| |
| |||||||
Log-Analyse und Auswertung: Ordner und Dateien auf externen Laufwerken werden nur als Verknüpfungen angezeigtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.09.2014, 04:53
| #1 |
 |  Ordner und Dateien auf externen Laufwerken werden nur als Verknüpfungen angezeigt Guten Tag, im vorhinein möchte ich mich für die angebotene Hilfe in diesem Forum bedanken! Problembeschreibung: Beim Anschließen von externen Laufwerken(USB-Stick, Handy, SD-Card,...) werden mir die Dateien und Ordner auf dem jeweiligen Medium nur als Verknüpfungen angezeigt. Die Verknüpfung verweist jeweils auf "C:\WINDOWS\system32". Nachdem ich unter den Ordneroptionen "Geschützte Systemdateien ausblenden (empfohlen)" deaktiviert habe, werden mir die Dateien und Ordner versteckt angezeigt. Erste eingeleitete Schritte(chronologisch): 1) Antivir Systemscan ohne Fund 2) Scan mit Malwarebyte ohne Fund 3) Scan mit ADWcleaner mit Fund -> gelöscht(Logfile nicht gespeichert) 4) Durchführen von defoggger 5) Erstellen von Logfiles durch FRST 6) Scan mit GMER: öftere Fehlermeldung, dass Dateien nicht gescannt werden können, da sie durch andere Programme geöffnet sind(meines Erachtens waren alle Programme beendet) Erstellte Logfiles: A) FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Matthias (administrator) on LAPTOPMATTHIAS on 10-09-2014 04:49:01
Running from C:\Users\Matthias\Desktop\FRST
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Dropbox, Inc.) C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16384_x64__8wekyb3d8bbwe\glcnd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Matthias\Desktop\defogger\Defogger.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3016432 2013-03-07] (Synaptics Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [807696 2013-12-20] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132224 2013-02-28] ( (Atheros Communications))
HKU\.DEFAULT\...\Run: [Mobile Partner] => C:\Program Files (x86)\MobileWiFi\MobileWiFi
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\Run: [Spotify Web Helper] => C:\Users\Matthias\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-07] (Spotify Ltd)
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\Run: [filename] => wscript.exe //B "C:\Users\Matthias\AppData\Local\Temp\filename.vbs" <===== ATTENTION
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {1a7cf42a-02ab-11e4-be9f-582c80139263} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {1a7cf487-02ab-11e4-be9f-582c80139263} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {1bff3dda-064a-11e4-bea2-582c80139263} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {4c8460df-0330-11e4-bea1-582c80139263} - "F:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {4c846f02-0330-11e4-bea1-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {4d0bbd82-f80b-11e3-be9b-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {6c166977-00c2-11e4-be9e-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {6c166cfc-00c2-11e4-be9e-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {b463a469-ead6-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {b463a6ab-ead6-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {b463ae5c-ead6-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {e48da9a5-ded8-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {e48da9f6-ded8-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {eaa3bc95-ef3e-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001\...\MountPoints2: {eaa3bcbc-ef3e-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Matthias\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-07] (Spotify Ltd)
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [filename] => wscript.exe //B "C:\Users\Matthias\AppData\Local\Temp\filename.vbs" <===== ATTENTION
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1a7cf42a-02ab-11e4-be9f-582c80139263} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1a7cf487-02ab-11e4-be9f-582c80139263} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {1bff3dda-064a-11e4-bea2-582c80139263} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4c8460df-0330-11e4-bea1-582c80139263} - "F:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4c846f02-0330-11e4-bea1-582c80139263} - "E:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4d0bbd82-f80b-11e3-be9b-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6c166977-00c2-11e4-be9e-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6c166cfc-00c2-11e4-be9e-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b463a469-ead6-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b463a6ab-ead6-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b463ae5c-ead6-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e48da9a5-ded8-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e48da9f6-ded8-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {eaa3bc95-ef3e-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
HKU\S-1-5-21-2766631942-3345956868-1473168875-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {eaa3bcbc-ef3e-11e3-be98-089e01e6a161} - "D:\AutoRun.exe"
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\filename.vbs ()
Startup: C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM - {6F8AE43D-7FF7-443E-B332-02E1C998FDA5} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM - {F3DEED0F-B681-42C8-ADC4-A6123CB8984D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {F3DEED0F-B681-42C8-ADC4-A6123CB8984D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - {6F8AE43D-7FF7-443E-B332-02E1C998FDA5} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - {F3DEED0F-B681-42C8-ADC4-A6123CB8984D} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1601235C-8BE2-42AD-A516-95A4B5503B4B}: [NameServer] 192.168.77.1
FireFox:
========
FF ProfilePath: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default
FF SearchEngineOrder.1: SuchMaschine
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\searchplugins\search_engine.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: YouTube Unblocker - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\Extensions\youtubeunblocker@unblocker.yt [2014-01-24]
FF Extension: DownloadHelper - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: Adblock Plus - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-30]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\g1swjhou.default\extensions\cliqz@cliqz.com
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-08] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1021520 2014-08-08] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227968 2013-02-28] (Qualcomm Atheros Commnucations)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2013-12-20] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2013-12-20] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-26] (Acer Incorporate)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2013-01-28] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [42040 2014-07-17] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [114448 2013-12-20] (BlueStack Systems)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-02-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-03-20] (Intel Corporation)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [455240 2013-03-05] (RTS Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-03-07] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 ewusbnet; \SystemRoot\system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; \SystemRoot\system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; \SystemRoot\System32\drivers\ew_juextctrl.sys [X]
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-10 04:48 - 2014-09-10 04:49 - 00000000 ____D () C:\FRST
2014-09-10 04:46 - 2014-09-10 04:46 - 00000000 _____ () C:\Users\Matthias\defogger_reenable
2014-09-10 04:39 - 2014-09-10 04:39 - 00000000 ____D () C:\Users\Matthias\Desktop\GMER
2014-09-10 04:38 - 2014-09-10 04:49 - 00000000 ____D () C:\Users\Matthias\Desktop\FRST
2014-09-10 04:37 - 2014-09-10 04:46 - 00000000 ____D () C:\Users\Matthias\Desktop\defogger
2014-09-10 02:54 - 2014-09-10 03:02 - 00000000 ____D () C:\AdwCleaner
2014-09-10 02:53 - 2014-09-10 02:54 - 00000000 ____D () C:\Users\Matthias\Desktop\adwcleaner
2014-09-10 01:19 - 2014-09-10 01:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Matthias\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-10 01:17 - 2014-09-10 01:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-10 01:16 - 2014-09-10 04:27 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-10 01:16 - 2014-09-10 03:08 - 00128728 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-10 01:13 - 2014-09-10 03:07 - 00092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-10 01:11 - 2014-09-10 01:13 - 00000000 ____D () C:\Users\Matthias\Desktop\Malwarebyte
2014-09-09 03:27 - 2014-09-09 03:27 - 00000911 _____ () C:\Users\Matthias\Downloads\Downloads - Verknüpfung.lnk
2014-09-06 07:24 - 2014-09-06 07:25 - 00000000 ____D () C:\Users\Matthias\Desktop\delete DRM
2014-09-06 07:23 - 2014-09-06 07:23 - 00000000 ____D () C:\Users\Matthias\Documents\Epubsoft
2014-09-06 07:23 - 2014-09-06 07:23 - 00000000 ____D () C:\ProgramData\Epubsoft
2014-09-06 07:22 - 2014-09-06 07:22 - 00002805 _____ () C:\Users\Public\Desktop\EPubsoft DRM Removal.lnk
2014-09-06 07:22 - 2014-09-06 07:22 - 00000000 ____D () C:\Users\Matthias\Desktop\Ultimate-DRM-Removal-last
2014-09-06 07:22 - 2014-09-06 07:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPUBSOFT
2014-09-06 07:22 - 2014-09-06 07:22 - 00000000 ____D () C:\Program Files (x86)\EPUBSOFT
2014-09-06 07:20 - 2014-09-06 07:20 - 10050414 _____ () C:\Users\Matthias\Desktop\Ultimate-DRM-Removal-last.zip
2014-09-06 06:59 - 2014-09-06 06:59 - 00000000 ____D () C:\Users\Matthias\Desktop\tools_v6.0.9
2014-09-06 06:58 - 2014-09-06 06:58 - 01816358 _____ () C:\Users\Matthias\Desktop\tools_v6.0.9.zip
2014-09-06 06:34 - 2014-09-06 06:34 - 00000000 ____D () C:\Users\Matthias\AppData\Local\calibre-cache
2014-09-06 06:32 - 2014-09-06 08:20 - 00000000 ____D () C:\Users\Matthias\Desktop\Calibre
2014-09-06 06:29 - 2014-09-06 07:18 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\calibre
2014-09-06 06:28 - 2014-09-06 06:28 - 00000936 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2014-09-06 06:28 - 2014-09-06 06:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-09-06 06:28 - 2014-09-06 06:28 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2014-09-06 06:08 - 2014-09-06 06:08 - 01101648 _____ () C:\Users\Matthias\Downloads\Calibre 32 Bit - CHIP-Installer.exe
2014-09-02 07:27 - 2014-09-03 05:52 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\vlc
2014-09-02 07:26 - 2014-09-02 07:26 - 00001050 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-09-02 07:26 - 2014-09-02 07:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-09-02 07:25 - 2014-09-02 07:25 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-09-02 07:22 - 2014-09-02 07:24 - 25597312 _____ () C:\Users\Matthias\Downloads\vlc-2.1.5-win32.exe
2014-08-31 20:58 - 2014-08-31 20:58 - 00003985 _____ () C:\Users\Matthias\AppData\Local\recently-used.xbel
2014-08-30 22:54 - 2014-08-30 22:54 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\DesktopIconGoodgame
2014-08-30 22:53 - 2014-08-30 22:53 - 01101648 _____ () C:\Users\Matthias\Downloads\Skype - CHIP-Installer.exe
2014-08-29 05:16 - 2014-08-28 18:35 - 05194858 ___SH () C:\Users\Matthias\Desktop\scanner 1.tif
2014-08-28 05:26 - 2014-08-23 02:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-22 19:10 - 2014-08-22 19:10 - 00000738 _____ () C:\Users\Matthias\Desktop\File0006.lnk
2014-08-20 05:36 - 2014-08-20 05:36 - 00215162 _____ () C:\Users\Matthias\Desktop\bbbb.bmp
2014-08-20 05:32 - 2014-08-20 05:33 - 00215094 _____ () C:\Users\Matthias\Desktop\Neue Bitmap.bmp
2014-08-14 03:54 - 2014-08-02 05:11 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-08-13 15:39 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-13 15:39 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-13 15:39 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-08-13 15:39 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-13 15:39 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-08-13 15:39 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-08-13 15:39 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-13 15:39 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-08-13 15:39 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-08-13 15:39 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-13 15:39 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-08-13 15:39 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-13 15:39 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-13 15:39 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-13 15:39 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-08-13 15:39 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-13 15:39 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-13 15:39 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-13 15:39 - 2014-07-25 13:43 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-13 15:39 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 15:39 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-13 15:39 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-13 15:39 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-13 15:39 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-13 15:39 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-13 15:39 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-13 15:39 - 2014-07-25 13:09 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-13 15:39 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-13 15:39 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-13 15:39 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-13 15:39 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-13 15:39 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-08-13 15:39 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-08-13 15:39 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-08-13 15:39 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-13 15:37 - 2014-06-20 03:48 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2014-08-13 15:37 - 2014-06-20 01:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-08-13 15:37 - 2014-06-13 03:15 - 00517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-08-13 15:37 - 2014-06-13 03:14 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-08-13 15:37 - 2014-06-13 02:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-08-13 15:37 - 2014-06-06 13:34 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-08-13 15:36 - 2014-05-31 08:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-08-13 15:35 - 2014-07-15 20:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-08-13 15:35 - 2014-07-15 10:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-08-13 15:35 - 2014-07-15 10:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-08-13 15:35 - 2014-07-15 10:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-08-13 15:35 - 2014-07-10 06:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-08-13 15:35 - 2014-07-10 06:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-08-13 15:35 - 2014-07-10 05:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-08-13 15:35 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-08-13 15:35 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-08-13 15:35 - 2014-05-13 09:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-08-13 15:35 - 2014-05-13 07:07 - 02844160 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-08-13 15:35 - 2014-05-13 06:41 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-08-13 15:35 - 2014-05-13 06:26 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-08-13 15:35 - 2014-05-13 05:59 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-08-13 15:35 - 2014-05-13 05:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-08-13 15:35 - 2014-05-03 13:29 - 01726224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-08-13 15:35 - 2014-05-03 11:20 - 01473080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-08-13 15:35 - 2014-05-03 07:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-08-13 15:35 - 2014-05-03 07:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2014-08-13 15:35 - 2014-05-03 07:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2014-08-13 15:35 - 2014-05-03 07:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2014-08-13 15:35 - 2014-05-03 06:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
2014-08-13 15:35 - 2014-05-03 06:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
2014-08-13 15:35 - 2014-05-03 06:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
2014-08-13 15:35 - 2014-05-03 01:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat
2014-08-13 15:35 - 2014-05-01 07:44 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-08-13 15:35 - 2014-04-30 08:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2014-08-13 15:35 - 2014-04-30 08:41 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-08-13 15:35 - 2014-04-30 08:41 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2014-08-13 15:35 - 2014-04-30 08:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2014-08-13 15:35 - 2014-04-30 07:45 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2014-08-13 15:35 - 2014-04-30 06:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2014-08-13 15:35 - 2014-04-30 06:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2014-08-13 15:35 - 2014-04-30 06:23 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2014-08-13 15:35 - 2014-04-30 06:23 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2014-08-13 15:35 - 2014-04-30 06:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2014-08-13 15:35 - 2014-04-30 06:14 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-08-13 15:35 - 2014-04-30 05:59 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-08-13 15:35 - 2014-04-30 05:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2014-08-13 15:35 - 2014-04-30 05:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2014-08-13 15:35 - 2014-04-30 05:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2014-08-13 15:35 - 2014-04-30 05:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2014-08-13 15:35 - 2014-04-30 05:42 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2014-08-13 15:35 - 2014-04-29 00:40 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2014-08-13 15:35 - 2014-04-27 00:03 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-08-13 15:35 - 2014-04-26 22:14 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-08-13 15:35 - 2014-04-26 18:39 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2014-08-13 15:35 - 2014-04-14 11:37 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-08-13 15:35 - 2014-04-14 10:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-08-13 15:35 - 2014-04-14 07:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-08-13 15:35 - 2014-04-09 08:11 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-08-13 15:35 - 2014-04-09 07:20 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-08-13 15:27 - 2014-06-05 16:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-08-13 15:27 - 2014-06-05 15:14 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-08-13 15:27 - 2014-06-02 04:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-08-13 15:27 - 2014-05-31 12:07 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-08-13 15:27 - 2014-05-31 12:07 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-08-13 15:27 - 2014-05-31 12:07 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-08-13 15:27 - 2014-05-31 12:07 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-08-13 15:27 - 2014-05-31 12:07 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-08-13 15:27 - 2014-05-31 08:30 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-08-13 15:27 - 2014-05-31 08:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-08-13 15:27 - 2014-05-31 08:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-08-13 15:27 - 2014-05-31 06:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-08-13 15:27 - 2014-05-31 06:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-08-13 15:27 - 2014-05-31 06:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-08-13 15:27 - 2014-05-27 17:53 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-08-13 15:27 - 2014-05-27 11:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-08-13 15:27 - 2014-05-27 11:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-08-13 15:27 - 2014-05-17 06:59 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-08-13 15:27 - 2014-05-17 06:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-08-13 15:25 - 2014-08-07 04:12 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-08-13 15:25 - 2014-08-02 05:56 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-08-13 15:25 - 2014-07-12 06:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-08-13 15:25 - 2014-06-04 11:27 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-08-13 15:25 - 2014-06-04 07:31 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-08-13 15:25 - 2014-06-04 07:22 - 02790912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-08-13 15:25 - 2014-06-04 06:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-08-13 15:25 - 2014-06-04 06:38 - 03304448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-08-13 15:25 - 2014-06-04 04:15 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-08-13 15:25 - 2014-06-04 04:14 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-08-12 03:33 - 2014-08-28 19:21 - 00001117 _____ () C:\Users\Public\Desktop\Avira.lnk
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-10 04:49 - 2014-09-10 04:48 - 00000000 ____D () C:\FRST
2014-09-10 04:49 - 2014-09-10 04:38 - 00000000 ____D () C:\Users\Matthias\Desktop\FRST
2014-09-10 04:49 - 2014-08-01 15:55 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Skype
2014-09-10 04:46 - 2014-09-10 04:46 - 00000000 _____ () C:\Users\Matthias\defogger_reenable
2014-09-10 04:46 - 2014-09-10 04:37 - 00000000 ____D () C:\Users\Matthias\Desktop\defogger
2014-09-10 04:46 - 2014-01-14 13:09 - 00000000 ____D () C:\Users\Matthias
2014-09-10 04:39 - 2014-09-10 04:39 - 00000000 ____D () C:\Users\Matthias\Desktop\GMER
2014-09-10 04:27 - 2014-09-10 01:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-10 04:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-10 03:38 - 2014-01-10 11:11 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2766631942-3345956868-1473168875-1001
2014-09-10 03:10 - 2014-01-10 20:12 - 00000000 ___RD () C:\Users\Matthias\Dropbox
2014-09-10 03:09 - 2014-01-10 20:00 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Dropbox
2014-09-10 03:08 - 2014-09-10 01:16 - 00128728 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-10 03:07 - 2014-09-10 01:13 - 00092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-10 03:04 - 2013-11-14 00:18 - 00455688 _____ () C:\WINDOWS\PFRO.log
2014-09-10 03:04 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-10 03:03 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-10 03:02 - 2014-09-10 02:54 - 00000000 ____D () C:\AdwCleaner
2014-09-10 02:54 - 2014-09-10 02:53 - 00000000 ____D () C:\Users\Matthias\Desktop\adwcleaner
2014-09-10 01:21 - 2014-09-10 01:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Matthias\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-10 01:17 - 2014-09-10 01:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-10 01:17 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-10 01:17 - 2013-11-14 09:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-09-10 01:17 - 2013-11-14 09:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-09-10 01:13 - 2014-09-10 01:11 - 00000000 ____D () C:\Users\Matthias\Desktop\Malwarebyte
2014-09-09 20:41 - 2014-01-11 02:42 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\stickies
2014-09-09 09:17 - 2014-01-14 13:23 - 01319863 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-09 03:27 - 2014-09-09 03:27 - 00000911 _____ () C:\Users\Matthias\Downloads\Downloads - Verknüpfung.lnk
2014-09-08 05:22 - 2013-08-22 16:46 - 00331075 _____ () C:\WINDOWS\setupact.log
2014-09-08 00:58 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-09-07 10:51 - 2014-01-11 14:44 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Spotify
2014-09-07 10:51 - 2014-01-11 14:44 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Spotify
2014-09-06 08:20 - 2014-09-06 06:32 - 00000000 ____D () C:\Users\Matthias\Desktop\Calibre
2014-09-06 07:25 - 2014-09-06 07:24 - 00000000 ____D () C:\Users\Matthias\Desktop\delete DRM
2014-09-06 07:23 - 2014-09-06 07:23 - 00000000 ____D () C:\Users\Matthias\Documents\Epubsoft
2014-09-06 07:23 - 2014-09-06 07:23 - 00000000 ____D () C:\ProgramData\Epubsoft
2014-09-06 07:22 - 2014-09-06 07:22 - 00002805 _____ () C:\Users\Public\Desktop\EPubsoft DRM Removal.lnk
2014-09-06 07:22 - 2014-09-06 07:22 - 00000000 ____D () C:\Users\Matthias\Desktop\Ultimate-DRM-Removal-last
2014-09-06 07:22 - 2014-09-06 07:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPUBSOFT
2014-09-06 07:22 - 2014-09-06 07:22 - 00000000 ____D () C:\Program Files (x86)\EPUBSOFT
2014-09-06 07:20 - 2014-09-06 07:20 - 10050414 _____ () C:\Users\Matthias\Desktop\Ultimate-DRM-Removal-last.zip
2014-09-06 07:18 - 2014-09-06 06:29 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\calibre
2014-09-06 06:59 - 2014-09-06 06:59 - 00000000 ____D () C:\Users\Matthias\Desktop\tools_v6.0.9
2014-09-06 06:58 - 2014-09-06 06:58 - 01816358 _____ () C:\Users\Matthias\Desktop\tools_v6.0.9.zip
2014-09-06 06:34 - 2014-09-06 06:34 - 00000000 ____D () C:\Users\Matthias\AppData\Local\calibre-cache
2014-09-06 06:28 - 2014-09-06 06:28 - 00000936 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2014-09-06 06:28 - 2014-09-06 06:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-09-06 06:28 - 2014-09-06 06:28 - 00000000 ____D () C:\Program Files (x86)\Calibre2
2014-09-06 06:08 - 2014-09-06 06:08 - 01101648 _____ () C:\Users\Matthias\Downloads\Calibre 32 Bit - CHIP-Installer.exe
2014-09-05 01:08 - 2014-07-29 19:14 - 00000000 ____D () C:\Users\Matthias\.gimp-2.8
2014-09-03 05:52 - 2014-09-02 07:27 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\vlc
2014-09-02 07:26 - 2014-09-02 07:26 - 00001050 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-09-02 07:26 - 2014-09-02 07:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-09-02 07:25 - 2014-09-02 07:25 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-09-02 07:24 - 2014-09-02 07:22 - 25597312 _____ () C:\Users\Matthias\Downloads\vlc-2.1.5-win32.exe
2014-08-31 20:58 - 2014-08-31 20:58 - 00003985 _____ () C:\Users\Matthias\AppData\Local\recently-used.xbel
2014-08-31 20:58 - 2014-07-30 22:47 - 00000000 ____D () C:\Users\Matthias\AppData\Local\gtk-2.0
2014-08-30 22:57 - 2014-08-01 15:54 - 00000000 ____D () C:\ProgramData\Skype
2014-08-30 22:54 - 2014-08-30 22:54 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\DesktopIconGoodgame
2014-08-30 22:53 - 2014-08-30 22:53 - 01101648 _____ () C:\Users\Matthias\Downloads\Skype - CHIP-Installer.exe
2014-08-28 19:21 - 2014-08-12 03:33 - 00001117 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-28 19:21 - 2014-08-09 02:36 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-28 19:21 - 2014-02-19 00:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-28 19:21 - 2014-02-19 00:59 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-28 19:15 - 2013-08-22 16:44 - 00362760 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-28 18:35 - 2014-08-29 05:16 - 05194858 ___SH () C:\Users\Matthias\Desktop\scanner 1.tif
2014-08-28 06:17 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-24 01:50 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-08-23 02:42 - 2014-08-28 05:26 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-22 19:10 - 2014-08-22 19:10 - 00000738 _____ () C:\Users\Matthias\Desktop\File0006.lnk
2014-08-20 05:36 - 2014-08-20 05:36 - 00215162 _____ () C:\Users\Matthias\Desktop\bbbb.bmp
2014-08-20 05:33 - 2014-08-20 05:32 - 00215094 _____ () C:\Users\Matthias\Desktop\Neue Bitmap.bmp
2014-08-16 05:19 - 2014-01-13 14:57 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-16 05:15 - 2014-01-13 14:57 - 99218768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-16 04:04 - 2014-08-01 15:54 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-14 22:01 - 2014-01-10 20:12 - 00001086 _____ () C:\Users\Matthias\Desktop\Dropbox.lnk
2014-08-14 22:01 - 2014-01-10 20:10 - 00000000 ____D () C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-14 03:35 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-08-14 03:35 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-08-14 03:35 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-08-14 03:35 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-08-14 03:35 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-08-13 15:30 - 2014-04-16 02:25 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-08-13 15:30 - 2014-04-16 02:19 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-08-13 15:30 - 2014-04-16 00:00 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-08-13 15:30 - 2014-04-16 00:00 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-08-13 15:30 - 2014-04-16 00:00 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-08-13 15:30 - 2014-04-16 00:00 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-08-13 15:30 - 2014-04-16 00:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-08-13 15:30 - 2014-04-16 00:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-08-13 15:30 - 2014-04-16 00:00 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-08-13 15:30 - 2014-04-16 00:00 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-08-13 15:30 - 2014-04-16 00:00 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-08-13 15:30 - 2014-04-15 23:37 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-08-13 15:30 - 2014-04-09 15:02 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-08-13 15:30 - 2014-04-09 15:02 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-08-13 15:30 - 2014-03-29 19:57 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-08-13 15:30 - 2014-03-11 22:43 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-08-13 15:24 - 2014-06-11 07:02 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-08-12 07:22 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-12 03:53 - 2014-01-10 11:03 - 00000000 ____D () C:\Users\Matthias\AppData\Local\Packages
Some content of TEMP:
====================
C:\Users\Matthias\AppData\Local\Temp\avgnt.exe
C:\Users\Matthias\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdbdyot.dll
C:\Users\Matthias\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Matthias\AppData\Local\Temp\Quarantine.exe
C:\Users\Matthias\AppData\Local\Temp\sqlite3.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-09 23:02
==================== End Of Log ============================
B) FRST Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01
Ran by Matthias at 2014-09-10 04:50:50
Running from C:\Users\Matthias\Desktop\FRST
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3012 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3004 - Acer Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.4.3036 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{44181DF6-2751-48C7-B918-72F14508F127}) (Version: 0.8.4.3036 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{4ED40090-5A38-415F-B222-26DD6D3C1AEF}) (Version: 2.2.0 - Kovid Goyal)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.0.1 - Cliqz.com)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.0.1428 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.5.0.1066 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.20.00.03 - Huawei Technologies Co.,Ltd)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.222 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.43 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6909 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.21222 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Stickies 7.1e (HKLM-x32\...\ZhornStickies) (Version: - Zhorn Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.12.31 - Synaptics Incorporated)
Turbonett móvil (HKLM-x32\...\Turbonett móvil) (Version: 11.302.09.09.519 - Huawei Technologies Co.,Ltd)
Ultimate EPubsoft DRM Removal 8.5.5 (HKLM-x32\...\{49617AB8-5A31-44A7-95A6-BE6CE251A6F1}) (Version: 8.5.5 - EPUBSOFT)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2766631942-3345956868-1473168875-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2766631942-3345956868-1473168875-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2766631942-3345956868-1473168875-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2766631942-3345956868-1473168875-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2766631942-3345956868-1473168875-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2766631942-3345956868-1473168875-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2766631942-3345956868-1473168875-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2766631942-3345956868-1473168875-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2766631942-3345956868-1473168875-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
23-08-2014 23:39:14 Geplanter Prüfpunkt
28-08-2014 04:17:12 Windows Update
05-09-2014 02:05:47 Geplanter Prüfpunkt
06-09-2014 04:27:19 Installed calibre
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {126D0984-76FD-4D0F-B862-94595D28C643} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {191E0490-401B-4A02-AAD4-C4C4ACCA1588} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {1AB3DDF2-73A0-46AC-92CB-881493B59D39} - System32\Tasks\Dolby Selector => C:\Dolby PCEE4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4EE48068-91E6-41F3-99C9-91E64F4191BB} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {673F7FF1-409E-420F-9F55-26D9223EEA86} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-01-23] (Acer Incorporated)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {7689FF12-676F-4174-B5CF-8FA9F0CAE73A} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {843D1255-E3E8-4FB0-8705-04F46D2EF61E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-08-16] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {CE0A42AA-EF39-44C0-BB03-9D3C9712424E} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D727F8AA-67AA-401F-B38A-7B6A6D4AAAE8} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-04-26] (Acer Incorporate)
Task: {D8363C53-9456-4A29-8D7B-02BEEA1F7F73} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E41F8FFD-8E2A-4B91-B50A-E1EC17D7C2E7} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-01-18] (Acer Incorporated)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (whitelisted) =============
2014-07-04 06:06 - 2013-01-28 04:49 - 00239184 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2013-02-28 18:05 - 2013-02-28 18:05 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-02-28 18:02 - 2013-02-28 18:02 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-02-28 18:06 - 2013-02-28 18:06 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-09-10 04:37 - 2014-09-10 04:37 - 00050477 _____ () C:\Users\Matthias\Desktop\defogger\Defogger.exe
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00067832 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-09-10 03:06 - 2014-09-10 03:06 - 00043008 _____ () c:\users\matthias\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdbdyot.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Matthias\AppData\Roaming\Dropbox\bin\libcef.dll
2014-01-11 02:42 - 2014-01-11 02:42 - 00049152 _____ () C:\Program Files (x86)\Stickies\shook70.dll
2014-08-09 02:36 - 2014-08-04 14:20 - 00052472 _____ () C:\Users\Matthias\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2013-09-25 22:31 - 2013-03-20 09:47 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-07-31 04:45 - 2014-07-31 04:45 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-25 23:11 - 2013-02-20 22:58 - 00089672 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKCU\...\StartupApproved\Run: => "PC Suite Tray"
HKCU\...\StartupApproved\Run: => "Spotify Web Helper"
==================== Faulty Device Manager Devices =============
Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (09/10/2014 03:41:52 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/10/2014 03:35:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 4a8
Startzeit: 01cfcc975cb4d6ce
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\system32\wwahost.exe
Berichts-ID: cab04862-388a-11e4-beb8-3c77e69e7702
Vollständiger Name des fehlerhaften Pakets: Microsoft.BingHealthAndFitness_3.0.1.176_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppexHealthAndFitness
Error: (09/10/2014 03:04:40 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (09/08/2014 07:09:15 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/08/2014 07:07:51 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (09/08/2014 01:09:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1156
Error: (09/08/2014 01:09:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1156
Error: (09/08/2014 01:09:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/07/2014 00:01:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14578
Error: (09/07/2014 00:01:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14578
System errors:
=============
Error: (09/10/2014 03:39:22 AM) (Source: DCOM) (EventID: 10010) (User: LaptopMatthias)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (09/10/2014 03:38:52 AM) (Source: DCOM) (EventID: 10010) (User: LaptopMatthias)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (09/10/2014 03:04:40 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (09/10/2014 00:14:37 AM) (Source: DCOM) (EventID: 10010) (User: LaptopMatthias)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (09/10/2014 00:14:07 AM) (Source: DCOM) (EventID: 10010) (User: LaptopMatthias)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (09/08/2014 07:05:56 AM) (Source: DCOM) (EventID: 10010) (User: LaptopMatthias)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (09/08/2014 07:05:26 AM) (Source: DCOM) (EventID: 10010) (User: LaptopMatthias)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (09/08/2014 07:01:13 AM) (Source: DCOM) (EventID: 10010) (User: LaptopMatthias)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (09/08/2014 07:00:43 AM) (Source: DCOM) (EventID: 10010) (User: LaptopMatthias)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (09/08/2014 06:56:16 AM) (Source: DCOM) (EventID: 10010) (User: LaptopMatthias)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Microsoft Office Sessions:
=========================
Error: (09/10/2014 03:41:52 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\Nokia\nokia pc suite 7\TIS_Windows7PIM.dll
Error: (09/10/2014 03:35:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.170314a801cfcc975cb4d6ce4294967295C:\WINDOWS\system32\wwahost.execab04862-388a-11e4-beb8-3c77e69e7702Microsoft.BingHealthAndFitness_3.0.1.176_x64__8wekyb3d8bbweAppexHealthAndFitness
Error: (09/10/2014 03:04:40 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (09/08/2014 07:09:15 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\Nokia\nokia pc suite 7\TIS_Windows7PIM.dll
Error: (09/08/2014 07:07:51 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files (x86)\Nokia\nokia pc suite 7\TIS_Windows7PIM.dll
Error: (09/08/2014 01:09:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1156
Error: (09/08/2014 01:09:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1156
Error: (09/08/2014 01:09:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/07/2014 00:01:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14578
Error: (09/07/2014 00:01:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14578
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 47%
Total physical RAM: 3976.27 MB
Available physical RAM: 2083.01 MB
Total Pagefile: 4680.27 MB
Available Pagefile: 2253.5 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:449.61 GB) (Free:181.68 GB) NTFS
Drive d: (Kindle) (Removable) (Total:1.36 GB) (Free:1.04 GB) FAT32
Drive e: () (Removable) (Total:14.72 GB) (Free:4.33 GB) FAT32
Drive f: () (Removable) (Total:7.48 GB) (Free:3.94 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: F75D8376)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: B3A44061)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0B)
========================================================
Disk: 2 (Size: 14.7 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 3 (Size: 1.4 GB) (Disk ID: 00000003)
Partition 1: (Not Active) - (Size=1.4 GB) - (Type=0B)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-10 05:10:51
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002a TOSHIBA_MQ01ABF050 rev.AM001J 465,76GB
Running: e66l518i.exe; Driver: C:\Users\Matthias\AppData\Local\Temp\kgrdrpod.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[3936] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffe7e8c1f6a 4 bytes [8C, 7E, FE, 7F]
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[3936] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffe7e8c1f82 4 bytes [8C, 7E, FE, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe8765169a 4 bytes [65, 87, FE, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe876516a2 4 bytes [65, 87, FE, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe8765181a 4 bytes [65, 87, FE, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3680] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe87651832 4 bytes [65, 87, FE, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1900] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe8765169a 4 bytes [65, 87, FE, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1900] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe876516a2 4 bytes [65, 87, FE, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1900] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe8765181a 4 bytes [65, 87, FE, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[1900] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe87651832 4 bytes [65, 87, FE, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4940] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe8765169a 4 bytes [65, 87, FE, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4940] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe876516a2 4 bytes [65, 87, FE, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4940] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe8765181a 4 bytes [65, 87, FE, 7F]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4940] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe87651832 4 bytes [65, 87, FE, 7F]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [600:624] fffff960009c9b90
---- Processes - GMER 2.1 ----
Library C:\Users\Matthias\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe [3712](2014-07-30 00:20:20) 0000000003dd0000
Library c:\users\matthias\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfp0nue.dll (*** suspicious ***) @ C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe [3712](2014-09-10 03:03:09) 0000000004470000
Library C:\Users\Matthias\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe [3712](2013-08-23 19:01:44) 0000000064000000
Library C:\Users\Matthias\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe [3712] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42) 00000000619a0000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Auf Rückmeldung freue ich mich, vielen Dank, Matthias Geändert von Matziosika (10.09.2014 um 05:20 Uhr) |
| Themen zu Ordner und Dateien auf externen Laufwerken werden nur als Verknüpfungen angezeigt |
| antivirus, bluestacks, bonjour, desktop, device driver, externer datenträger, flash player, homepage, installation, launch, lnk/agent.ak, logfile, mozilla, nsis/startpage.cc, nur verknüpfungen, object, pup.optional.bandoo, realtek, registry, required, rundll, security, software, spotify web helper, svchost.exe, system, vbs/kryptik.bl, win32/downloadsponsor.a, win64/systweak.a, windows, windowsapps |
Baum-Darstellung