1298824626-3041435518-3372511409-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\läppy\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1298824626-3041435518-3372511409-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\läppy\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
==================== Restore Points =========================
12-05-2015 11:58:04 Windows Update
20-05-2015 17:37:12 Windows Update
24-05-2015 17:35:33 Windows Update
03-06-2015 15:45:44 Geplanter Prüfpunkt
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0182DC2C-26CF-4D26-AE70-FFD81961CFBB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {04E7D215-4DCF-4B99-8762-6A537BB03017} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1298824626-3041435518-3372511409-1001Core => C:\Users\läppy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-01] (Google Inc.)
Task: {303A5E34-19F4-4643-9D8D-762BC0F8F121} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-24] (Google Inc.)
Task: {41071F12-3D97-4E71-92F1-3F1A3F423457} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {499707EA-1B5F-4E42-8E08-C59C3EBD9CB7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-01] (Avast Software s.r.o.)
Task: {62C6A4AA-B880-48C5-8D38-03BA9D076169} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {728E9997-E23B-4BBA-A2C3-925E2A90EB29} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-05-13] (Microsoft Corporation)
Task: {9999F5EA-2434-4574-8571-ABD4D3658C12} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-24] (Google Inc.)
Task: {B0851DA6-2CD3-40BC-85FD-E1FB3BFCEA83} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {C7F88B40-163B-43A6-9ED8-61FFC1D5E33C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1298824626-3041435518-3372511409-1001UA => C:\Users\läppy\AppData\Local\Google\Update\GoogleUpdate.exe [2015-04-01] (Google Inc.)
Task: {FA4FACDA-5E35-4247-B08C-C24F8A764AA1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1298824626-3041435518-3372511409-1001Core.job => C:\Users\läppy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1298824626-3041435518-3372511409-1001UA.job => C:\Users\läppy\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2015-03-25 14:08 - 2013-05-15 16:27 - 00096768 _____ () C:\Program Files (x86)\Edimax\Edimax Wireless LAN\WPSService20.exe
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-01-30 00:02 - 2014-01-30 00:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-06-03 17:17 - 2015-06-03 17:17 - 00050477 _____ () C:\Users\läppy\Downloads\Defogger.exe
2015-05-01 10:31 - 2015-05-01 10:31 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-01 10:31 - 2015-05-01 10:31 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-03 15:27 - 2015-06-03 15:27 - 02951680 _____ () C:\Program Files\AVAST Software\Avast\defs\15060300\algo.dll
2015-03-24 19:28 - 2015-03-05 16:34 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2015-04-01 22:07 - 2015-03-05 15:34 - 00348960 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl
2015-04-01 22:07 - 2015-03-05 15:33 - 00180856 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl
2015-04-01 22:07 - 2015-03-05 15:34 - 00050976 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl
2015-04-01 22:07 - 2015-03-05 15:35 - 00268920 _____ () C:\Program Files (x86)\IObit\Start Menu 8\sqlite3.dll
2015-04-01 22:07 - 2015-03-05 15:34 - 00053024 _____ () C:\Program Files (x86)\IObit\Start Menu 8\parseAuto.dll
2015-04-01 22:07 - 2015-03-05 15:34 - 00622880 _____ () C:\Program Files (x86)\IObit\Start Menu 8\ProductStatistics.dll
2015-04-01 22:07 - 2015-03-05 15:36 - 00041248 _____ () C:\Program Files (x86)\IObit\Start Menu 8\winkey.dll
2015-06-03 16:51 - 2015-06-03 16:51 - 00098816 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\win32api.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 00110080 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\pywintypes27.dll
2015-06-03 16:51 - 2015-06-03 16:51 - 00364544 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\pythoncom27.dll
2015-06-03 16:51 - 2015-06-03 16:51 - 00045568 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\_socket.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 01161216 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\_ssl.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 00320512 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\win32com.shell.shell.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 00713216 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\_hashlib.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 01175040 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\wx._core_.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 00805888 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\wx._gdi_.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 00811008 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\wx._windows_.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 01062400 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\wx._controls_.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 00735232 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\wx._misc_.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 00682496 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\pysqlite2._sqlite.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 00128512 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\_elementtree.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 00127488 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\pyexpat.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 00087552 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\_ctypes.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 00119808 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\win32file.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 00108544 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\win32security.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 00007168 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\hashobjs_ext.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 00017408 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\usb_ext.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 00167936 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\win32gui.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 00018432 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\win32event.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 00013824 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\common.time34.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 00036864 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\_psutil_windows.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 00038912 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\win32inet.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 00011264 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\win32crypt.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 00070656 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\wx._html2.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 00027136 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\_multiprocessing.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 00020480 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\_yappi.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 00035840 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\win32process.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 00686080 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\unicodedata.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 00122368 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\wx._wizard.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 00024064 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\win32pipe.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 00010240 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\select.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 00025600 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\win32pdh.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 00525640 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\windows._lib_cacheinvalidation.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 00017408 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\win32profile.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 00022528 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\win32ts.pyd
2015-06-03 16:51 - 2015-06-03 16:51 - 00078336 _____ () C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\wx._animate.pyd
2015-03-24 18:18 - 2015-03-24 18:18 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-03-21 18:41 - 2015-03-21 18:41 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2015-05-26 17:34 - 2015-05-22 22:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-26 17:34 - 2015-05-22 22:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
2015-05-26 17:34 - 2015-05-22 22:22 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\läppy\SkyDrive:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1298824626-3041435518-3372511409-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1 - 8.8.8.8
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKU\S-1-5-21-1298824626-3041435518-3372511409-1001\...\StartupApproved\Run: => "KiesPreload"
HKU\S-1-5-21-1298824626-3041435518-3372511409-1001\...\StartupApproved\Run: => "MusicManager"
HKU\S-1-5-21-1298824626-3041435518-3372511409-1001\...\StartupApproved\Run: => "KiesAirMessage"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{4594B2F8-791F-43B2-B005-6B4DF76FF613}] => (Allow) C:\Users\läppy\AppData\Local\Temp\7zS64DB\setup\hpznui40.exe
FirewallRules: [{53BA6061-B78A-49B5-B4DB-AEA052015008}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{C32269DA-DB1B-45D2-8588-80FB20731EE8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{4A20A312-409F-49BA-A1DF-4E152968A026}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{DBB42319-B2BD-4E3D-8A16-79DF99CFF761}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{551641D4-1CC5-48C3-B18D-42EADE1B7416}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{8821DC75-3902-4693-90A1-A65065DCA7E7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{96EAAAAE-C9A7-4EB1-9588-6576776FF3A9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{9825138D-8AC7-4787-99BD-E813A82752F2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{262C8739-610E-4A3D-AB19-C3DEB80060D7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{EB449D2C-97D3-4425-9D92-6F3CBA1D56F7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{89418DB9-28E7-4D88-9CFF-AE1CAB5BCBDE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{FD53A7CC-8AA3-4450-A2DD-5D1BFB5661B4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{740E4CEB-C648-4E7A-8B1B-E8D73A5F4141}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{A45AF1B9-E661-46A8-9E60-0AA76B410535}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{C84233CD-BC98-4C2C-B9F0-89BD74090252}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{126A452D-3EB1-4E9D-8A3A-7B92DD67A848}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{77F89298-B092-412B-BFD6-38EFCC3908D8}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [TCP Query User{8E35C501-BD4F-41A3-8FC5-20C362E1701B}C:\users\läppy\desktop\portify-0.4-win32\data\bin\node.exe] => (Allow) C:\users\läppy\desktop\portify-0.4-win32\data\bin\node.exe
FirewallRules: [UDP Query User{240FCDA2-E25A-48D5-BD30-51BDAF79F8D4}C:\users\läppy\desktop\portify-0.4-win32\data\bin\node.exe] => (Allow) C:\users\läppy\desktop\portify-0.4-win32\data\bin\node.exe
FirewallRules: [{10934DA0-8724-41E2-980C-84B6FF59B0E7}] => (Allow) C:\Program Files\TightVNC\tvnviewer.exe
FirewallRules: [{64A244CF-85BE-4903-B103-0C4CFFD829A0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: HD Webcam
Description: USB-Videogerät
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/03/2015 04:20:52 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Benachrichtigungen für Volume C:\ sind nicht aktiv.
Kontext: Windows Anwendung
Details:
Falscher Parameter. (HRESULT : 0x80070057) (0x80070057)
Error: (06/01/2015 05:20:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NOTEBOOK)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (06/01/2015 04:09:11 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Benachrichtigungen für Volume C:\ sind nicht aktiv.
Kontext: Windows Anwendung
Details:
Falscher Parameter. (HRESULT : 0x80070057) (0x80070057)
Error: (05/31/2015 00:51:59 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Benachrichtigungen für Volume C:\ sind nicht aktiv.
Kontext: Windows Anwendung
Details:
Das Datenträgeränderungsjournal wird gelöscht. (HRESULT : 0x8007049a) (0x8007049a)
Error: (05/27/2015 06:14:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.3.9600.17415, Zeitstempel: 0x54504177
Name des fehlerhaften Moduls: combase.dll, Version: 6.3.9600.17415, Zeitstempel: 0x545044f9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000394ca
ID des fehlerhaften Prozesses: 0x820
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Vollständiger Name des fehlerhaften Pakets: svchost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe5
Error: (05/27/2015 06:13:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NOTEBOOK)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (05/27/2015 04:11:32 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Benachrichtigungen für Volume C:\ sind nicht aktiv.
Kontext: Windows Anwendung
Details:
Falscher Parameter. (HRESULT : 0x80070057) (0x80070057)
Error: (05/26/2015 10:17:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NOTEBOOK)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (05/26/2015 04:36:57 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Benachrichtigungen für Volume C:\ sind nicht aktiv.
Kontext: Windows Anwendung
Details:
Das Datenträgeränderungsjournal wird gelöscht. (HRESULT : 0x8007049a) (0x8007049a)
Error: (05/25/2015 00:11:28 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Benachrichtigungen für Volume C:\ sind nicht aktiv.
Kontext: Windows Anwendung
Details:
Falscher Parameter. (HRESULT : 0x80070057) (0x80070057)
System errors:
=============
Error: (06/03/2015 04:49:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst "Windows Search" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1069
Error: (06/03/2015 04:49:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (06/03/2015 04:49:17 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (06/03/2015 04:49:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (06/03/2015 04:49:17 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (06/03/2015 04:48:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/03/2015 04:48:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/03/2015 04:48:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/03/2015 04:48:23 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (06/03/2015 04:47:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PicexaService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office:
=========================
Error: (06/03/2015 04:20:52 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Kontext: Windows Anwendung
Details:
Falscher Parameter. (HRESULT : 0x80070057) (0x80070057)
C:\
Error: (06/01/2015 05:20:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NOTEBOOK)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141
Error: (06/01/2015 04:09:11 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Kontext: Windows Anwendung
Details:
Falscher Parameter. (HRESULT : 0x80070057) (0x80070057)
C:\
Error: (05/31/2015 00:51:59 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Kontext: Windows Anwendung
Details:
Das Datenträgeränderungsjournal wird gelöscht. (HRESULT : 0x8007049a) (0x8007049a)
C:\
Error: (05/27/2015 06:14:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.3.9600.1741554504177combase.dll6.3.9600.17415545044f9c000000500000000000394ca82001d098867f3dee32C:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\combase.dll7be178a6-048b-11e5-828c-e840f2b27750
Error: (05/27/2015 06:13:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NOTEBOOK)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141
Error: (05/27/2015 04:11:32 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Kontext: Windows Anwendung
Details:
Falscher Parameter. (HRESULT : 0x80070057) (0x80070057)
C:\
Error: (05/26/2015 10:17:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NOTEBOOK)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141
Error: (05/26/2015 04:36:57 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Kontext: Windows Anwendung
Details:
Das Datenträgeränderungsjournal wird gelöscht. (HRESULT : 0x8007049a) (0x8007049a)
C:\
Error: (05/25/2015 00:11:28 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Kontext: Windows Anwendung
Details:
Falscher Parameter. (HRESULT : 0x80070057) (0x80070057)
C:\
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2370M CPU @ 2.40GHz
Percentage of memory in use: 50%
Total physical RAM: 3932.36 MB
Available physical RAM: 1927.89 MB
Total Pagefile: 4636.36 MB
Available Pagefile: 2448.58 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.42 GB) (Free:390.74 GB) NTFS
Drive e: (INTENSO) (Removable) (Total:3.67 GB) (Free:3.67 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4E388601)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End of log ============================
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-03 17:39:56
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002f ST9500325AS rev.0001SDM1 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\LPPY~1\AppData\Local\Temp\kxloqpow.sys
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [588:612] fffff9600096a2d0
---- Processes - GMER 2.1 ----
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\python27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568] (Python Core/Python Software Foundation)(2015-06-03 14:51:17) 000000001e000000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\win32api.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:17) 000000001e8c0000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\pywintypes27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:17) 000000001e7a0000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\pythoncom27.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:16) 00000000004a0000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\_socket.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:17) 00000000003c0000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\_ssl.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:17) 0000000010000000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\win32com.shell.shell.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:17) 000000001e800000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\_hashlib.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:17) 0000000002630000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\wx._core_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:17) 0000000002eb0000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\wxbase294u_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568] (wxWidgets for MSW/wxWidgets development team)(2015-06-03 14:51:17) 0000000002fe0000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\wxbase294u_net_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568] (wxWidgets for MSW/wxWidgets development team)(2015-06-03 14:51:17) 0000000000510000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\wxmsw294u_core_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568] (wxWidgets for MSW/wxWidgets development team)(2015-06-03 14:51:17) 00000000031d0000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\wxmsw294u_adv_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568] (wxWidgets for MSW/wxWidgets development team)(2015-06-03 14:51:17) 0000000003670000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\wx._gdi_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:17) 00000000026f0000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\wx._windows_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:17) 0000000003fb0000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\wxmsw294u_html_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568] (wxWidgets for MSW/wxWidgets development team)(2015-06-03 14:51:17) 0000000004080000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\wx._controls_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:17) 0000000004350000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\wx._misc_.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:17) 0000000004460000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\pysqlite2._sqlite.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:17) 0000000004520000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\_elementtree.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:17) 000000001d100000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\pyexpat.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:17) 0000000001fe0000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\_ctypes.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:17) 000000001d1a0000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\win32file.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:17) 000000001ea10000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\win32security.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:17) 000000001ec80000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\hashobjs_ext.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:17) 0000000004120000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\usb_ext.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:17) 0000000004130000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\win32gui.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:17) 000000001ea40000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\win32event.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:17) 000000001e9b0000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\common.time34.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:17) 0000000004140000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\_psutil_windows.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:17) 0000000004150000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\win32inet.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:17) 000000001eaa0000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\win32crypt.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:17) 000000001e980000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\wx._html2.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:17) 0000000004160000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\wxmsw294u_webview_vc90.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568] (wxWidgets for MSW/wxWidgets development team)(2015-06-03 14:51:17) 0000000004190000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\_multiprocessing.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:17) 00000000041b0000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\_yappi.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:17) 00000000055a0000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\win32process.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:17) 000000001ebf0000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\unicodedata.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:17) 00000000055b0000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\wx._wizard.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:16) 0000000005660000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\win32pipe.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:17) 000000001eb90000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\select.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:17) 00000000056a0000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\win32pdh.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:17) 000000001eb60000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\win32profile.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:17) 000000001ec20000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\win32ts.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:17) 000000001ed40000
Library C:\Users\LPPY~1\AppData\Local\Temp\_MEI45522\wx._animate.pyd (*** suspicious ***) @ C:\Program Files (x86)\Google\Drive\googledrivesync.exe [4568](2015-06-03 14:51:16) 00000000056c0000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0xE6 0x58 0xC4 0xEF ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x3B 0x15 0x9B 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0xE6 0x58 0xC4 0xEF ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0x3B 0x15 0x9B 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@de-DE 69
Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\LGD03400_00_07DB_7E^E08609F2DD0CB3AB634D2901C92D6E77@Timestamp 0x1D 0xC7 0xB2 0xF0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 644
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\Windows\SysWOW64\de-DE\ieframe.dll.mui.del??\??\C:\Windows\system32\de-DE\ieframe.dll.mui.del??\??\C:\Users\LPPY~1\AppData\Local\Temp\~nsu.tmp\Au_.exe??\??\C:\Users\LPPY~1\AppData\Local\Temp\~nsu.tmp??
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 3900047
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 880713436
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 71
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 444365992
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 4342
Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID f6c82caf-46b0-4d8d-aff8-3f9d82c
Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@BootCounter 28
Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{86eacdea-95f3-49cf-b2c6-889507e3b35e}@LastProbeTime 1433345220
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{DC53F5D9-BF2E-4BF7-858E-3C5C224605D4}@DefunctTimestamp 0xEB 0x13 0x6F 0x55 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\9c-c7-a6-1a-0b-1d@AddressCreationTimestamp 0xA9 0x91 0x7F 0x0B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?Mi?, ?Jun ?03 ?15, 03:48:22???????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 1844
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 547
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-In v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|Name=@%systemroot%\system32\provsvc.dll,-200|Desc=@%systemroot%\system32\provsvc.dll,-201|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-Out v2.22|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|RPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=p2psvc|Name=@%systemroot%\system32\provsvc.dll,-203|Desc=@%systemroot%\system32\provsvc.dll,-204|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-In v2.22|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\system32\provsvc.dll,-205|Desc=@%systemroot%\system32\provsvc.dll,-206|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-Out v2.22|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|RPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\system32\provsvc.dll,-207|Desc=@%systemroot%\system32\provsvc.dll,-208|EmbedCtxt=@%systemroot%\system32\provsvc.dll,-202|
Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 70
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6FDB5192-C3BE-4E9C-82A8-531302FB2FD6}@LeaseObtainedTime 1433338012
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6FDB5192-C3BE-4E9C-82A8-531302FB2FD6}@T1 1433770012
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6FDB5192-C3BE-4E9C-82A8-531302FB2FD6}@T2 1434094012
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6FDB5192-C3BE-4E9C-82A8-531302FB2FD6}@LeaseTerminatesTime 1434202012
Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer@GlobalAssocChangedCounter 90
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\ShellNew@Classes .bmp?.contact?.jnt?.library-ms?.lnk?.odg?.odp?.ods?.odt?.rar?.rtf?.txt?.zip?Folder?
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsBandwidthBucketCounter 6292
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsRequestBucketCounter 98
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0xC2 0xCF 0xB6 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0xC2 0xCF 0xB6 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@OtherRequestBucketCounter 109
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0xC2 0xCF 0xB6 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalBandwidthBucketCounter 7137
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalRequestBucketCounter 209
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0xC2 0xCF 0xB6 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastUploadTime 0xF9 0xD5 0xF3 0x3F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@RoamingSyncToken LM%3d63568938803163%3bID%3d113E7109255A58D4!102%3bLR%3d63568938805697%3bEP%3d4%3bTD%3dTrue%3bSO%3d0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0xA3 0xD9 0x81 0xF6 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce@Report C:\AdwCleaner\AdwCleaner[S0].txt
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations 3
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Store@LastTileRefresh 0x83 0xA8 0x6E 0x9C ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Store\RefreshBannedAppList@BannedAppsLastModified 0x00 0xA2 0x42 0xCD ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\SHC@3 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk?C:\Program Files (x86)\Google\Chrome\Application\chrome.exe??
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows@UserSelectedDefault 1
---- EOF - GMER 2.1 ----
Vielen Dank schon mal!
MfG |
Hinweis: