| Teronius | 25.11.2014 14:22 |
Sorry... wusste nicht, dass hijackthis nicht mehr interessant ist. :)
Anbei der Scan:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01
Ran by K.Badekow (administrator) on TERO on 25-11-2014 12:09:20
Running from D:\Rapidshare
Loaded Profile: K.Badekow (Available profiles: K.Badekow)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(NCP engineering GmbH) C:\Program Files (x86)\NCP\SecureClient\ncpclcfg.exe
(NCP Engineering GmbH) C:\Program Files (x86)\NCP\SecureClient\ncprwsnt.exe
() C:\Program Files (x86)\NCP\SecureClient\NCPSEC.EXE
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(NCP engineering GmbH) C:\Program Files (x86)\NCP\SecureClient\rwsrsu.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2RPK.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNACBSWK.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
() D:\TortoiseHg\TortoiseHgOverlayServer.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Dropbox, Inc.) C:\Users\K.Badekow\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(NCP engineering GmbH) C:\Program Files (x86)\NCP\SecureClient\NcpBudgetGui.exe
(NCP engineering GmbH) C:\Program Files (x86)\NCP\SecureClient\rwsrsu.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncV1\CoreSync.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17420_none_7b0e278dc2d32999\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
(Mozilla Corporation) C:\Program Files\Firefox\firefox.exe
(AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
(Hewlett Packard) C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [CNAP2 Launcher] => C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [226784 2010-10-14] (CANON INC.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [170496 2013-04-13] (Sun Microsystems, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2864016 2013-11-25] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM\...\Run: [TortoiseHgOverlayIconServer] => D:\TortoiseHg\TortoiseHgOverlayServer.exe [100616 2014-01-15] ()
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM-x32\...\Run: [NcpBudgetGui] => C:\Program Files (x86)\NCP\SecureClient\NcpBudgetGui.exe [1001472 2013-01-07] (NCP engineering GmbH)
HKLM-x32\...\Run: [NcpPopup] => C:\Program Files (x86)\NCP\SecureClient\ncppopup.exe [1011280 2012-03-20] (NCP engineering GmbH)
HKLM-x32\...\Run: [NcpRsuGui] => C:\Program Files (x86)\NCP\SecureClient\rwsrsu.exe [883792 2011-08-22] (NCP engineering GmbH)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480 2014-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3060248 2014-11-06] ()
HKU\S-1-5-21-759156193-1707623112-1547535671-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3481408 2012-02-13] (DT Soft Ltd)
HKU\S-1-5-21-759156193-1707623112-1547535671-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-759156193-1707623112-1547535671-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
HKU\S-1-5-21-759156193-1707623112-1547535671-1000\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-759156193-1707623112-1547535671-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-759156193-1707623112-1547535671-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-759156193-1707623112-1547535671-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
Startup: C:\Users\K.Badekow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\K.Badekow\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-759156193-1707623112-1547535671-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-759156193-1707623112-1547535671-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-759156193-1707623112-1547535671-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x53246B22CEECCC01
HKU\S-1-5-21-759156193-1707623112-1547535671-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-759156193-1707623112-1547535671-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-759156193-1707623112-1547535671-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={19352242-9A0B-43B9-B169-C6DF790F28FB}&mid=ea3fc1a64eed47d18e300d47e7f49ccd-2d42fc4f48a84f92cb06f751ade4291ec27b52b1&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-06 12:38:12&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: ICQ Sparberater -> {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} -> C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.0.0.19\AVG Web TuneUp.dll (AVG)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: FlowSurf -> {E3F1CA13-EA0E-4617-8D03-3EAA6A94A7E0} -> C:\Program Files (x86)\Flowsurf\FlowSurf.dll (FlowSurf Inc.)
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.10\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog9 01 C:\Windows\system32\abengine.dll File Not found ()
Winsock: Catalog9 02 C:\Windows\system32\abengine.dll File Not found ()
Winsock: Catalog9 03 C:\Windows\system32\abengine.dll File Not found ()
Winsock: Catalog9 04 C:\Windows\system32\abengine.dll File Not found ()
Winsock: Catalog9 15 C:\Windows\system32\abengine.dll File Not found ()
Winsock: Catalog9-x64 01 C:\Windows\system32\abengine64.dll [370584] (Abengine)
Winsock: Catalog9-x64 02 C:\Windows\system32\abengine64.dll [370584] (Abengine)
Winsock: Catalog9-x64 03 C:\Windows\system32\abengine64.dll [370584] (Abengine)
Winsock: Catalog9-x64 04 C:\Windows\system32\abengine64.dll [370584] (Abengine)
Winsock: Catalog9-x64 15 C:\Windows\system32\abengine64.dll [370584] (Abengine)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\K.Badekow\AppData\Roaming\Mozilla\Firefox\Profiles\vmhd2vpj.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.10\\npsitesafety.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin-x32: @rim.com/npappworld -> C:\Program Files (x86)\Research In Motion Limited\Browser-Plug-In für BlackBerry App World\npappworld.dll ()
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-759156193-1707623112-1547535671-1000: amazon.com/AmazonMP3DownloaderPlugin -> d:\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\K.Badekow\AppData\Roaming\Mozilla\Firefox\Profiles\vmhd2vpj.default\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
FF Extension: Flash Video Downloader - Full HD Download - C:\Users\K.Badekow\AppData\Roaming\Mozilla\Firefox\Profiles\vmhd2vpj.default\Extensions\artur.dubovoy@gmail.com [2014-11-12]
FF Extension: AVG Web TuneUp - C:\Users\K.Badekow\AppData\Roaming\Mozilla\Firefox\Profiles\vmhd2vpj.default\Extensions\avg@toolbar [2014-11-06]
FF Extension: Cliqz Beta - C:\Users\K.Badekow\AppData\Roaming\Mozilla\Firefox\Profiles\vmhd2vpj.default\Extensions\cliqz@cliqz.com [2014-11-25]
FF Extension: WOT - C:\Users\K.Badekow\AppData\Roaming\Mozilla\Firefox\Profiles\vmhd2vpj.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27]
FF Extension: Adblock Plus - C:\Users\K.Badekow\AppData\Roaming\Mozilla\Firefox\Profiles\vmhd2vpj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-06]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-03-25]
FF HKLM-x32\...\Firefox\Extensions: [jid1-tofUlNEIFlkUIA@jetpack] - C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack
FF Extension: FlowSurf - C:\Program Files (x86)\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack [2014-08-25]
FF HKU\S-1-5-21-759156193-1707623112-1547535671-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\K.Badekow\AppData\Roaming\Mozilla\Firefox\Profiles\vmhd2vpj.default\extensions\cliqz@cliqz.com
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Firefox\firefox.exe
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-07]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-02-16] ()
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2010-10-27] (Hewlett-Packard Company) [File not signed]
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [162816 2011-07-08] (HP) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S2 InjectorService; C:\Program Files (x86)\Flowsurf\ijs.exe [163840 2014-11-14] () [File not signed]
S2 Lexware_Professional_Datenbank; C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2008-07-02] (iAnywhere Solutions, Inc.)
R2 ncpclcfg; C:\Program Files (x86)\NCP\SecureClient\ncpclcfg.exe [139896 2012-07-12] (NCP engineering GmbH)
R2 ncprwsnt; C:\Program Files (x86)\NCP\SecureClient\ncprwsnt.exe [1650736 2013-01-16] (NCP Engineering GmbH)
R2 NcpSec; C:\Program Files (x86)\NCP\SecureClient\NCPSEC.EXE [119808 2011-04-21] () [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [96184 2013-12-09] (Overwolf)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 rwsrsu; C:\Program Files (x86)\NCP\SecureClient\rwsrsu.exe [883792 2011-08-22] (NCP engineering GmbH)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [1249064 2011-07-29] ()
S2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [79872 2012-04-30] (VMware, Inc.) [File not signed]
R2 vToolbarUpdater18.1.10; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe [1849368 2014-11-06] (AVG Secure Search)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [263960 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-11-06] (AVG Technologies)
S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20552 2010-09-06] (Devguru Co., Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-17] (DT Soft Ltd)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [75888 2010-09-27] (Atheros Communications, Inc.)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 ncpfilt; C:\Windows\System32\DRIVERS\ncplelhp.sys [102800 2013-01-16] (NCP Engineering GmbH)
R3 ncplelhp; C:\Windows\System32\DRIVERS\ncplelhp.sys [102800 2013-01-16] (NCP Engineering GmbH)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-25 12:09 - 2014-11-25 12:09 - 00000000 ____D () C:\FRST
2014-11-25 11:51 - 2014-11-25 11:51 - 00016693 _____ () C:\Users\K.Badekow\Desktop\hijackthis.log
2014-11-25 11:50 - 2014-11-25 11:50 - 00000000 ____D () C:\Users\K.Badekow\AppData\Roaming\Cliqz
2014-11-25 11:50 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll
2014-11-25 11:50 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll
2014-11-25 11:29 - 2014-11-25 11:32 - 00000000 ____D () C:\Program Files\Firefox
2014-11-25 11:29 - 2014-11-25 11:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-25 11:29 - 2014-11-25 11:29 - 00000906 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk
2014-11-25 11:29 - 2014-11-25 11:29 - 00000894 _____ () C:\Users\Public\Desktop\Nightly.lnk
2014-11-25 10:32 - 2014-11-25 10:32 - 00055160 _____ () C:\Users\K.Badekow\Desktop\bookmarks-2014-11-25.json
2014-11-20 09:59 - 2014-11-25 10:02 - 00004344 _____ () C:\Windows\SysWOW64\abengine.ini
2014-11-20 09:59 - 2014-11-25 10:02 - 00002336 _____ () C:\Windows\SysWOW64\abengineOff.ini
2014-11-20 09:59 - 2014-11-25 10:02 - 00002336 _____ () C:\Windows\system32\abengineOff.ini
2014-11-20 09:57 - 2014-11-14 11:37 - 00370584 _____ (Abengine) C:\Windows\system32\abengine64.dll
2014-11-20 09:56 - 2014-11-20 09:56 - 00003092 _____ () C:\Windows\System32\Tasks\upfs7214
2014-11-19 18:13 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 18:13 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 18:13 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 18:13 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-14 19:26 - 2014-11-14 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-11-12 12:19 - 2014-11-12 12:19 - 00000000 __SHD () C:\Users\K.Badekow\AppData\Local\EmieBrowserModeList
2014-11-12 08:48 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 08:48 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 08:48 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 08:48 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 08:48 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 08:48 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 08:48 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 08:47 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 08:47 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 08:47 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 08:47 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 08:47 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 08:47 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 08:47 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 08:47 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 08:47 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 08:47 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 08:47 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 08:47 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 08:47 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 08:47 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 08:47 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 08:47 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 08:47 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 08:47 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 08:47 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 08:47 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 08:47 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 08:47 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 08:47 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 08:47 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 08:47 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 08:47 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 08:47 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 08:47 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 08:47 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 08:47 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 08:47 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 08:47 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 08:47 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 08:47 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 08:47 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 08:47 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 08:47 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 08:47 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 08:47 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 08:47 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 08:47 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 08:47 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 08:47 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 08:47 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 08:47 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 08:47 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 08:47 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 08:47 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 08:47 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 08:47 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 08:47 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 08:47 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 08:47 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 08:47 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 08:47 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 08:47 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 08:47 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 08:47 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 08:47 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 08:47 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 08:47 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 08:47 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 08:47 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 08:47 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 08:47 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 08:47 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 08:47 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 08:47 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 08:47 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 08:46 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 08:46 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 08:46 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 08:46 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 08:46 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 08:46 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 08:46 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 08:46 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 08:46 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 08:46 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 08:46 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 08:46 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 08:46 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 08:46 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 08:46 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 08:46 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 08:46 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 08:46 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 08:46 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 08:46 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 08:46 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 08:45 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 08:45 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 08:45 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 08:45 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 13:31 - 2014-11-25 10:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-06 12:39 - 2014-11-06 16:38 - 00000000 ____D () C:\Users\K.Badekow\AppData\Local\AVG Web TuneUp
2014-11-06 12:38 - 2014-11-07 09:06 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-11-06 12:38 - 2014-11-06 12:38 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-11-06 12:38 - 2014-11-06 12:37 - 00050976 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-11-06 12:37 - 2014-11-06 12:38 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-11-06 12:37 - 2014-11-06 12:37 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-11-03 20:57 - 2014-11-03 20:57 - 00000346 _____ () C:\Users\K.Badekow\Desktop\Parsec.appref-ms
2014-11-03 20:57 - 2014-11-03 20:57 - 00000000 ____D () C:\Users\K.Badekow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Parsec
2014-10-29 21:35 - 2014-10-29 21:35 - 00263960 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-25 11:42 - 2014-07-05 10:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-25 11:42 - 2014-01-28 14:44 - 00000000 ____D () C:\Users\K.Badekow\Documents\Outlook-Dateien
2014-11-25 11:42 - 2013-07-06 09:36 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-25 11:42 - 2013-07-06 09:36 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-11-25 11:17 - 2012-08-04 08:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-25 11:04 - 2014-09-19 17:54 - 00000000 ____D () C:\Users\K.Badekow\AppData\Local\7428034F-DCA0-4944-88AE-314CC1A10B5F.aplzod
2014-11-25 10:48 - 2012-02-16 09:29 - 01307993 _____ () C:\Windows\WindowsUpdate.log
2014-11-25 10:45 - 2012-02-16 20:41 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-25 10:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-25 10:36 - 2014-01-16 15:45 - 00005072 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Tero-K.Badekow Tero
2014-11-25 10:31 - 2012-02-16 18:36 - 00210432 ___SH () C:\Users\K.Badekow\Thumbs.db
2014-11-25 10:22 - 2012-02-19 12:20 - 00000000 ____D () C:\Users\K.Badekow\AppData\Local\Adobe
2014-11-25 10:20 - 2009-07-14 05:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-25 10:20 - 2009-07-14 05:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-25 10:17 - 2013-09-04 22:11 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-11-25 10:13 - 2014-09-19 17:53 - 00000000 ___RD () C:\Users\K.Badekow\iCloudDrive
2014-11-25 10:13 - 2014-08-25 12:02 - 00000000 ____D () C:\Program Files (x86)\Flowsurf
2014-11-25 10:13 - 2014-02-02 15:39 - 00000000 ____D () C:\Users\K.Badekow\AppData\Roaming\TortoiseHg
2014-11-25 10:13 - 2013-01-19 14:23 - 00000432 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-11-25 10:12 - 2013-05-02 22:57 - 00000334 _____ () C:\Windows\Tasks\GlaryInitialize.job
2014-11-25 10:12 - 2012-05-17 11:45 - 00000000 ____D () C:\ProgramData\VMware
2014-11-25 10:12 - 2012-01-10 20:14 - 00202881 _____ () C:\Windows\setupact.log
2014-11-25 10:12 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-25 10:03 - 2014-10-19 11:49 - 00000000 ____D () C:\ProgramData\AVG2015
2014-11-24 16:52 - 2012-02-17 02:00 - 00000000 ____D () C:\Users\K.Badekow\AppData\Roaming\vlc
2014-11-24 16:32 - 2011-04-12 08:43 - 00713452 _____ () C:\Windows\system32\perfh007.dat
2014-11-24 16:32 - 2011-04-12 08:43 - 00156276 _____ () C:\Windows\system32\perfc007.dat
2014-11-24 16:32 - 2009-07-14 06:13 - 01660004 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-24 16:24 - 2013-11-25 22:31 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8280EA0E-0F88-43E2-9072-272E34862A3D}
2014-11-24 15:37 - 2013-11-14 19:03 - 00000000 ____D () C:\Users\K.Badekow\AppData\Roaming\mIRC
2014-11-24 12:42 - 2013-04-18 17:37 - 00000000 ____D () C:\Users\K.Badekow\Documents\Handelsgesellschaft Badekow
2014-11-24 11:17 - 2013-02-01 11:09 - 00000000 ____D () C:\Users\K.Badekow\AppData\Roaming\Dropbox
2014-11-22 12:57 - 2014-09-23 07:49 - 00003844 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1394136270
2014-11-21 22:40 - 2012-03-02 13:22 - 00000000 ____D () C:\Users\K.Badekow\AppData\Local\Deployment
2014-11-18 09:16 - 2014-08-25 12:02 - 00000002 _____ () C:\END
2014-11-17 13:44 - 2013-01-27 15:14 - 00000000 ____D () C:\Users\K.Badekow\AppData\Roaming\FileZilla
2014-11-15 12:31 - 2013-02-01 11:10 - 00000000 ____D () C:\Users\K.Badekow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-14 11:17 - 2013-07-28 10:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-14 11:16 - 2014-05-16 10:43 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-11-14 09:50 - 2014-03-31 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-11-13 16:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 15:18 - 2012-08-04 08:40 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-13 15:18 - 2012-04-05 21:04 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-13 15:18 - 2012-02-16 19:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-13 15:17 - 2012-06-09 18:01 - 00000000 ___HD () C:\$AVG
2014-11-12 11:36 - 2009-07-14 05:45 - 05178144 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 11:33 - 2014-05-06 13:13 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 09:22 - 2009-07-14 03:34 - 00000521 _____ () C:\Windows\win.ini
2014-11-12 09:20 - 2013-08-07 16:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 09:16 - 2012-01-10 19:35 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 14:00 - 2013-01-19 13:40 - 00000000 ____D () C:\Users\K.Badekow\AppData\Roaming\MyPhoneExplorer
2014-11-05 12:25 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-05 09:48 - 2010-11-21 04:47 - 00191984 _____ () C:\Windows\PFRO.log
2014-11-04 15:27 - 2013-01-27 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
Some content of TEMP:
====================
C:\Users\K.Badekow\AppData\Local\Temp\CNC4LauncherUpdate.exe
C:\Users\K.Badekow\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\K.Badekow\AppData\Local\Temp\CreativeCloudSet-Up.exe
C:\Users\K.Badekow\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptwaxwk.dll
C:\Users\K.Badekow\AppData\Local\Temp\Execute2App.exe
C:\Users\K.Badekow\AppData\Local\Temp\i4jdel0.exe
C:\Users\K.Badekow\AppData\Local\Temp\installerdll4266502.dll
C:\Users\K.Badekow\AppData\Local\Temp\installerdll4290355.dll
C:\Users\K.Badekow\AppData\Local\Temp\jna2428357484831053192.dll
C:\Users\K.Badekow\AppData\Local\Temp\jna4198320339015992262.dll
C:\Users\K.Badekow\AppData\Local\Temp\jna7449248546983340830.dll
C:\Users\K.Badekow\AppData\Local\Temp\jna787993705743715912.dll
C:\Users\K.Badekow\AppData\Local\Temp\jna8886992415486388138.dll
C:\Users\K.Badekow\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\K.Badekow\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\K.Badekow\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\K.Badekow\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\K.Badekow\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\K.Badekow\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\K.Badekow\AppData\Local\Temp\mirc732.exe
C:\Users\K.Badekow\AppData\Local\Temp\msvcp90.dll
C:\Users\K.Badekow\AppData\Local\Temp\msvcr90.dll
C:\Users\K.Badekow\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\K.Badekow\AppData\Local\Temp\rootsupd.exe
C:\Users\K.Badekow\AppData\Local\Temp\SAV2RemoveAll.exe
C:\Users\K.Badekow\AppData\Local\Temp\Setup.exe
C:\Users\K.Badekow\AppData\Local\Temp\sqlite3.exe
C:\Users\K.Badekow\AppData\Local\Temp\vcredist_x64.exe
C:\Users\K.Badekow\AppData\Local\Temp\vcredist_x86.exe
C:\Users\K.Badekow\AppData\Local\Temp\vlc-2.1.2-win64.exe
C:\Users\K.Badekow\AppData\Local\Temp\vlc-2.1.3-win64.exe
C:\Users\K.Badekow\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-16 16:57
==================== End Of Log ============================
--- --- ---
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014 01
Ran by K.Badekow at 2014-11-25 12:10:16
Running from D:\Rapidshare
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: NCP Secure Entry Client (Disabled) {2E93E888-9DAC-5065-8626-9C7F7A0820C2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ActiveState ActivePython 2.7.5.6 (64-bit) (HKLM\...\{DA4A4980-4534-451A-88AA-9F65AF3C4019}) (Version: 2.7.6 - ActiveState Software Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.5.1.369 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe InDesign CS6 (HKLM-x32\...\{CFB770D7-8D43-1014-922B-CC2715FADE3F}) (Version: 8.0.2.413 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4 64-bit (HKLM\...\{669A82E0-43E2-4645-8A2E-1A3DE78F8312}) (Version: 4.0.1 - Adobe)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1338, 31.01.2014 - AIMP DevTeam)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{08D35D3C-C4F7-09FB-0F89-F680A1CCD3A3}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avery Wizard 5.0 (HKLM\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4223 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.0.0.19 - AVG Technologies)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Bandicam (HKLM-x32\...\Bandicam) (Version: 1.8.6.321 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.32 - Research in Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.32 - Research in Motion Ltd.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Browser-Plug-In für BlackBerry App World (HKLM-x32\...\{CAED5360-80DD-4B57-B470-5F1F6E536118}) (Version: 4.2.1.8 - Research In Motion Limited)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon LBP7010C/7018C (HKLM\...\Canon LBP7010C/7018C) (Version: - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
CanoScan LiDE 110 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414) (Version: - Canon Inc.)
CentrED 0.6.3 (HKLM-x32\...\{77BCACC0-C2D9-470D-858F-A3D94A5F27A5}_is1) (Version: 0.6.3 - AKS DataBasis)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.31 - Cliqz.com)
Command & Conquer™ 4 Tiberian Twilight (HKLM-x32\...\{82696435-8572-4D8B-A230-D1AA567D0F0F}) (Version: 1.0.0.0 - Electronic Arts)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)
Curse Client (HKU\S-1-5-21-759156193-1707623112-1547535671-1000\...\090215de958f1060) (Version: 4.0.1.260 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.3.0297 - DT Soft Ltd)
dakota.ag (HKLM-x32\...\{FF748561-FFFE-11D3-A06B-00E02939A7B1}) (Version: 5.0.0.0 - ITSG)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.24 - DivX, LLC)
DragonCastle (HKLM-x32\...\{2E1E6B53-1962-43C3-88C6-DCC2DC8AB91E}_is1) (Version: 1.0 - AKS DataBasis)
Dropbox (HKU\S-1-5-21-759156193-1707623112-1547535671-1000\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
ETDWare PS/2-X64 11.6.2.1_WHQL (HKLM\...\Elantech) (Version: 11.6.2.1 - ELAN Microelectronic Corp.)
FileZilla Client 3.9.0.5 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
FLAC To MP3 V4.0.4 (HKLM-x32\...\FLAC To MP3_is1) (Version: - FLAC To MP3, Inc.)
Flowsurf (HKLM-x32\...\Flowsurf) (Version: 3.0.0.2 - Flowsurf) <==== ATTENTION
Free FLV Converter V 7.5.0 (HKLM-x32\...\Free FLV Converter_is1) (Version: 7.5.0.0 - Koyote Soft)
Free Video Dub version 2.0.21.827 (HKLM-x32\...\Free Video Dub_is1) (Version: 2.0.21.827 - DVDVideoSoft Ltd.)
Glary Utilities 2.55.0.1790 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.55.0.1790 - Glarysoft Ltd)
Guard.ICQ (HKLM-x32\...\Guard.Mail.ru) (Version: - Mail.ru) <==== ATTENTION
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP LJ300-400 color MFP M375-M475 (HKLM-x32\...\{9D1DE902-8058-4555-A16A-FBFAA49587DB}) (Version: - Hewlett-Packard)
HP LJ300-400 color MFP M375-M475 Fax (HKLM-x32\...\{F284FAB3-7B91-499F-856A-1A8BF7649D8D}) (Version: 24.0.0.0 - Hewlett-Packard Co.)
HP Officejet 6700 - Grundlegende Software für das Gerät (HKLM\...\{9086D601-50B7-491D-A143-28193DADE36B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Hilfe (HKLM-x32\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
hpbDSService (x32 Version: 001.001.05133 - Hewlett-Packard) Hidden
hpbM375M475DSService (x32 Version: 001.001.05164 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPLaserJet300-400ColorM375-M475Series_HelpLearnCenter_SI (HKLM-x32\...\{72A474E0-5AA3-4EDD-8FAA-D87CB2FD0654}) (Version: 1.01.0000 - Hewlett-Packard)
HPLJDXPHelper (x32 Version: 020.021.004 - HP) Hidden
HPLJUTCore (x32 Version: 1.02.0014 - HP) Hidden
HPLJUTM375-M475 (x32 Version: 1.02.0013 - HP) Hidden
hppFaxDrvM375M475 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 009.022.00806 - Hewlett-Packard) Hidden
hppM375_M475LaserJetService (x32 Version: 005.020.00094 - Hewlett-Packard) Hidden
hppSendFaxM375M475 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden
hppToolboxProxyM375 (x32 Version: 020.021.004 - HP) Hidden
hpStatusAlerts (x32 Version: 020.025.1119 - Hewlett Packard) Hidden
hpStatusAlertsM375_M475 (x32 Version: 020.023.01805 - Hewlett-Packard) Hidden
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.0.1.001 - HTC Corporation)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
ICQ 8.2 (build 6870) (HKU\S-1-5-21-759156193-1707623112-1547535671-1000\...\ICQ) (Version: 8.2.6870.0 - Mail.Ru)
ICQ Sparberater (HKLM-x32\...\{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}) (Version: 1.3.671 - solute gmbh)
ICQ7.7 (HKLM-x32\...\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}) (Version: 7.7 - ICQ)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
InstanceFinder (x32 Version: 020.021.004 - HP) Hidden
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java(TM) 6 Update 13 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416013FF}) (Version: 6.0.130 - Sun Microsystems, Inc.)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lexware Admintools Pro (HKLM-x32\...\{A5BBEA9D-19EE-434A-880C-136340A8A45B}) (Version: 11.50.00.0135 - Haufe-Lexware GmbH & Co.KG)
Lexware financial office pro 2011 (HKLM-x32\...\{3C02FF2E-1559-49A4-842D-A91BE02E17C6}) (Version: 11.63.00.0283 - Haufe-Lexware GmbH & Co.KG)
Lexware financial office pro 2011 (x32 Version: 11.50.00.0235 - ) Hidden
Lexware Info Service (HKLM-x32\...\{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}) (Version: 2.70.00.0081 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (HKLM-x32\...\{89196F9A-2E0B-4197-A3DF-6EF78731EB35}) (Version: 11.00.00.0039 - Haufe-Lexware GmbH & Co.KG)
Lexware professional Datenbank 2011 (HKLM-x32\...\{92A9A692-E26D-4CC1-B2D3-0674963241D8}) (Version: 11.50.00.0148 - Haufe-Lexware GmbH & Co.KG)
LJDXPHelperUI (x32 Version: 020.021.004 - HP) Hidden
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software-Treiberpaket (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Minicontrol 3.1.6 (HKLM-x32\...\9356-3409-2235-7426) (Version: 3.1.6 - LucaNet AG)
mIRC (HKLM-x32\...\mIRC) (Version: 7.32 - mIRC Co. Ltd.)
MKV Converter Studio V2.5.4 (HKLM-x32\...\{D7AC932D-297F-46C8-9834-FA23854CC150}_is1) (Version: 2.5.4 - Apowersoft)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0a1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MulEditor 0.6.8 (HKLM-x32\...\MulEditor_is1) (Version: - AKS DataBasis)
MyFreeCodec (HKU\S-1-5-21-759156193-1707623112-1547535671-1000\...\MyFreeCodec) (Version: - )
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
NCP Secure Entry Client (HKLM-x32\...\NCP RWS/GA) (Version: 9.31 Build 104 - NCP engineering GmbH)
Nero 7 Premium (HKLM-x32\...\{D4D94DB1-EBC3-4E64-8D96-C4FDB1B51031}) (Version: 7.01.4068 - Nero AG)
Nexon Game Manager (HKLM-x32\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version: - )
Nightly 36.0a1 (x64 en-US) (HKLM\...\Nightly 36.0a1 (x64 en-US)) (Version: 36.0a1 - Mozilla)
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Opera Stable 26.0.1656.24 (HKLM-x32\...\Opera 26.0.1656.24) (Version: 26.0.1656.24 - Opera Software ASA)
Oracle VM VirtualBox 4.2.6 (HKLM\...\{A8A0B1C1-FBC7-4790-8E26-9DA1A6A95452}) (Version: 4.2.6 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
OutlookAddInNet3Setup (HKLM-x32\...\{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}) (Version: 1.0.0 - Samsung)
Overwolf (HKLM-x32\...\{030F4BB3-F3C3-4A74-905C-44672D1ECB76}) (Version: 0.47.284 - Overwolf)
Parsec (HKU\S-1-5-21-759156193-1707623112-1547535671-1000\...\a53dc3b81e52c50e) (Version: 1.0.0.50 - Parsec)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 5.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.5.0 - Frank Heindörfer, Philip Chinery)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu)
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.90.1 - PS3 Media Server)
Python 2.7 pycrypto-2.6 (HKU\S-1-5-21-759156193-1707623112-1547535671-1000\...\pycrypto-py2.7) (Version: - )
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14024.11 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14024.11 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Hidden
SharpDevelop 4.4 (HKLM-x32\...\{814E4191-A98A-4CDF-99AE-E6D6BACEA22F}) (Version: 4.4.9729 - ic#code)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.6 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)
TextPad 7 (HKLM-x32\...\{9F53AC20-2D32-4341-9DA1-29DD40E2199E}) (Version: 7.0.4 - Helios)
ToolboxProxy (x32 Version: 020.023.005 - HP) Hidden
TortoiseHg 2.10.2 (x64) (HKLM\...\{30C04FA2-B745-4318-B0D1-D35C7F2A096D}) (Version: 2.10.2 - Steve Borho and others)
TVersity Codec Pack 1.7 (HKLM-x32\...\TVersity Codec Pack) (Version: 1.7 - TVersity Inc.)
TVersity Media Server 1.9.7 (HKLM-x32\...\TVersity Media Server) (Version: 1.9.7 - TVersity)
Ultima Online: Mondain's Legacy (HKLM-x32\...\{DF7B213D-2065-41ED-BB51-7A3EED31EA7B}) (Version: 1.00.0000 - EA Games)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
UO Curse (HKLM-x32\...\ST6UNST #1) (Version: - )
Vampire Editor (HKLM-x32\...\Vampire Editor) (Version: - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vistaprint Fotobücher (HKU\S-1-5-21-759156193-1707623112-1547535671-1000\...\{BA786D68-3AD8-42DC-8BE1-9E09B4737A27}_is1) (Version: - Vistaprint)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
VmciSockets (Version: 9.1.54.1 - VMware, Inc.) Hidden
VMware Player (HKLM-x32\...\VMware_Player) (Version: 4.0.3.29699 - VMware, Inc)
VMware Player (x32 Version: 4.0.3.29699 - VMware, Inc.) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-759156193-1707623112-1547535671-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\K.Badekow\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-759156193-1707623112-1547535671-1000_Classes\CLSID\{0207CA76-8233-4478-9A40-607AC304C435}\InprocServer32 -> C:\Users\K.Badekow\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-759156193-1707623112-1547535671-1000_Classes\CLSID\{07d5676e-1b94-4f30-a190-23fff30d5412}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-759156193-1707623112-1547535671-1000_Classes\CLSID\{2BB2DE4F-FCDF-46F2-9723-5B1959E1BDE0}\InprocServer32 -> C:\Users\K.Badekow\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-759156193-1707623112-1547535671-1000_Classes\CLSID\{8A791F0C-C63C-4EC5-B97F-FBCE74EDBC54}\InprocServer32 -> C:\Program Files (x86)\TextPad 7\System\shellext64.dll (Helios Software Solutions)
CustomCLSID: HKU\S-1-5-21-759156193-1707623112-1547535671-1000_Classes\CLSID\{95775FC2-FFFA-4432-A4BC-352AB1A84581}\InprocServer32 -> C:\Users\K.Badekow\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-759156193-1707623112-1547535671-1000_Classes\CLSID\{b5eedee0-c06e-11cf-8c56-444553540000}\InprocServer32 -> C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ue64ctmn.dll No File
CustomCLSID: HKU\S-1-5-21-759156193-1707623112-1547535671-1000_Classes\CLSID\{BE892433-7479-4231-AB95-A313BDA3D409}\InprocServer32 -> C:\Users\K.Badekow\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-759156193-1707623112-1547535671-1000_Classes\CLSID\{D0E9EEAE-9AC7-4204-BA07-B72DD6077E82}\InprocServer32 -> C:\Users\K.Badekow\AppData\Roaming\Avery\Avery Wizard 5.0\AvWizRes.dll (Avery Products Corporation. Envel Informationssysteme GmbH.)
CustomCLSID: HKU\S-1-5-21-759156193-1707623112-1547535671-1000_Classes\CLSID\{D2776BCC-5F09-4068-B4E2-7EE1202F95CF}\InprocServer32 -> C:\Users\K.Badekow\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-759156193-1707623112-1547535671-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\K.Badekow\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-759156193-1707623112-1547535671-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\K.Badekow\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-759156193-1707623112-1547535671-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\K.Badekow\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-759156193-1707623112-1547535671-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\K.Badekow\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-759156193-1707623112-1547535671-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\K.Badekow\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-759156193-1707623112-1547535671-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\K.Badekow\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-759156193-1707623112-1547535671-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\K.Badekow\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-759156193-1707623112-1547535671-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\K.Badekow\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
04-11-2014 11:55:20 Geplanter Prüfpunkt
12-11-2014 08:13:40 Windows Update
14-11-2014 10:13:58 Windows Update
19-11-2014 19:34:23 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-05-18 20:42 - 2013-11-13 16:44 - 00000028 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {01A8CC42-1387-4DB2-AAC2-BFFE7B7E32FE} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {07889AFA-F1C7-45FD-A3AD-7101878D5AFD} - System32\Tasks\fsupdate => C:\Program Files (x86)\Flowsurf\fsupd.exe [2014-04-15] () <==== ATTENTION
Task: {1D98A8E4-0B18-4424-A890-D4E8E24A3464} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {1E40C025-6463-4839-9219-54E13FFA3939} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {26C17F85-D253-4EE9-A62A-421C99D6960E} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2013-04-28] (Glarysoft Ltd)
Task: {4C7DBE01-C709-43E8-915F-4DF94EF1F3C2} - System32\Tasks\Opera scheduled Autoupdate 1394136270 => C:\Program Files (x86)\Opera\launcher.exe [2014-11-20] (Opera Software)
Task: {598130FF-FCD7-4044-8A8E-03E4F96274F0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-13] (Adobe Systems Incorporated)
Task: {5AD4C507-21E9-443E-A382-6E1F31E5DDE0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6C6691BC-A061-431A-B348-AF87769D1B9F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Tero-K.Badekow Tero => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {88D1C6E8-3AE4-41C1-86E5-219E0E13DCB8} - System32\Tasks\0814avUpdateInfo => C:\ProgramData\Avg_Update_0814av\0814av_AVG-Secure-Search-Update.exe [2014-08-12] ()
Task: {C346CC57-C495-47E4-A110-5A3A71189DE6} - System32\Tasks\AdobeAAMUpdater-1.0-Tero-K.Badekow => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {CF18A803-7192-4715-8B79-35DA37879A7A} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2011-05-03] (Hewlett Packard)
Task: {E11389DE-B551-44AC-B944-68F1BE9C23BA} - System32\Tasks\upfs7214 => C:\PROGRA~2\Flowsurf\upfs7214.exe
Task: {EF96AFD2-F5F9-4BA7-B5FF-E7D1F1B859F2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {F0DD50B4-07AF-4B52-81F4-9F5D731E4C86} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\0814avUpdateInfo.job => C:\ProgramData\Avg_Update_0814av\0814av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
==================== Loaded Modules (whitelisted) =============
2012-02-16 21:06 - 2012-02-16 21:06 - 01564368 _____ () C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
2013-04-17 16:20 - 2010-04-05 20:55 - 00116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2013-04-27 11:37 - 2012-04-26 09:03 - 01409024 _____ () C:\Program Files (x86)\NCP\SecureClient\x64\libeay32.dll
2013-04-27 11:37 - 2011-10-12 14:43 - 00165888 _____ () C:\Program Files (x86)\NCP\SecureClient\x64\ncpbudget2008.dll
2013-04-27 11:37 - 2013-01-16 11:39 - 00102912 _____ () C:\Program Files (x86)\NCP\SecureClient\x64\ncpmif32.dll
2013-04-27 11:37 - 2011-04-21 06:11 - 00119808 _____ () C:\Program Files (x86)\NCP\SecureClient\NCPSEC.EXE
2014-09-15 09:01 - 2012-12-07 16:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-03-20 11:24 - 2014-03-20 11:24 - 00667808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () d:\FileZilla FTP Client\fzshellext_64.dll
2014-01-15 00:13 - 2014-01-15 00:13 - 00100616 _____ () D:\TortoiseHg\TortoiseHgOverlayServer.exe
2012-10-27 08:28 - 2012-10-27 08:28 - 00128512 _____ () D:\TortoiseHg\win32api.pyd
2012-10-27 08:27 - 2012-10-27 08:27 - 00137728 _____ () D:\TortoiseHg\pywintypes27.dll
2012-10-27 08:28 - 2012-10-27 08:28 - 00223232 _____ () D:\TortoiseHg\win32gui.pyd
2012-10-27 08:27 - 2012-10-27 08:27 - 00027648 _____ () D:\TortoiseHg\win32pipe.pyd
2012-10-27 08:27 - 2012-10-27 08:27 - 00023040 _____ () D:\TortoiseHg\win32event.pyd
2012-10-27 08:27 - 2012-10-27 08:27 - 00149504 _____ () D:\TortoiseHg\win32file.pyd
2012-10-27 08:28 - 2012-10-27 08:28 - 00136192 _____ () D:\TortoiseHg\win32security.pyd
2013-11-10 19:24 - 2013-11-10 19:24 - 00111616 _____ () D:\TortoiseHg\_ctypes.pyd
2014-01-15 00:11 - 2014-01-15 00:11 - 00010752 _____ () D:\TortoiseHg\mercurial.osutil.pyd
2012-10-27 08:27 - 2012-10-27 08:27 - 00044032 _____ () D:\TortoiseHg\win32process.pyd
2012-10-27 08:29 - 2012-10-27 08:29 - 00503808 _____ () D:\TortoiseHg\pythoncom27.dll
2012-10-27 08:31 - 2012-10-27 08:31 - 00438784 _____ () D:\TortoiseHg\win32com.shell.shell.pyd
2014-11-06 12:37 - 2014-11-06 12:37 - 03060248 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2014-02-18 17:03 - 2014-02-18 17:03 - 04697968 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncV1\CoreSync.exe
2014-11-25 11:29 - 2014-10-13 19:55 - 05222056 _____ () C:\Program Files\Firefox\mozjs.dll
2013-04-27 11:37 - 2013-01-16 11:47 - 00092672 _____ () C:\Program Files (x86)\NCP\SecureClient\ncpmif32.dll
2013-04-27 11:37 - 2013-01-14 08:09 - 01757184 _____ () C:\Program Files (x86)\NCP\SecureClient\ncpgacc.dll
2013-04-27 11:37 - 2011-08-19 11:24 - 00964608 _____ () C:\Program Files (x86)\NCP\SecureClient\rsussl.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-25 10:15 - 2014-11-25 10:15 - 00043008 _____ () c:\users\kf919~1.bad\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptwaxwk.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\K.Badekow\AppData\Roaming\Dropbox\bin\libcef.dll
2013-04-27 11:37 - 2002-06-28 09:16 - 00151552 _____ () C:\Program Files (x86)\NCP\SecureClient\ncpcfg.dll
2013-04-27 11:37 - 2012-11-08 15:41 - 00194048 _____ () C:\Program Files (x86)\NCP\SecureClient\ncpdlg.dll
2013-04-27 11:37 - 2002-09-04 14:27 - 00102400 _____ () C:\Program Files (x86)\NCP\SecureClient\ncpcry.dll
2014-11-06 12:37 - 2014-11-06 12:37 - 01685528 _____ () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll
2014-03-18 23:22 - 2014-03-18 23:22 - 32733088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-11-06 12:38 - 2014-11-06 12:37 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\log4cplusU.dll
2014-11-06 12:37 - 2014-11-06 12:37 - 40630296 _____ () C:\Program Files (x86)\AVG Web TuneUp\libcef.dll
2014-09-06 17:44 - 2014-09-06 17:44 - 00035328 _____ () d:\FileZilla FTP Client\fzshellext.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00091648 _____ () d:\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00892416 _____ () d:\FileZilla FTP Client\libstdc++-6.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\K.Badekow\Desktop\2014-10-30 09.08.44.jpg:com.dropbox.attributes
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: LVPrcS64 => 2
MSCONFIG\startupfolder: C:^Users^K.Badekow^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^An OneNote senden.lnk => C:\Windows\pss\An OneNote senden.lnk.Startup
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: HP LJ300-400 color MFP M375-M475 Series Fax => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe "HP LJ300-400 color MFP M375-M475 Series Fax"
MSCONFIG\startupreg: icq => C:\Users\K.Badekow\AppData\Roaming\ICQM\icq.exe -CU
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LexwareInfoService => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-759156193-1707623112-1547535671-500 - Administrator - Disabled)
ASPNET (S-1-5-21-759156193-1707623112-1547535671-1005 - Limited - Enabled)
Gast (S-1-5-21-759156193-1707623112-1547535671-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-759156193-1707623112-1547535671-1006 - Limited - Enabled)
K.Badekow (S-1-5-21-759156193-1707623112-1547535671-1000 - Administrator - Enabled) => C:\Users\K.Badekow
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/25/2014 10:13:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: loggingserver.exe, Version: 4.0.0.19, Zeitstempel: 0x51d41c91
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000332b0
ID des fehlerhaften Prozesses: 0xf44
Startzeit der fehlerhaften Anwendung: 0xloggingserver.exe0
Pfad der fehlerhaften Anwendung: loggingserver.exe1
Pfad des fehlerhaften Moduls: loggingserver.exe2
Berichtskennung: loggingserver.exe3
Error: (11/25/2014 10:13:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/25/2014 10:12:57 AM) (Source: vmauthd) (EventID: 1000) (User: )
Description: 2014-11-25T10:12:57.764+01:00| vthread-4| E105: Failed to create event for listen socket: Unknown error 10106 (0x277a) (10106)
Error: (11/25/2014 10:12:57 AM) (Source: vmauthd) (EventID: 1000) (User: )
Description: 2014-11-25T10:12:57.749+01:00| vthread-4| E105: Call to socket failed with error 10106.
Error: (11/25/2014 10:12:47 AM) (Source: HPLaserJetService) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.Net.Sockets.SocketException: Beim Datenbankaufruf ist ein nicht behebbarer Fehler aufgetreten
bei System.Net.Dns.GetAddrInfo(String name)
bei System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
bei System.Net.Dns.GetHostEntry(String hostNameOrAddress)
bei HPLaserJetService.HPLaserJetService.SetHostIPInformation()
bei HPLaserJetService.HPLaserJetService.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (11/25/2014 10:12:35 AM) (Source: ASA 9.0) (EventID: 1) (User: )
Description: Lexware_Professional_DatenbankServer konnte nicht gestartet werden
Error: (11/25/2014 10:12:35 AM) (Source: ASA 9.0) (EventID: 1) (User: )
Description: Lexware_Professional_DatenbankAngeforderte Verbindungen konnten nicht initialisiert werden
Error: (11/25/2014 10:05:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: loggingserver.exe, Version: 4.0.0.19, Zeitstempel: 0x51d41c91
Name des fehlerhaften Moduls: abengine.dll, Version: 0.0.0.0, Zeitstempel: 0x546621b8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00009ac2
ID des fehlerhaften Prozesses: 0x1270
Startzeit der fehlerhaften Anwendung: 0xloggingserver.exe0
Pfad der fehlerhaften Anwendung: loggingserver.exe1
Pfad des fehlerhaften Moduls: loggingserver.exe2
Berichtskennung: loggingserver.exe3
Error: (11/25/2014 10:04:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NCPSEC.EXE, Version: 0.0.0.0, Zeitstempel: 0x4dafca96
Name des fehlerhaften Moduls: abengine.dll, Version: 0.0.0.0, Zeitstempel: 0x546621b8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000048fa
ID des fehlerhaften Prozesses: 0xd10
Startzeit der fehlerhaften Anwendung: 0xNCPSEC.EXE0
Pfad der fehlerhaften Anwendung: NCPSEC.EXE1
Pfad des fehlerhaften Moduls: NCPSEC.EXE2
Berichtskennung: NCPSEC.EXE3
Error: (11/25/2014 10:04:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vmware-authd.exe, Version: 8.0.3.29699, Zeitstempel: 0x4f9f345a
Name des fehlerhaften Moduls: abengine.dll, Version: 0.0.0.0, Zeitstempel: 0x546621b8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000048fa
ID des fehlerhaften Prozesses: 0x1428
Startzeit der fehlerhaften Anwendung: 0xvmware-authd.exe0
Pfad der fehlerhaften Anwendung: vmware-authd.exe1
Pfad des fehlerhaften Moduls: vmware-authd.exe2
Berichtskennung: vmware-authd.exe3
System errors:
=============
Error: (11/25/2014 11:33:04 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:
Error: (11/25/2014 11:14:30 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:
Error: (11/25/2014 11:12:45 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:
Error: (11/25/2014 10:56:55 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:
Error: (11/25/2014 10:49:25 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (11/25/2014 10:49:14 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (11/25/2014 10:48:21 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:
Error: (11/25/2014 10:41:29 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:
Error: (11/25/2014 10:39:00 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
Error: (11/25/2014 10:38:49 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:
Microsoft Office Sessions:
=========================
Error: (11/25/2014 10:13:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: loggingserver.exe4.0.0.1951d41c91ntdll.dll6.1.7601.18247521ea8e7c0000005000332b0f4401d0088ffb632b0bC:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\loggingserver.exeC:\Windows\SysWOW64\ntdll.dll447d311c-7483-11e4-b284-005056c00008
Error: (11/25/2014 10:13:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/25/2014 10:12:57 AM) (Source: vmauthd) (EventID: 1000) (User: )
Description: 2014-11-25T10:12:57.764+01:00| vthread-4| E105: Failed to create event for listen socket: Unknown error 10106 (0x277a) (10106)
Error: (11/25/2014 10:12:57 AM) (Source: vmauthd) (EventID: 1000) (User: )
Description: 2014-11-25T10:12:57.749+01:00| vthread-4| E105: Call to socket failed with error 10106.
Error: (11/25/2014 10:12:47 AM) (Source: HPLaserJetService) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.Net.Sockets.SocketException: Beim Datenbankaufruf ist ein nicht behebbarer Fehler aufgetreten
bei System.Net.Dns.GetAddrInfo(String name)
bei System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
bei System.Net.Dns.GetHostEntry(String hostNameOrAddress)
bei HPLaserJetService.HPLaserJetService.SetHostIPInformation()
bei HPLaserJetService.HPLaserJetService.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (11/25/2014 10:12:35 AM) (Source: ASA 9.0) (EventID: 1) (User: )
Description: Lexware_Professional_DatenbankServer konnte nicht gestartet werden
Error: (11/25/2014 10:12:35 AM) (Source: ASA 9.0) (EventID: 1) (User: )
Description: Lexware_Professional_DatenbankAngeforderte Verbindungen konnten nicht initialisiert werden
Error: (11/25/2014 10:05:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: loggingserver.exe4.0.0.1951d41c91abengine.dll0.0.0.0546621b8c000000500009ac2127001d0088e8f761a3dC:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\loggingserver.exeC:\Windows\system32\abengine.dll38492c9d-7482-11e4-9992-005056c00008
Error: (11/25/2014 10:04:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: NCPSEC.EXE0.0.0.04dafca96abengine.dll0.0.0.0546621b8c0000005000048fad1001d0088e7ab2b979C:\Program Files (x86)\NCP\SecureClient\NCPSEC.EXEC:\Windows\system32\abengine.dll13a657d5-7482-11e4-9992-005056c00008
Error: (11/25/2014 10:04:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: vmware-authd.exe8.0.3.296994f9f345aabengine.dll0.0.0.0546621b8c0000005000048fa142801d0088e8fb65f64C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exeC:\Windows\system32\abengine.dll09e72913-7482-11e4-9992-005056c00008
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 28%
Total physical RAM: 12269.86 MB
Available physical RAM: 8722.57 MB
Total Pagefile: 24537.9 MB
Available Pagefile: 20778.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
==================== Drives ================================
Drive c: (C) (Fixed) (Total:449.66 GB) (Free:257.33 GB) NTFS
Drive d: (D) (Fixed) (Total:465.76 GB) (Free:87.66 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6B355D14)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 6B355D22)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Wäre cool, wenn ihr ne Idee habt, da das unter anderem mein Laptop für meine kleine 2 Mann Firma ist. |
FRST 32-Bit | FRST 64-Bit
Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: