| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Avira meldet Funde (TR/Crypt.ZPACK.104691)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.11.2014, 11:22
| #1 |
 |  Avira meldet Funde (TR/Crypt.ZPACK.104691) Hallo, seit anfang des Monats hat Avira Free Antivirus vermehrt Virenfunde gemeldet (6.11 und 19.11). Anfangs dachte ich mir nichts dabei doch als der Echtzeitscanner sich vor 3 Tagen wieder gemeldet hat, fing ich an mir sorgen zu machen. Laut Avira soll eine Datei namens BihxiCaklu.dat maleware enthalten. Daraufhin habe ich einen Komplettsuchlauf gestartet und die Funde in die Quarantäne verschoben hxxp://i.imgur.com/slXJLWX.jpg Die Datei BihxiCaklu.dat schien sich im Autostart zu befinden daher habe ich sie deaktiviert (im Autostart) Die Ereignisse seit dem 6.11 habe ich exportiert Code:
ATTFilter Exportierte Ereignisse:
19.11.2014 21:41 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\BihxiCaklu\BihxiCaklu.dat'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.104691' [trojan]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
19.11.2014 21:41 [System-Scanner] Malware gefunden
Die Datei 'C:\ProgramData\BihxiCaklu\BihxiCaklu.dat'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.104691'
[trojan].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler
aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
Die Datei konnte nicht gelöscht werden!
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3b8cbaf6.qua'
verschoben!
19.11.2014 21:41 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\All Users\BihxiCaklu\BihxiCaklu.dat'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.104691'
[trojan].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler
aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
Die Datei konnte nicht gelöscht werden!
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
Fehler in der ARK Library.
Die Datei wurde zum Löschen nach einem Neustart markiert.
Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.
19.11.2014 21:41 [System-Scanner] Malware gefunden
Die Datei
'C:\$Recycle.Bin\S-1-5-21-203259023-386501227-1076918401-1001\$RWS7HSB\BihxiCakl
u.dat'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.104691'
[trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '183fd68a.qua'
verschoben!
19.11.2014 21:33 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\BihxiCaklu\BihxiCaklu.dat'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.104691' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
19.11.2014 21:23 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\BihxiCaklu\BihxiCaklu.dat'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.104691' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
19.11.2014 21:13 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\BihxiCaklu\BihxiCaklu.dat'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.104691' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
19.11.2014 20:53 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\BihxiCaklu\BihxiCaklu.dat'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.104691' [trojan]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
19.11.2014 20:53 [System-Scanner] Malware gefunden
Die Datei 'C:\ProgramData\BihxiCaklu\BihxiCaklu.dat'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.104691'
[trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '51356009.qua'
verschoben!
Der Registrierungseintrag
<HKEY_USERS\S-1-5-21-203259023-386501227-1076918401-1001\SOFTWARE\Microsoft\Wind
ows\CurrentVersion\Run\BihxiCaklu> wurde erfolgreich repariert.
19.11.2014 20:52 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\BihxiCaklu\BihxiCaklu.dat'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.104691' [trojan]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
19.11.2014 20:52 [System-Scanner] Malware gefunden
Die Datei 'C:\ProgramData\BihxiCaklu\BihxiCaklu.dat'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.104691'
[trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '51f85a36.qua'
verschoben!
19.11.2014 20:51 [System-Scanner] Malware gefunden
Die Datei 'C:\ProgramData\BihxiCaklu\BihxiCaklu.dat'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.104691'
[trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '511b678d.qua'
verschoben!
Der Registrierungseintrag
<HKEY_USERS\S-1-5-21-203259023-386501227-1076918401-1001\SOFTWARE\Microsoft\Wind
ows\CurrentVersion\Run\BihxiCaklu> wurde erfolgreich repariert.
19.11.2014 20:51 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\BihxiCaklu\BihxiCaklu.dat'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.104691' [trojan]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
19.11.2014 20:50 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\BihxiCaklu\BihxiCaklu.dat'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.104691' [trojan]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
19.11.2014 20:44 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\BihxiCaklu\BihxiCaklu.dat'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.104691' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
14.11.2014 18:50 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\All Users\Windows Genuine
Advantage\{D17B67A1-EBD8-4E82-BAC0-5729A9430517}\api-ms-win-system-mpr-l1-1-0.dl
l'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.108102'
[trojan].
Durchgeführte Aktion(en):
Die Datei konnte nicht gelöscht werden!
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Die Datei wurde gelöscht.
14.11.2014 18:50 [System-Scanner] Malware gefunden
Die Datei 'C:\ProgramData\Windows Genuine
Advantage\{D17B67A1-EBD8-4E82-BAC0-5729A9430517}\api-ms-win-system-mpr-l1-1-0.dl
l'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.108102'
[trojan].
Durchgeführte Aktion(en):
Die Datei wurde gelöscht.
06.11.2014 17:58 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Michi\AppData\Local\Temp\nsa206C.tmp'
enthielt einen Virus oder unerwünschtes Programm 'APPL/Somoto.Gen2' [program].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '515508b2.qua'
verschoben!
06.11.2014 17:58 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet
Files\Content.IE5\3XHU31BE\setup[1].exe'
enthielt einen Virus oder unerwünschtes Programm 'APPL/Somoto.Gen2' [program].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49b12707.qua'
verschoben!
06.11.2014 17:56 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Michi\AppData\Local\Microsoft\Windows\Temporary Internet
Files\Content.IE5\3XHU31BE\setup[1].exe'
wurde ein Virus oder unerwünschtes Programm 'APPL/Somoto.Gen2' [program]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
06.11.2014 17:56 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Michi\AppData\Local\Temp\nsa206C.tmp'
wurde ein Virus oder unerwünschtes Programm 'APPL/Somoto.Gen2' [program]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
|
|
22.11.2014, 12:04
| #2 |
| /// the machine /// TB-Ausbilder    |  Avira meldet Funde (TR/Crypt.ZPACK.104691) hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
22.11.2014, 12:45
| #3 |
| | Avira meldet Funde (TR/Crypt.ZPACK.104691) hey,
__________________danke für deine Antwort! Hier sind die Logs: [CODE]FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-11-2014
Ran by Michi (administrator) on MICHI-PC on 22-11-2014 12:40:55
Running from C:\Users\Michi\Desktop
Loaded Profile: Michi (Available profiles: Michi)
Platform: Windows 8 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AuthenTec, Inc) C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
() C:\Program Files\AuthenTec TrueSuite\x86\IEWebSiteLogon.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Authentec) C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Sentelic Corporation) C:\Program Files\FSP\FspUip.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Flux Software LLC) C:\Users\Michi\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [6263120 2013-10-21] (Sentelic Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13449288 2013-03-26] (Realtek Semiconductor)
HKLM\...\Run: [KeepSafe] => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe [38728 2011-10-21] (Authentec)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281312 2014-05-19] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [Sound Blaster X-Fi MB 3] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe [2104832 2013-01-30] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation)
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\Run: [f.lux] => C:\Users\Michi\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-06-24] (Raptr, Inc)
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095328 2014-09-16] (Nota Inc.)
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\Run: [BihxiCaklu] => regsvr32.exe "C:\ProgramData\BihxiCaklu\BihxiCaklu.dat"
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\MountPoints2: {7aeba5f1-64f4-11e4-bf04-0090f5eddb44} - "E:\autorun.exe"
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\MountPoints2: {9f95fd4a-4d79-11e3-be85-b4b676c26a40} - "E:\Autorun.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
Startup: C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers: [UEAFOverlay] -> {BC6D10E6-AE59-4cef-83DB-FD4C9BC7B7F2} => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvns.dll (Authentec)
ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {93BB455E-3D52-4fba-9733-E5103B30FC12} => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvns.dll (Authentec)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-203259023-386501227-1076918401-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://startpage.com/
HKU\S-1-5-21-203259023-386501227-1076918401-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKU\S-1-5-21-203259023-386501227-1076918401-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEC5E0EA38CCECE01
HKU\S-1-5-21-203259023-386501227-1076918401-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\AuthenTec TrueSuite\IEBHO.DLL (AuthenTec Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: No Name -> {43D9786F-A485-683B-9B5B-ACC97ABC17FC} -> No File
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll (AuthenTec Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mi55ozh8.default
FF SearchEngineOrder.1: Google
FF Homepage: ecosia.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files\AuthenTec TrueSuite\x86\npffwloplugin.dll (AuthenTec, Inc)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-203259023-386501227-1076918401-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Michi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-203259023-386501227-1076918401-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mi55ozh8.default\searchplugins\ecosia.xml
FF SearchPlugin: C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mi55ozh8.default\searchplugins\trovi-search.xml
FF Extension: Avira Browser Safety - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mi55ozh8.default\Extensions\abs@avira.com [2014-06-11]
FF Extension: WOT - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mi55ozh8.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: DownloadHelper - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mi55ozh8.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-10-10]
FF Extension: Reddit Enhancement Suite - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mi55ozh8.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2013-11-14]
FF Extension: Download Status Bar - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mi55ozh8.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-01-30]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mi55ozh8.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-10-08]
FF Extension: Ecosia - The search engine that plants trees - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mi55ozh8.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2014-04-02]
FF Extension: Greasemonkey - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mi55ozh8.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-03-17]
FF Extension: Adblock Edge - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mi55ozh8.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-10-23]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2014-11-10]
Chrome:
=======
CHR Profile: C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-11]
CHR Extension: (YouTube) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-11]
CHR Extension: (Google-Suche) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-11]
CHR Extension: (AdBlock) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-16]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-11-12]
CHR Extension: (Google Wallet) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-11]
CHR Extension: (Google Mail) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-11]
CHR HKLM-x32\...\Chrome\Extension: [bkdegagmpemadclljncealhmmkojfoam] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com.crx []
CHR HKLM-x32\...\Chrome\Extension: [oelloajafbopojkjmieelljfkcmdpdhf] - C:\Program Files\AuthenTec TrueSuite\x86\tschrome.crx [2012-08-13]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-19] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-10-28] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-10-28] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [406016 2011-09-14] (Creative Technology Ltd) [File not signed]
R2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [2125160 2012-08-24] (AuthenTec, Inc)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [187848 2014-06-06] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-28] ()
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [47104 2013-05-29] () [File not signed]
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [27872 2014-05-19] (Samsung Electronics Co., Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [15888 2013-02-11] (Intel(R) Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
S2 HPSLPSVC; C:\Users\Michi\AppData\Local\Temp\7zS62EA\hpslpsvc64.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AirplaneModeHid; C:\Windows\system32\DRIVERS\AirplaneModeHid.sys [25264 2012-12-23] (Insyde Corporation)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1424184 2014-04-22] (Motorola Solutions, Inc.)
R3 fspad_win764; C:\Windows\system32\DRIVERS\fspad_win764.sys [155472 2013-10-21] (Sentelic Corporation)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-11-29] (LogMeIn Inc.)
R2 iocbios2; C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [25448 2013-01-07] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3349984 2014-02-25] (Intel Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 RZMAELSTROMVADService; C:\Windows\system32\drivers\RzMaelstromVAD.sys [32768 2014-05-23] (Windows (R) Win 7 DDK provider)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [265952 2014-05-19] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111328 2014-05-19] (Samsung Electronics Co., Ltd.)
R1 UimBus; C:\Windows\System32\drivers\uimx64.sys [90960 2013-03-15] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-03-15] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)
S3 getbus; \??\C:\Users\Michi\AppData\Local\Temp\getbus.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-22 12:40 - 2014-11-22 12:41 - 00027026 _____ () C:\Users\Michi\Desktop\FRST.txt
2014-11-22 12:40 - 2014-11-22 12:40 - 02118144 _____ (Farbar) C:\Users\Michi\Desktop\FRST64.exe
2014-11-22 12:40 - 2014-11-22 12:40 - 00000000 ____D () C:\FRST
2014-11-22 11:49 - 2014-11-22 11:49 - 00000000 ____D () C:\Users\Michi\Desktop\Avira
2014-11-21 23:44 - 2014-11-21 23:44 - 00002980 _____ () C:\Users\Michi\Documents\MICHI-PC_Michi_2014_11_21.csv
2014-11-20 17:22 - 2014-11-20 17:22 - 00004833 _____ () C:\Users\Michi\Documents\MICHI-PC_Michi_2014_11_20.csv
2014-11-20 17:08 - 2014-11-20 17:08 - 10676051 _____ () C:\Users\Michi\Downloads\formelx_1_0.zip
2014-11-19 22:46 - 2014-11-19 22:46 - 00004532 _____ () C:\Users\Michi\Documents\MICHI-PC_Michi_2014_11_19.csv
2014-11-19 22:46 - 2014-11-19 22:46 - 00000000 ____D () C:\Windows\system32\AutoUpdateLicense
2014-11-19 20:50 - 2014-11-19 21:43 - 00000000 ____D () C:\ProgramData\BihxiCaklu
2014-11-16 18:57 - 2014-11-16 18:57 - 00001549 _____ () C:\Users\Michi\Desktop\CINEMA 4D.lnk
2014-11-16 18:56 - 2014-11-16 18:56 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\MAXON
2014-11-16 18:56 - 2014-11-16 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cinema 4D R12
2014-11-16 18:53 - 2014-11-16 18:56 - 00000000 ____D () C:\Program Files (x86)\Cinema 4D R12
2014-11-15 17:21 - 2014-10-22 04:34 - 00010777 _____ () C:\Windows\system32\AutoconfigV2.cab
2014-11-15 17:21 - 2014-10-22 04:33 - 00581016 _____ (Microsoft Corporation) C:\Windows\system32\AutoUpdate.exe
2014-11-15 17:21 - 2014-10-22 04:33 - 00462760 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-11-15 17:21 - 2014-10-22 02:08 - 00568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-11-15 17:21 - 2014-10-22 02:08 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-11-15 17:21 - 2014-10-22 02:01 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-11-15 17:21 - 2014-10-22 02:00 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2014-11-15 17:20 - 2014-10-22 02:01 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2014-11-15 17:20 - 2014-10-22 02:01 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-11-14 19:02 - 2014-07-15 23:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-11-14 18:57 - 2014-06-10 23:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-11-14 18:57 - 2014-06-10 23:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-11-14 18:54 - 2014-10-11 08:44 - 19764736 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-11-14 18:54 - 2014-10-11 06:57 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-11-14 18:54 - 2014-10-09 04:59 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-11-14 18:54 - 2014-10-09 04:59 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-11-14 18:54 - 2014-10-09 04:58 - 00458240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2014-11-14 18:54 - 2014-09-26 07:30 - 01484288 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2014-11-14 18:54 - 2014-09-22 06:38 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2014-11-14 18:54 - 2014-09-22 04:56 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-11-14 18:54 - 2014-09-18 00:24 - 00987136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmclient.dll
2014-11-14 18:54 - 2014-09-18 00:24 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmscan.dll
2014-11-14 18:54 - 2014-09-18 00:24 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srm.dll
2014-11-14 18:54 - 2014-09-18 00:24 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adrclient.dll
2014-11-14 18:54 - 2014-09-17 23:57 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\srmclient.dll
2014-11-14 18:54 - 2014-09-17 23:57 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\srmscan.dll
2014-11-14 18:54 - 2014-09-17 23:57 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\srm.dll
2014-11-14 18:54 - 2014-09-17 23:57 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\adrclient.dll
2014-11-13 18:02 - 2014-10-18 09:44 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 18:02 - 2014-10-18 08:05 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 18:02 - 2014-10-11 09:35 - 00171840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 18:02 - 2014-10-11 08:45 - 10115072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-11-13 18:02 - 2014-10-11 08:44 - 03248640 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-13 18:02 - 2014-10-11 08:44 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 18:02 - 2014-10-11 08:44 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-11-13 18:02 - 2014-10-11 08:44 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-11-13 18:02 - 2014-10-11 08:43 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-13 18:02 - 2014-10-11 08:43 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 18:02 - 2014-10-11 06:58 - 08858624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-11-13 18:02 - 2014-10-11 06:57 - 02416640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-13 18:02 - 2014-10-11 06:57 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-11-13 18:02 - 2014-10-11 06:57 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-11-13 18:02 - 2014-10-11 06:56 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-11-13 18:02 - 2014-10-11 06:41 - 00713728 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 18:02 - 2014-10-11 06:41 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 18:02 - 2014-10-11 06:05 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 18:02 - 2014-10-11 06:04 - 00713728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 18:02 - 2014-10-03 02:21 - 00522728 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 18:02 - 2014-10-02 23:29 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 18:02 - 2014-10-02 23:29 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 18:02 - 2014-10-02 23:29 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-11-13 18:02 - 2014-10-02 00:05 - 04068864 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 18:02 - 2014-09-13 07:24 - 02233152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-11-13 18:02 - 2014-09-06 01:46 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-11-13 18:02 - 2014-09-03 03:48 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2014-11-13 18:02 - 2014-09-03 03:22 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2014-11-13 18:02 - 2014-08-29 05:17 - 02043392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-11-13 18:02 - 2014-08-29 05:17 - 00227328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-11-13 18:02 - 2014-08-29 05:04 - 02837504 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-11-13 18:02 - 2014-08-29 05:04 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-11-13 18:02 - 2014-08-28 07:04 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSCOMEX.dll
2014-11-13 18:02 - 2014-08-28 07:04 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-11-13 18:02 - 2014-08-28 06:59 - 00616448 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-11-13 18:02 - 2014-08-28 06:59 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2014-11-13 18:02 - 2014-08-28 06:59 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\FXSTIFF.dll
2014-11-13 18:02 - 2014-08-28 06:59 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\FXST30.dll
2014-11-13 18:02 - 2014-07-24 14:12 - 00328512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-11-13 18:01 - 2014-10-23 13:47 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 18:01 - 2014-10-23 12:04 - 00068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 18:01 - 2014-09-25 00:29 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 18:01 - 2014-09-25 00:29 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2014-11-13 18:01 - 2014-09-25 00:01 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 18:01 - 2014-09-25 00:01 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2014-11-13 18:01 - 2014-09-22 06:53 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-11-13 18:01 - 2014-08-26 23:08 - 00270024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-11-13 18:01 - 2014-08-22 00:56 - 01418752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 18:01 - 2014-08-22 00:27 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 18:00 - 2014-10-26 02:56 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 18:00 - 2014-10-26 02:56 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 18:00 - 2014-10-26 02:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-11-13 18:00 - 2014-10-26 02:56 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-11-13 18:00 - 2014-10-26 02:56 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 18:00 - 2014-10-26 02:55 - 19284480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 18:00 - 2014-10-26 02:55 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 18:00 - 2014-10-26 02:55 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 18:00 - 2014-10-26 02:55 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 18:00 - 2014-10-26 02:54 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 18:00 - 2014-10-26 02:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 18:00 - 2014-10-26 02:54 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 18:00 - 2014-10-26 02:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-13 18:00 - 2014-10-26 02:54 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 18:00 - 2014-10-26 02:54 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 18:00 - 2014-10-26 02:54 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 18:00 - 2014-10-26 02:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-13 18:00 - 2014-10-26 02:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 18:00 - 2014-10-26 02:54 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 18:00 - 2014-10-26 02:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 18:00 - 2014-10-26 02:53 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 18:00 - 2014-10-26 01:36 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 18:00 - 2014-10-26 01:35 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 18:00 - 2014-10-26 01:35 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 18:00 - 2014-10-26 01:35 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 18:00 - 2014-10-26 01:35 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-13 18:00 - 2014-10-26 01:35 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 18:00 - 2014-10-26 01:35 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-11-13 18:00 - 2014-10-26 01:34 - 13758464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 18:00 - 2014-10-26 01:34 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 18:00 - 2014-10-26 01:34 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 18:00 - 2014-10-26 01:34 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 18:00 - 2014-10-26 01:34 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-13 18:00 - 2014-10-26 01:34 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 18:00 - 2014-10-26 01:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-13 18:00 - 2014-10-26 01:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 18:00 - 2014-10-26 01:34 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-13 18:00 - 2014-10-26 01:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-13 18:00 - 2014-10-26 01:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 18:00 - 2014-10-26 01:34 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-13 18:00 - 2014-10-26 01:19 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 18:00 - 2014-10-26 01:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-13 18:00 - 2014-10-25 22:48 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-11-11 16:35 - 2014-11-11 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-10 18:32 - 2014-11-10 18:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-09 16:31 - 2014-11-09 16:31 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-11-09 15:43 - 2014-11-16 19:02 - 00000000 ___RD () C:\Users\Michi\Desktop\Batch Stuff
2014-11-07 17:45 - 2014-11-07 17:45 - 00000000 ____D () C:\Users\Michi\AppData\Local\fabi.me
2014-11-06 22:14 - 2014-11-22 11:27 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\.minecraft
2014-11-06 22:10 - 2014-11-06 22:10 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\java
2014-11-06 18:40 - 2014-11-06 18:43 - 00000026 _____ () C:\Users\Michi\AppData\Local\isoworkshop.ini
2014-11-06 18:33 - 2014-11-06 18:33 - 00000000 ____D () C:\ProgramData\ATI
2014-11-06 18:32 - 2014-11-06 18:32 - 00062044 _____ () C:\Windows\SysWOW64\CCCInstall_201411061832378733.log
2014-11-06 18:32 - 2014-11-06 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-11-06 18:32 - 2014-11-06 18:32 - 00000000 ____D () C:\Program Files\ATI
2014-11-06 18:32 - 2014-11-06 18:32 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-11-06 18:31 - 2014-11-06 18:32 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-11-06 18:29 - 2014-11-06 18:29 - 00054772 _____ () C:\Windows\SysWOW64\CCCInstall_201411061829301408.log
2014-11-06 18:04 - 2014-11-06 18:04 - 00001279 _____ () C:\Users\Michi\Desktop\Landwirtschafts Simulator 15 .lnk
2014-11-06 18:04 - 2014-11-06 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2015
2014-11-06 18:00 - 2014-11-06 19:07 - 00000000 ____D () C:\Program Files (x86)\Landwirtschafts Simulator 2015
2014-11-06 17:59 - 2014-11-06 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2014-11-06 17:59 - 2014-11-06 17:59 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-11-06 17:56 - 2014-11-06 17:56 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-11-04 18:15 - 2014-11-15 20:04 - 00001088 _____ () C:\Users\Michi\pixinsight-license
2014-11-04 18:14 - 2014-11-04 18:22 - 00000000 ____D () C:\Program Files\PixInsight
2014-11-04 18:14 - 2014-11-04 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PixInsight Platform
2014-11-02 22:40 - 2014-11-02 22:40 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-10-28 19:52 - 2014-10-28 19:52 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DeepSkyStacker
2014-10-28 19:52 - 2014-10-28 19:52 - 00000000 ____D () C:\Program Files (x86)\DeepSkyStacker
2014-10-28 12:05 - 2014-11-06 18:24 - 00000000 ____D () C:\Program Files (x86)\FITS Liberator
2014-10-28 00:23 - 2014-10-28 00:23 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-28 00:23 - 2014-10-28 00:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-28 00:23 - 2014-10-28 00:23 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-27 23:52 - 2014-10-27 23:52 - 00003120 _____ () C:\Windows\SysWOW64\syswgIip.ocx
2014-10-27 23:52 - 2014-10-27 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProDigital Software
2014-10-25 18:03 - 2014-10-25 18:03 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft ICE
2014-10-25 18:03 - 2014-10-25 18:03 - 00000000 ____D () C:\Program Files\Microsoft Research
2014-10-24 20:55 - 2014-10-24 20:55 - 00000000 ____D () C:\Users\Michi\LuminanceHDR
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-22 12:37 - 2013-11-06 19:37 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Skype
2014-11-22 12:37 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-11-22 11:52 - 2013-10-22 15:44 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\ClassicShell
2014-11-22 11:26 - 2013-11-06 19:31 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-22 11:22 - 2014-07-17 17:04 - 01482133 _____ () C:\Windows\WindowsUpdate.log
2014-11-22 11:14 - 2013-12-09 18:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-22 11:10 - 2014-08-17 18:35 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-22 11:03 - 2014-08-17 19:33 - 00000000 ____D () C:\Users\Michi\AppData\Local\Adobe
2014-11-22 11:02 - 2014-08-17 18:35 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-21 23:20 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-11-20 16:30 - 2013-10-22 15:50 - 00000000 ___RD () C:\Users\Michi\Desktop\Michi
2014-11-19 22:46 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2014-11-19 22:46 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-11-19 22:29 - 2013-12-08 17:44 - 00000000 ____D () C:\Users\Michi\Documents\Outlook-Dateien
2014-11-19 21:48 - 2012-07-26 11:27 - 01903944 _____ () C:\Windows\system32\perfh007.dat
2014-11-19 21:48 - 2012-07-26 11:27 - 00499256 _____ () C:\Windows\system32\perfc007.dat
2014-11-19 21:48 - 2012-07-26 08:28 - 00005430 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-19 21:43 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-19 21:43 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-11-19 18:45 - 2014-08-20 10:27 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\vlc
2014-11-16 19:15 - 2013-10-21 19:26 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-203259023-386501227-1076918401-1001
2014-11-16 19:00 - 2014-09-26 15:55 - 00000000 ____D () C:\Games
2014-11-16 17:03 - 2014-08-17 18:35 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-16 17:03 - 2014-08-17 18:35 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-15 11:45 - 2014-07-20 19:31 - 05113624 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-15 11:45 - 2014-06-15 12:17 - 00000425 _____ () C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-11-15 11:45 - 2013-10-16 21:19 - 00000000 ____D () C:\Intel
2014-11-14 19:47 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData
2014-11-14 19:47 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-14 19:47 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-14 19:47 - 2012-07-26 09:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-14 19:47 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-14 19:47 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-14 19:47 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-14 19:13 - 2013-10-28 21:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-14 19:00 - 2013-10-24 18:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 17:51 - 2014-01-02 21:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-11 21:17 - 2013-12-09 18:13 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-11 18:56 - 2014-06-17 16:46 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Notepad++
2014-11-11 16:38 - 2014-08-17 18:35 - 00000000 ____D () C:\Users\Michi\AppData\Local\Google
2014-11-11 16:35 - 2014-08-17 18:35 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-10 15:51 - 2014-06-11 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-10 15:51 - 2014-06-11 16:44 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-10 15:51 - 2013-10-21 19:44 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-07 18:06 - 2013-10-21 19:56 - 00000000 ____D () C:\Users\Michi\AppData\Local\FSP
2014-11-06 18:36 - 2014-07-20 17:42 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Raptr
2014-11-06 18:32 - 2014-07-30 09:51 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-11-06 18:32 - 2013-10-21 19:45 - 00000000 ____D () C:\ProgramData\AMD
2014-11-06 18:31 - 2014-01-03 18:47 - 00000000 ____D () C:\AMD
2014-11-06 18:13 - 2013-10-23 19:08 - 00000000 ____D () C:\Users\Michi\Documents\My Games
2014-11-04 18:15 - 2013-10-21 19:20 - 00000000 ____D () C:\Users\Michi
2014-11-04 18:14 - 2014-09-17 19:54 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Pleiades
2014-11-03 15:54 - 2014-10-18 22:10 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-03 15:54 - 2014-10-18 22:10 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-02 18:53 - 2013-10-28 21:32 - 00000000 ____D () C:\Users\Michi\AppData\Local\Microsoft Help
2014-10-31 23:26 - 2013-10-24 18:14 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-30 13:09 - 2013-10-21 22:40 - 00007611 _____ () C:\Users\Michi\AppData\Local\Resmon.ResmonCfg
2014-10-30 01:53 - 2012-07-26 09:14 - 00713672 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-30 01:53 - 2012-07-26 09:14 - 00106432 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-28 00:23 - 2013-12-09 18:04 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-27 23:52 - 2014-09-24 14:32 - 00000000 ____D () C:\Users\Michi\AppData\Local\ProDigital
2014-10-27 23:52 - 2014-09-24 14:32 - 00000000 ____D () C:\ProgramData\ProDigitalSoftware
2014-10-27 23:52 - 2014-09-24 14:32 - 00000000 ____D () C:\Program Files\ProDigital Software
2014-10-27 23:52 - 2014-09-24 14:32 - 00000000 ____D () C:\Program Files (x86)\ProDigital Software
2014-10-26 21:10 - 2013-11-07 17:53 - 00000000 ____D () C:\ProgramData\Origin
2014-10-25 17:41 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-10-24 21:22 - 2014-01-08 13:41 - 00000000 ____D () C:\Users\Michi\AppData\Local\HP
Some content of TEMP:
====================
C:\Users\Michi\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-14 15:25
==================== End Of Log ============================
Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-11-2014
Ran by Michi at 2014-11-22 12:41:17
Running from C:\Users\Michi\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Airplane Mode Hid Installer (HKLM-x32\...\InstallShield_{5E5B067F-52A4-447E-A3F1-D6DD10565E73}) (Version: 2.0.0.3 - )
Airplane Mode Hid Installer (x32 Version: 2.0.0.3 - ) Hidden
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Antichamber (HKLM-x32\...\Steam App 219890) (Version: - Alexander Bruce)
AuthenTec Fingerprint Driver (Version: 1.6.1.0342 - AuthenTec) Hidden
AuthenTec TrueSuite (HKLM\...\{9A4D399F-F790-4326-A9E4-64DF25E0EBE1}) (Version: 5.2.500.16 - AuthenTec, Inc.)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth)
Botanicula (HKLM-x32\...\Steam App 207690) (Version: - Amanita Design)
Brothers - A Tale of Two Sons (HKLM-x32\...\Steam App 225080) (Version: - Starbreeze Studios AB)
Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version: - Criterion Games)
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version: - The Behemoth)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Cinema 4D version R12 (HKLM-x32\...\{7D9D8134-9FA3-4FFF-ADA1-BF609F29997A}_is1) (Version: R12 - Salat Production)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
DeepSkyStacker (HKLM-x32\...\{350E3960-DE20-4FE6-9E6B-26B464AD27FD}) (Version: 3.2.0 - )
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Die Sims™ 3 Design-Garten-Accessoires (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.3.2 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Inselparadies (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
Die Sims™ 3 Luxus-Accessoires (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.13.1 - Electronic Arts)
Die Sims™ 3 Stadt-Accessoires (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
Die Sims™ 3 Wildes Studentenleben (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version: - Klei Entertainment)
Elements 10 Organizer (x32 Version: 10.0 - Ihr Firmenname) Hidden
f.lux (HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\Flux) (Version: - )
Finger Printer (HKLM-x32\...\InstallShield_{793C03D1-884D-4C11-A7F6-07F3FDF10066}) (Version: 2.01.0000 - )
Finger Printer (x32 Version: 2.01.0000 - ) Hidden
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 9.4.3.7 - Sentelic)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - Subset Games)
FUEL (HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\{F51FF206-2273-4B3E-A90A-4752AE288C12}) (Version: 1.00.0000 - Codemasters)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Gyazo 2.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
Hotkey 8.0124 (HKLM-x32\...\InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}) (Version: 8.0124 - NoteBook)
Hotkey 8.0124 (x32 Version: 8.0124 - NoteBook) Hidden
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Insyde Airplane Mode HID Mini-Driver (HKLM\...\AirplaneModeHid) (Version: 1.2.0.0 - Insyde Corporation)
Intel Extreme Tuning Utility (HKLM-x32\...\{31819788-e939-40f7-91f1-4fbf305ed0d7}) (Version: 4.0.6.17 - Intel Corporation)
Intel Extreme Tuning Utility (x32 Version: 4.0.6.17 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1287 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1423.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0464 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}) (Version: 16.11.0 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\3FD0C489-0F02-481a-A3E1-9754CD396761) (Version: - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version: - Squad)
Landwirtschafts Simulator 15 (HKLM-x32\...\FarmingSimulator2015DE_is1) (Version: 1.1.0.0 - GIANTS Software)
Machinarium (HKLM-x32\...\Steam App 40700) (Version: - Amanita Design)
McPixel (HKLM-x32\...\Steam App 220860) (Version: - Sos)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
My Game Long Name (HKLM\...\UDK-e224f151-6dc6-4e19-96f3-c729cd613bc2) (Version: - Epic Games, Inc.)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.6 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.10.4710 - Electronic Arts, Inc.)
ORION: Dino Horde (HKLM-x32\...\Steam App 104900) (Version: - Spiral Game Studios)
Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version: - 3909)
Paragon Backup & Recovery™ 2013 Free (HKLM-x32\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Photomatix Pro Version 5.0.4 (HKLM\...\PhotomatixPro5x64_is1) (Version: 5.0.4 - HDRsoft Ltd)
PixInsight Core for Windows (HKLM-x32\...\PCL64) (Version: - )
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
R.U.S.E (HKLM-x32\...\Steam App 21970) (Version: - Eugen Systems)
RAPID Mode (Version: 1.0.1.68 - Samsung Electronics Co., Ltd.) Hidden
Raptr (HKLM-x32\...\Raptr) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6870 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.27036 - Realtek Semiconductor Corp.)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version: - Tripwire Interactive)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.4.0 - Samsung Electronics)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shelter (HKLM-x32\...\Steam App 244710) (Version: - Might and Delight)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Sound Blaster X-Fi MB3 (HKLM-x32\...\{3689CE39-3173-4952-B7AF-F1A9D6F9A288}) (Version: 1.00.01 - Creative Technology Limited)
StarSpikes Pro 3 (HKLM\...\{FA363938-8C28-4267-AD49-F9079BD62BA0}) (Version: 3.1.1.0 - ProDigital Software)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stellarium 0.13.0 (HKLM-x32\...\Stellarium_is1) (Version: 0.13.0 - Stellarium team)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version: - CD Projekt RED)
Thomas Was Alone (HKLM-x32\...\Steam App 220780) (Version: - Mike Bithell)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version: - Nadeo)
Trials Fusion (HKLM-x32\...\Steam App 245490) (Version: - RedLynx, in collaboration with Ubisoft Shanghai, Ubisoft Kiev)
Unity Web Player (HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version: - Ubisoft)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows-Treiberpaket - Insyde (AirplaneModeHid) HIDClass (12/22/2012 1.2.0.0) (HKLM\...\F7113EB21220F70774B94DB60BA4FE35AE3C8503) (Version: 12/22/2012 1.2.0.0 - Insyde)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-203259023-386501227-1076918401-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
==================== Restore Points =========================
17-11-2014 18:33:42 Geplanter Prüfpunkt
20-11-2014 16:08:48 Formel X wird installiert
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {21228D52-2E76-4F31-8C3C-0DF4884B0930} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2014-07-03] ()
Task: {305D658C-3530-4420-8EC3-A63360344730} - System32\Tasks\AdobeAAMUpdater-1.0-Michi-PC-Michi => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {57AAF9F2-C182-494D-A1AC-4B9C28C4263A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-17] (Google Inc.)
Task: {74634ECF-1479-4C2D-8101-3010BCA9692A} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-05-19] (Samsung Electronics.)
Task: {75B185D5-E5B9-40F6-BD60-EF6C47DDFB64} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {7B7B1F60-0F11-423B-92A7-1E4DBEC9B00F} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {C0F375EE-C660-4FC2-8ABE-BCB8ED5B3580} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)
Task: {CF41C119-40DA-496B-899D-4CBF1205E4D7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-10-31] (Microsoft Corporation)
Task: {E585629A-9493-4E07-B84C-3C8D4F8D5C7D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-17] (Google Inc.)
Task: {E9BA0DDC-A447-402D-91FE-5E89ABC2C27A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-11-19 19:58 - 2014-06-28 09:52 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-05-29 17:51 - 2013-05-29 17:51 - 00047104 _____ () C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2013-10-21 20:08 - 2013-10-21 20:08 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-08-24 03:38 - 2012-08-24 03:38 - 04069224 _____ () C:\Program Files\AuthenTec TrueSuite\x86\IEWebSiteLogon.exe
2013-10-28 17:24 - 2013-01-25 11:08 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2013-10-28 17:24 - 2013-01-25 11:06 - 00328704 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2013-06-26 15:49 - 2013-06-26 15:49 - 04815360 _____ () C:\Program Files (x86)\Hotkey\Hotkey.exe
2014-10-23 20:19 - 2014-10-23 20:19 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2012-08-24 03:37 - 2012-08-24 03:37 - 01136488 _____ () C:\Program Files\AuthenTec TrueSuite\DataManager.dll
2012-08-24 03:38 - 2012-08-24 03:38 - 00087400 _____ () C:\Program Files\AuthenTec TrueSuite\ssutil.dll
2013-10-21 20:03 - 2013-02-16 07:17 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2012-08-24 03:38 - 2012-08-24 03:38 - 00905064 _____ () C:\Program Files\AuthenTec TrueSuite\x86\DataManager.dll
2014-11-10 18:32 - 2014-11-10 18:32 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-11-22 12:38 - 2014-11-22 12:38 - 00037888 _____ () C:\Users\Michi\AppData\Local\Temp\WDEB3BA.tmp\ombrowser.lng
2013-11-26 16:40 - 2013-11-26 16:40 - 00333824 _____ () C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "Secunia PSI Tray.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run32: => "ApnTBMon"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\StartupApproved\StartupFolder: => "Samsung Magician.lnk"
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\StartupApproved\StartupFolder: => "Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk"
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\StartupApproved\Run: => "HP Officejet Pro 8600 (NET)"
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\StartupApproved\Run: => "Raptr"
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\StartupApproved\Run: => "HydraVisionDesktopManager"
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\StartupApproved\Run: => "Gyazo"
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\StartupApproved\Run: => "BihxiCaklu"
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
========================= Accounts: ==========================
Administrator (S-1-5-21-203259023-386501227-1076918401-500 - Administrator - Disabled)
Gast (S-1-5-21-203259023-386501227-1076918401-501 - Limited - Disabled)
Michi (S-1-5-21-203259023-386501227-1076918401-1001 - Administrator - Enabled) => C:\Users\Michi
==================== Faulty Device Manager Devices =============
Name: Intel(R) Centrino(R) Wireless Bluetooth(R) 4.0 + High Speed Adapter
Description: Intel(R) Centrino(R) Wireless Bluetooth(R) 4.0 + High Speed Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/21/2014 11:00:15 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-203259023-386501227-1076918401-1001}/">.
Error: (11/20/2014 05:09:41 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-203259023-386501227-1076918401-1001}/">.
Error: (11/20/2014 05:09:37 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-203259023-386501227-1076918401-1001}/">.
Error: (11/19/2014 10:45:01 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-203259023-386501227-1076918401-1001}/">.
Error: (11/19/2014 09:48:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (11/19/2014 09:48:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (11/19/2014 09:48:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (11/19/2014 06:47:51 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-203259023-386501227-1076918401-1001}/">.
Error: (11/19/2014 03:34:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (11/19/2014 03:34:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (11/19/2014 09:45:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126
Error: (11/19/2014 07:37:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (11/19/2014 07:37:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (11/17/2014 07:54:45 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung vom Remoteendpunkt empfangen. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40.
Error: (11/17/2014 05:00:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126
Error: (11/17/2014 04:58:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/17/2014 04:58:52 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit dem folgenden dienstspezifischen Fehler beendet:
%%2147749126
Error: (11/16/2014 09:47:38 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 16.11.2014 um 21:43:24 unerwartet heruntergefahren.
Error: (11/16/2014 06:54:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Secunia PSI Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/15/2014 08:00:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Microsoft Office Sessions:
=========================
Error: (11/21/2014 11:00:15 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-203259023-386501227-1076918401-1001}/
Error: (11/20/2014 05:09:41 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-203259023-386501227-1076918401-1001}/
Error: (11/20/2014 05:09:37 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-203259023-386501227-1076918401-1001}/
Error: (11/19/2014 10:45:01 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-203259023-386501227-1076918401-1001}/
Error: (11/19/2014 09:48:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F2030000E5050000
Error: (11/19/2014 09:48:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000
Error: (11/19/2014 09:48:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance163707000000000000000000008F020000
Error: (11/19/2014 06:47:51 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-203259023-386501227-1076918401-1001}/
Error: (11/19/2014 03:34:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Cinema 4D R12\resource\modules\python\res\Python.win32.framework\Lib\distutils\command\wininst-8_d.exe
Error: (11/19/2014 03:34:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Cinema 4D R12\resource\modules\python\res\Python.win64.framework\Lib\distutils\command\wininst-8_d.exe
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 43%
Total physical RAM: 8111.97 MB
Available physical RAM: 4581.43 MB
Total Pagefile: 9327.97 MB
Available Pagefile: 5502.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:238.13 GB) (Free:54.31 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: F84E124F)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
23.11.2014, 07:58
| #4 |
| /// the machine /// TB-Ausbilder | Avira meldet Funde (TR/Crypt.ZPACK.104691) Hi, Passwörter von anderem Rechner aus ändern. Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.11.2014, 11:20
| #5 |
| | Avira meldet Funde (TR/Crypt.ZPACK.104691) Hi, habe ComboFix runtergeladen und scannen lassen. Obwohl ich meinen Virenscanner deaktiviert habe bevor ich den Scan startete, meldete Avira sich noch einmal und sagte, es habe Zugriff auf die Registry blockiert. Von ComboFix aber kam keine Meldung, und der Scan lief ohne Fehler durch Hier ist die Combofix.txt Code:
ATTFilter ComboFix 14-11-18.01 - Michi 23.11.2014 11:05:39.1.8 - x64
Microsoft Windows 8 Pro 6.2.9200.0.1252.49.1031.18.8112.4698 [GMT 1:00]
ausgeführt von:: c:\users\Michi\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\Roaming
c:\users\Michi\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mi55ozh8.default\searchplugins\trovi-search.xml
c:\windows\msdownld.tmp
c:\windows\SysWow64\SET139C.tmp
c:\windows\SysWow64\SET14E2.tmp
c:\windows\SysWow64\out.txt . . . . Nicht in der Lage zu löschen
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-10-23 bis 2014-11-23 ))))))))))))))))))))))))))))))
.
.
2014-11-23 10:08 . 2014-11-23 10:09 -------- d-----w- c:\users\Michi\AppData\Local\temp
2014-11-23 10:08 . 2014-11-23 10:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-22 12:00 . 2014-11-22 12:00 -------- d-----w- c:\users\Michi\AppData\Roaming\XCPCSync.OEM
2014-11-22 12:00 . 2014-11-22 12:00 -------- d-----w- c:\users\Michi\AppData\Roaming\Research In Motion
2014-11-22 12:00 . 2014-11-22 12:00 -------- d-----w- c:\users\Michi\AppData\Local\Research In Motion
2014-11-22 12:00 . 2012-12-10 14:48 44544 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys
2014-11-22 12:00 . 2014-11-22 12:00 -------- d-----w- c:\programdata\Research In Motion
2014-11-22 11:59 . 2014-11-22 11:59 -------- d-----w- c:\program files (x86)\Common Files\XCPCSync.OEM
2014-11-22 11:59 . 2014-11-22 11:59 -------- d-----w- c:\program files (x86)\Common Files\Research in Motion
2014-11-22 11:59 . 2014-11-22 11:59 -------- d-----w- c:\program files (x86)\Research In Motion
2014-11-22 11:40 . 2014-11-22 11:41 -------- d-----w- C:\FRST
2014-11-19 21:46 . 2014-11-23 09:58 -------- d-----w- c:\windows\system32\AutoUpdateLicense
2014-11-19 19:50 . 2014-11-19 20:43 -------- d-----w- c:\programdata\BihxiCaklu
2014-11-18 18:40 . 2014-11-08 11:22 238080 ----a-w- c:\windows\system32\pku2u.dll
2014-11-18 18:40 . 2014-11-08 11:21 827904 ----a-w- c:\windows\system32\kerberos.dll
2014-11-18 18:40 . 2014-11-08 06:57 187904 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-18 18:40 . 2014-11-08 06:56 666624 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-16 17:56 . 2014-11-16 17:56 -------- d-----w- c:\users\Michi\AppData\Roaming\MAXON
2014-11-16 17:53 . 2014-11-16 17:56 -------- d-----w- c:\program files (x86)\Cinema 4D R12
2014-11-15 18:50 . 2014-07-12 06:46 3262976 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-11-15 18:50 . 2014-07-03 01:59 1824784 ----a-w- c:\windows\system32\ntdll.dll
2014-11-15 16:21 . 2014-10-22 03:33 581016 ----a-w- c:\windows\system32\AutoUpdate.exe
2014-11-15 16:21 . 2014-10-22 03:33 462760 ----a-w- c:\windows\system32\NotificationUI.exe
2014-11-15 16:21 . 2014-10-22 01:08 568832 ----a-w- c:\windows\SysWow64\WSShared.dll
2014-11-15 16:21 . 2014-10-22 01:08 124928 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-11-15 16:21 . 2014-10-22 01:01 695808 ----a-w- c:\windows\system32\WSShared.dll
2014-11-15 16:21 . 2014-10-22 01:00 125952 ----a-w- c:\windows\system32\WinSetupUI.dll
2014-11-15 16:20 . 2014-10-22 01:01 198656 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.dll
2014-11-15 16:20 . 2014-10-22 01:01 163840 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-11-14 18:02 . 2014-07-15 22:51 71168 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2014-11-14 17:57 . 2014-06-10 22:44 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-11-14 17:57 . 2014-06-10 22:43 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-11-13 17:02 . 2014-10-11 07:43 1281536 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-13 17:01 . 2014-09-06 00:46 1532584 ----a-w- c:\program files\Windows Defender\DbgHelp.dll
2014-11-13 17:00 . 2014-10-26 01:56 1409536 ----a-w- c:\windows\system32\urlmon.dll
2014-11-11 14:59 . 2014-11-11 14:59 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-11-07 16:45 . 2014-11-07 16:45 -------- d-----w- c:\users\Michi\AppData\Local\fabi.me
2014-11-06 21:14 . 2014-11-22 18:30 -------- d-----w- c:\users\Michi\AppData\Roaming\.minecraft
2014-11-06 21:10 . 2014-11-06 21:10 -------- d-----w- c:\users\Michi\AppData\Roaming\java
2014-11-06 17:33 . 2014-11-06 17:33 -------- d-----w- c:\programdata\ATI
2014-11-06 17:32 . 2014-11-06 17:32 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2014-11-06 17:32 . 2014-11-06 17:32 -------- d-----w- c:\program files (x86)\AMD AVT
2014-11-06 17:32 . 2014-11-06 17:32 -------- d-----w- c:\program files\ATI
2014-11-06 17:31 . 2014-11-06 17:32 -------- d-----w- c:\program files\ATI Technologies
2014-11-06 17:00 . 2014-11-06 18:07 -------- d-----w- c:\program files (x86)\Landwirtschafts Simulator 2015
2014-11-06 16:59 . 2014-11-06 16:59 -------- d-----w- c:\program files (x86)\Elaborate Bytes
2014-11-06 16:56 . 2014-11-06 16:56 -------- d-----w- c:\programdata\DAEMON Tools Lite
2014-11-04 17:14 . 2014-11-04 17:22 -------- d-----w- c:\program files\PixInsight
2014-11-02 21:40 . 2014-11-02 21:40 -------- d-----w- c:\program files (x86)\OpenAL
2014-10-28 18:52 . 2014-10-28 18:52 -------- d-----w- c:\program files (x86)\DeepSkyStacker
2014-10-28 11:05 . 2014-11-06 17:24 -------- d-----w- c:\program files (x86)\FITS Liberator
2014-10-27 23:23 . 2014-10-27 23:23 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-10-27 23:23 . 2014-10-27 23:23 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-27 23:23 . 2014-10-27 23:23 -------- d-----w- c:\program files (x86)\Java
2014-10-25 17:03 . 2014-10-25 17:03 -------- d-----w- c:\program files\Microsoft Research
2014-10-24 19:55 . 2014-10-24 19:55 -------- d-----w- c:\users\Michi\LuminanceHDR
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-15 10:45 . 2014-06-15 11:17 425 ----a-w- c:\windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-10-31 22:26 . 2013-10-24 17:14 103374192 ----a-w- c:\windows\system32\MRT.exe
2014-10-30 00:53 . 2012-07-26 08:14 713672 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-30 00:53 . 2012-07-26 08:14 106432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-09 14:35 . 2013-11-19 19:05 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-10-09 14:35 . 2013-11-19 18:58 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-10-09 14:13 . 2013-11-19 18:55 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-10-09 08:59 . 2014-06-11 15:51 43064 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-10-09 08:59 . 2014-06-11 15:47 131608 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-10-09 08:59 . 2014-06-11 15:47 119272 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-10-03 16:37 . 2014-10-03 16:37 734720 ----a-w- c:\windows\system32\MetroIntelGenericUIFramework.dll
2014-10-03 16:37 . 2014-10-03 16:37 82432 ----a-w- c:\windows\system32\Intel_OpenCL_ICD64.dll
2014-10-03 16:37 . 2014-10-03 16:37 74240 ----a-w- c:\windows\SysWow64\Intel_OpenCL_ICD32.dll
2014-10-03 16:36 . 2014-10-03 16:36 372224 ----a-w- c:\windows\system32\IntelOpenCL64.dll
2014-10-03 16:36 . 2014-10-03 16:36 304128 ----a-w- c:\windows\SysWow64\IntelOpenCL32.dll
2014-10-03 16:36 . 2014-10-03 16:36 279952 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2014-10-03 16:36 . 2014-10-03 16:36 183296 ----a-w- c:\windows\system32\igfxCoIn_v3960.dll
2014-10-03 16:36 . 2014-10-03 16:36 1137080 ----a-w- c:\windows\system32\iglhsip64.dll
2014-10-03 16:36 . 2014-10-03 16:36 5120 ----a-w- c:\windows\system32\igfxLHMLibv2_0.dll
2014-10-03 16:36 . 2014-10-03 16:36 5120 ----a-w- c:\windows\system32\igfxLHMLib.dll
2014-10-03 16:36 . 2014-10-03 16:36 457616 ----a-w- c:\windows\system32\igfxTray.exe
2014-10-03 16:36 . 2014-10-03 16:36 372736 ----a-w- c:\windows\system32\igfxOSP.dll
2014-10-03 16:36 . 2014-10-03 16:36 31408 ----a-w- c:\windows\system32\igfxexps.dll
2014-10-03 16:36 . 2014-10-03 16:36 30720 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2014-10-03 16:36 . 2014-10-03 16:36 220392 ----a-w- c:\windows\system32\iglhcp64.dll
2014-10-03 16:36 . 2014-10-03 16:36 195984 ----a-w- c:\windows\system32\igfxext.exe
2014-10-03 16:36 . 2014-10-03 16:36 184312 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2014-10-03 16:36 . 2014-10-03 16:36 1132960 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2014-10-03 16:36 . 2014-10-03 16:36 10240 ----a-w- c:\windows\system32\igfxEMLibv2_0.dll
2014-10-03 16:36 . 2014-10-03 16:36 10240 ----a-w- c:\windows\system32\igfxEMLib.dll
2014-10-03 16:36 . 2014-07-21 17:18 304016 ----a-w- c:\windows\system32\igfxEM.exe
2014-10-03 16:36 . 2014-07-21 17:18 246672 ----a-w- c:\windows\system32\igfxHK.exe
2014-10-03 16:36 . 2014-05-20 22:33 2020352 ----a-w- c:\windows\system32\igfxLHM.dll
2014-10-03 16:36 . 2014-10-03 16:36 69632 ----a-w- c:\windows\system32\igfxDHLibv2_0.dll
2014-10-03 16:36 . 2014-10-03 16:36 69632 ----a-w- c:\windows\system32\igfxCUIServicePS.dll
2014-10-03 16:36 . 2014-10-03 16:36 59392 ----a-w- c:\windows\system32\igfxDHLib.dll
2014-10-03 16:36 . 2014-10-03 16:36 254976 ----a-w- c:\windows\system32\igfxCPL.cpl
2014-10-03 16:36 . 2014-10-03 16:36 224256 ----a-w- c:\windows\system32\igfxDTCM.dll
2014-10-03 16:36 . 2014-10-03 16:36 207496 ----a-w- c:\windows\system32\igfxcmrt64.dll
2014-10-03 16:36 . 2014-10-03 16:36 206848 ----a-w- c:\windows\system32\igfx11cmrt64.dll
2014-10-03 16:36 . 2014-10-03 16:36 175024 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2014-10-03 16:36 . 2014-10-03 16:36 174592 ----a-w- c:\windows\SysWow64\igfx11cmrt32.dll
2014-10-03 16:36 . 2014-10-03 16:36 1365504 ----a-w- c:\windows\system32\igfxcmjit64.dll
2014-10-03 16:36 . 2014-10-03 16:36 10752 ----a-w- c:\windows\system32\igfxDILibv2_0.dll
2014-10-03 16:36 . 2014-10-03 16:36 10752 ----a-w- c:\windows\system32\igfxDILib.dll
2014-10-03 16:36 . 2014-10-03 16:36 1061376 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2014-10-03 16:36 . 2014-05-20 22:33 688640 ----a-w- c:\windows\system32\igfxDH.dll
2014-10-03 16:36 . 2014-05-20 22:33 329104 ----a-w- c:\windows\system32\igfxCUIService.exe
2014-10-03 16:36 . 2014-05-20 22:33 273408 ----a-w- c:\windows\system32\igfxDI.dll
2014-10-03 16:36 . 2013-03-20 10:31 24185400 ----a-w- c:\windows\system32\igdumdim64.dll
2014-10-03 16:36 . 2013-03-20 10:24 4619992 ----a-w- c:\windows\SysWow64\igdusc32.dll
2014-10-03 16:36 . 2013-03-20 10:23 5866864 ----a-w- c:\windows\system32\igdusc64.dll
2014-10-03 16:36 . 2013-03-20 10:32 23390216 ----a-w- c:\windows\SysWow64\igdumdim32.dll
2014-10-03 16:36 . 2014-10-03 16:36 8350720 ----a-w- c:\windows\system32\igdrcl64.dll
2014-10-03 16:36 . 2014-10-03 16:36 7816192 ----a-w- c:\windows\SysWow64\igdrcl32.dll
2014-10-03 16:36 . 2014-10-03 16:36 629272 ----a-w- c:\windows\system32\igdmd64.dll
2014-10-03 16:36 . 2014-10-03 16:36 510304 ----a-w- c:\windows\SysWow64\igdmd32.dll
2014-10-03 16:36 . 2014-10-03 16:36 4753336 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2014-10-03 16:36 . 2014-10-03 16:36 23987200 ----a-w- c:\windows\system32\igdfcl64.dll
2014-10-03 16:36 . 2014-10-03 16:36 18860032 ----a-w- c:\windows\SysWow64\igdfcl32.dll
2014-10-03 16:36 . 2014-10-03 16:36 397312 ----a-w- c:\windows\system32\igdbcl64.dll
2014-10-03 16:36 . 2014-10-03 16:36 349696 ----a-w- c:\windows\SysWow64\igdbcl32.dll
2014-10-03 16:36 . 2014-10-03 16:36 225792 ----a-w- c:\windows\system32\igdde64.dll
2014-10-03 16:36 . 2014-10-03 16:36 186368 ----a-w- c:\windows\SysWow64\igdde32.dll
2014-10-03 16:36 . 2014-10-03 16:36 17284400 ----a-w- c:\windows\system32\igd11dxva64.dll
2014-10-03 16:36 . 2014-10-03 16:36 162304 ----a-w- c:\windows\system32\igdail64.dll
2014-10-03 16:36 . 2014-10-03 16:36 144896 ----a-w- c:\windows\SysWow64\igdail32.dll
2014-10-03 16:36 . 2014-10-03 16:36 16810624 ----a-w- c:\windows\SysWow64\igd11dxva32.dll
2014-10-03 16:36 . 2014-10-03 16:36 7074488 ----a-w- c:\windows\SysWow64\igd10iumd32.dll
2014-10-03 16:36 . 2013-03-20 10:31 7773376 ----a-w- c:\windows\system32\igd10iumd64.dll
2014-10-03 16:36 . 2014-10-03 16:36 9097216 ----a-w- c:\windows\system32\ig75icd64.dll
2014-10-03 16:36 . 2014-10-03 16:36 7186432 ----a-w- c:\windows\SysWow64\ig75icd32.dll
2014-10-03 16:36 . 2014-10-03 16:36 87440 ----a-w- c:\windows\system32\DPTopologyAppv2_0.exe
2014-10-03 16:36 . 2014-10-03 16:36 768912 ----a-w- c:\windows\system32\Gfxv4_0.exe
2014-10-03 16:36 . 2014-10-03 16:36 765328 ----a-w- c:\windows\system32\Gfxv2_0.exe
2014-10-03 16:36 . 2014-10-03 16:36 418704 ----a-w- c:\windows\system32\GfxUIEx.exe
2014-10-03 16:36 . 2014-10-03 16:36 1131008 ----a-w- c:\windows\system32\GfxResources.dll
2014-10-03 16:36 . 2014-10-03 16:36 87952 ----a-w- c:\windows\system32\DPTopologyApp.exe
2014-10-03 16:36 . 2014-10-03 16:36 155536 ----a-w- c:\windows\system32\difx64.exe
2014-09-03 02:48 . 2014-10-15 14:04 510464 ----a-w- c:\windows\SysWow64\rastls.dll
2014-09-03 02:21 . 2014-10-15 14:04 585728 ----a-w- c:\windows\system32\rastls.dll
2014-08-28 11:34 . 2014-09-10 10:49 59400 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-28 06:05 . 2014-09-10 10:49 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2014-08-28 06:05 . 2014-09-10 10:49 86528 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-08-28 06:05 . 2014-09-10 10:49 630272 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-08-28 06:05 . 2014-09-10 10:49 128000 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-08-28 06:02 . 2014-09-10 10:49 40448 ----a-w- c:\windows\system32\wuapp.exe
2014-08-28 06:01 . 2014-09-10 10:49 253440 ----a-w- c:\windows\system32\WUSettingsProvider.dll
2014-08-28 06:01 . 2014-09-10 10:49 100352 ----a-w- c:\windows\system32\wudriver.dll
2014-08-28 06:01 . 2014-09-10 10:49 144384 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-28 06:01 . 2014-09-10 10:49 775168 ----a-w- c:\windows\system32\wuapi.dll
2014-08-28 06:01 . 2014-09-10 10:49 3285504 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-28 06:01 . 2014-09-10 10:49 17920 ----a-w- c:\windows\system32\wuaext.dll
2014-08-28 06:01 . 2014-09-10 10:49 1623552 ----a-w- c:\windows\system32\wucltux.dll
2014-08-28 06:01 . 2014-09-10 10:49 176640 ----a-w- c:\windows\system32\storewuauth.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2014-04-20 08:17 683200 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-11-18 1940160]
"f.lux"="c:\users\Michi\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2014-06-24 55360]
"Gyazo"="c:\program files (x86)\Gyazo\GyStation.exe" [2014-09-16 3095328]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-10-29 6501656]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2014-04-17 1967616]
"BlackBerryLink.exe"="c:\program files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe" [2014-05-08 1463824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Sound Blaster X-Fi MB 3"="c:\program files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe" [2013-01-30 2104832]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-11-19 703736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-17 767200]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-10-22 124208]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2014-02-07 443408]
"RIM PeerManager"="c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe" [2014-05-07 4493824]
.
c:\users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Samsung Magician.lnk - c:\windows\system32\schtasks.exe /run /tn SamsungMagician [2012-7-26 240128]
Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN34IBWGPS05KC;CONNECTION=NW;MONITOR=1; [2012-7-26 51712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Hotkey.lnk - c:\program files (x86)\Hotkey\Hotkey.exe [2013-6-26 4815360]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-12-6 565464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R3 AMPPALP;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 getbus;getbus;c:\users\Michi\AppData\Local\Temp\getbus.sys;c:\users\Michi\AppData\Local\Temp\getbus.sys [x]
R3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
R3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;c:\windows\system32\drivers\RzMaelstromVAD.sys;c:\windows\SYSNATIVE\drivers\RzMaelstromVAD.sys [x]
R3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe;c:\program files\Common Files\AuthenTec\TrueService.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 usbrndis6;USB-RNDIS6-Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 xusb22;Treiberdienst 22 für Xbox 360 Wireless Receiver;c:\windows\System32\drivers\xusb22.sys;c:\windows\SYSNATIVE\drivers\xusb22.sys [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\System32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SamsungRapidDiskFltr;SAMSUNG RAPID Mode Disk Filter Driver;c:\windows\system32\DRIVERS\SamsungRapidDiskFltr.sys;c:\windows\SYSNATIVE\DRIVERS\SamsungRapidDiskFltr.sys [x]
S0 SamsungRapidFSFltr;SamsungRapidFSFltr;c:\windows\system32\DRIVERS\SamsungRapidFSFltr.sys;c:\windows\SYSNATIVE\DRIVERS\SamsungRapidFSFltr.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\System32\Drivers\uim_vimx64.sys;c:\windows\SYSNATIVE\Drivers\uim_vimx64.sys [x]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 FPLService;TrueSuiteService;c:\program files\AuthenTec TrueSuite\TrueSuiteService.exe;c:\program files\AuthenTec TrueSuite\TrueSuiteService.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management;Intel(R) Wireless Bluetooth(R) 4.0 Radio Management;c:\program files (x86)\Intel\Bluetooth\ibtrksrv.exe;c:\program files (x86)\Intel\Bluetooth\ibtrksrv.exe [x]
S2 iocbios2;iocbios2;c:\program files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys;c:\program files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [x]
S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe;c:\program files (x86)\Hotkey\PowerBiosServer.exe [x]
S2 RIM MDNS;RIM MDNS;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [x]
S2 RIM Tunnel Service;BlackBerry Link Communication Manager;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe service;c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe service [x]
S2 SamsungRapidSvc;Samsung RAPID Mode Service;c:\windows\system32\RAPID\SamsungRapidSvc.exe;c:\windows\SYSNATIVE\RAPID\SamsungRapidSvc.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 XTU3SERVICE;Intel(R) Extreme Tuning Utility Service;c:\program files (x86)\Intel\Extreme Tuning Utility\XtuService.exe;c:\program files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AirplaneModeHid;Insyde Airplane Mode HID Mini-Driver;c:\windows\system32\DRIVERS\AirplaneModeHid.sys;c:\windows\SYSNATIVE\DRIVERS\AirplaneModeHid.sys [x]
S3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed - Virtueller Adapter;c:\windows\System32\drivers\AMPPAL.sys;c:\windows\SYSNATIVE\drivers\AMPPAL.sys [x]
S3 BlackBerry Device Manager;BlackBerry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]
S3 fspad_win764;Finger Sensing Pad Driver;c:\windows\system32\DRIVERS\fspad_win764.sys;c:\windows\SYSNATIVE\DRIVERS\fspad_win764.sys [x]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\System32\drivers\ICCWDT.sys;c:\windows\SYSNATIVE\drivers\ICCWDT.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NETwNe64;@oem47.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 8 64-Bit;c:\windows\system32\DRIVERS\NETwew00.sys;c:\windows\SYSNATIVE\DRIVERS\NETwew00.sys [x]
S3 rimvndis;BlackBerry Virtual Private Network;c:\windows\System32\Drivers\rimvndis6_AMD64.sys;c:\windows\SYSNATIVE\Drivers\rimvndis6_AMD64.sys [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-22 20:17]
.
2014-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-17 17:35]
.
2014-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-17 17:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2014-04-20 08:17 803520 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{BC6D10E6-AE59-4cef-83DB-FD4C9BC7B7F2}"
[HKEY_CLASSES_ROOT\CLSID\{BC6D10E6-AE59-4cef-83DB-FD4C9BC7B7F2}]
2011-10-21 13:00 4014408 ----a-w- c:\program files\AuthenTec TrueSuite\KeepSafe\fvns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{93BB455E-3D52-4fba-9733-E5103B30FC12}"
[HKEY_CLASSES_ROOT\CLSID\{93BB455E-3D52-4fba-9733-E5103B30FC12}]
2011-10-21 13:00 4014408 ----a-w- c:\program files\AuthenTec TrueSuite\KeepSafe\fvns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-03-26 13449288]
"KeepSafe"="c:\program files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe" [2011-10-21 38728]
"MBCfg64"="c:\windows\system32\MBCfg64.dll" [2013-01-25 29696]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496]
"SamsungRapidApp"="c:\program files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe" [2014-05-19 281312]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2014-04-20 161984]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshellex.dll" [2014-03-26 7825720]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://startpage.com/
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: com\*.Wondershare
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mi55ozh8.default\
FF - prefs.js: browser.startup.homepage - ecosia.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-BihxiCaklu - c:\programdata\BihxiCaklu\BihxiCaklu.dat
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-fspuip - c:\program files (x86)\FSP\fspuip.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-203259023-386501227-1076918401-1001CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\SecuROM\License information*]
"datasecu"=hex:d3,c2,f2,0e,47,ff,7b,18,49,a1,ee,f4,e3,e7,a0,62,2f,cf,cb,a7,eb,
fd,b9,ac,87,b7,ad,c2,88,c5,06,8c,d5,e4,59,00,2f,bd,f2,b4,0a,0d,bb,0f,fd,d9,\
"rkeysecu"=hex:2f,fe,f9,c3,66,eb,c5,e8,99,aa,bf,95,02,5f,0c,aa
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
c:\program files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
c:\program files\AuthenTec TrueSuite\x86\IEWebSiteLogon.exe
c:\program files (x86)\Panda USB Vaccine\USBVaccine.exe
c:\program files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
c:\program files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
c:\program files (x86)\Common Files\Research In Motion\nginx\nginx.exe
c:\program files (x86)\Common Files\Research In Motion\nginx\nginx.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-11-23 11:12:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-11-23 10:12
.
Vor Suchlauf: 17 Verzeichnis(se), 59.222.286.336 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 58.492.268.544 Bytes frei
.
- - End Of File - - 8BE3594C36379720251B3B72FC265B8D
A36C5E4F47E84449FF07ED3517B43A31
|
|
24.11.2014, 09:21
| #6 |
| /// the machine /// TB-Ausbilder | Avira meldet Funde (TR/Crypt.ZPACK.104691) Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Avira meldet Funde (TR/Crypt.ZPACK.104691) |
|
24.11.2014, 17:12
| #7 |
| | Avira meldet Funde (TR/Crypt.ZPACK.104691) Jeder Scan lief problemlos, ohne Fehlermeldungen! mbam.txt Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 24.11.2014 Suchlauf-Zeit: 16:48:02 Logdatei: malewarebytes.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.11.24.06 Rootkit Datenbank: v2014.11.22.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8 CPU: x64 Dateisystem: NTFS Benutzer: Michi Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 343256 Verstrichene Zeit: 8 Min, 22 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.102 - Bericht erstellt am 24/11/2014 um 16:59:34
# Aktualisiert 23/11/2014 von Xplode
# Database : 2014-11-24.1 [Live]
# Betriebssystem : Windows 8 Pro (64 bits)
# Benutzername : Michi - MICHI-PC
# Gestartet von : C:\Users\Michi\Desktop\AdwCleaner_4.102.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Michi\AppData\Local\CrashRpt
Datei Gelöscht : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mi55ozh8.default\foxydeal.sqlite
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKCU\Software\OCS
***** [ Browser ] *****
-\\ Internet Explorer v0.0.0.0
-\\ Mozilla Firefox v33.1 (x86 de)
-\\ Google Chrome v39.0.2171.65
*************************
AdwCleaner[R1].txt - [1127 octets] - [24/11/2014 16:58:05]
AdwCleaner[S1].txt - [1003 octets] - [24/11/2014 16:59:34]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1063 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 8 Pro x64
Ran by Michi on 24.11.2014 at 17:03:09,36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43D9786F-A485-683B-9B5B-ACC97ABC17FC}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{43D9786F-A485-683B-9B5B-ACC97ABC17FC}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43D9786F-A485-683B-9B5B-ACC97ABC17FC}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{43D9786F-A485-683B-9B5B-ACC97ABC17FC}
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Michi\AppData\Roaming\mozilla\firefox\profiles\mi55ozh8.default\minidumps [4 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.11.2014 at 17:05:03,48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-11-2014
Ran by Michi (administrator) on MICHI-PC on 24-11-2014 17:06:49
Running from C:\Users\Michi\Desktop
Loaded Profile: Michi (Available profiles: Michi)
Platform: Windows 8 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AuthenTec, Inc) C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\mDNSResponder.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\tunmgr.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
() C:\Program Files\AuthenTec TrueSuite\x86\IEWebSiteLogon.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\BbDevMgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Sentelic Corporation) C:\Program Files\FSP\FspUip.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Authentec) C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Flux Software LLC) C:\Users\Michi\AppData\Local\FluxSoftware\Flux\flux.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\PeerManager.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
() C:\Program Files (x86)\Common Files\Research in Motion\nginx\nginx.exe
() C:\Program Files (x86)\Common Files\Research in Motion\nginx\nginx.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [6263120 2013-10-21] (Sentelic Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13449288 2013-03-26] (Realtek Semiconductor)
HKLM\...\Run: [KeepSafe] => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe [38728 2011-10-21] (Authentec)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281312 2014-05-19] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [Sound Blaster X-Fi MB 3] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe [2104832 2013-01-30] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2014-02-07] (BlackBerry Limited)
HKLM-x32\...\Run: [RIM PeerManager] => C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4493824 2014-05-07] (Research In Motion Limited)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation)
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\Run: [f.lux] => C:\Users\Michi\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-06-24] (Raptr, Inc)
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095328 2014-09-16] (Nota Inc.)
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\Run: [BlackBerryLink.exe] => C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe [1463824 2014-05-08] (Research In Motion)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
Startup: C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers: [UEAFOverlay] -> {BC6D10E6-AE59-4cef-83DB-FD4C9BC7B7F2} => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvns.dll (Authentec)
ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {93BB455E-3D52-4fba-9733-E5103B30FC12} => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvns.dll (Authentec)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-203259023-386501227-1076918401-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-203259023-386501227-1076918401-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://startpage.com/
HKU\S-1-5-21-203259023-386501227-1076918401-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEC5E0EA38CCECE01
HKU\S-1-5-21-203259023-386501227-1076918401-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\AuthenTec TrueSuite\IEBHO.DLL (AuthenTec Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll (AuthenTec Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mi55ozh8.default
FF SearchEngineOrder.1: Google
FF Homepage: ecosia.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files\AuthenTec TrueSuite\x86\npffwloplugin.dll (AuthenTec, Inc)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-203259023-386501227-1076918401-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Michi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-203259023-386501227-1076918401-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Avira Browser Safety - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mi55ozh8.default\Extensions\abs@avira.com [2014-06-11]
FF Extension: WOT - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mi55ozh8.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: DownloadHelper - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mi55ozh8.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-10-10]
FF Extension: Reddit Enhancement Suite - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mi55ozh8.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2013-11-14]
FF Extension: Download Status Bar - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mi55ozh8.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-01-30]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mi55ozh8.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-10-08]
FF Extension: Ecosia - The search engine that plants trees - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mi55ozh8.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2014-04-02]
FF Extension: Greasemonkey - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mi55ozh8.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-03-17]
FF Extension: Adblock Edge - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mi55ozh8.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-10-23]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2014-11-10]
Chrome:
=======
CHR Profile: C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-11]
CHR Extension: (YouTube) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-11]
CHR Extension: (Google-Suche) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-11]
CHR Extension: (AdBlock) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-16]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-11-12]
CHR Extension: (Google Wallet) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-11]
CHR Extension: (Google Mail) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-11]
CHR HKLM-x32\...\Chrome\Extension: [bkdegagmpemadclljncealhmmkojfoam] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com.crx []
CHR HKLM-x32\...\Chrome\Extension: [oelloajafbopojkjmieelljfkcmdpdhf] - C:\Program Files\AuthenTec TrueSuite\x86\tschrome.crx [2012-08-13]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-19] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2014-01-21] (BlackBerry Limited) [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-10-28] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-10-28] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [406016 2011-09-14] (Creative Technology Ltd) [File not signed]
R2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [2125160 2012-08-24] (AuthenTec, Inc)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [187848 2014-06-06] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-28] ()
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [47104 2013-05-29] () [File not signed]
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2014-05-07] (Apple Inc.) [File not signed]
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1324544 2014-05-07] (Research In Motion Limited) [File not signed]
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [27872 2014-05-19] (Samsung Electronics Co., Ltd.)
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [15888 2013-02-11] (Intel(R) Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
S2 HPSLPSVC; C:\Users\Michi\AppData\Local\Temp\7zS62EA\hpslpsvc64.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AirplaneModeHid; C:\Windows\system32\DRIVERS\AirplaneModeHid.sys [25264 2012-12-23] (Insyde Corporation)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1424184 2014-04-22] (Motorola Solutions, Inc.)
R3 fspad_win764; C:\Windows\system32\DRIVERS\fspad_win764.sys [155472 2013-10-21] (Sentelic Corporation)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-11-29] (LogMeIn Inc.)
R2 iocbios2; C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [25448 2013-01-07] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3349984 2014-02-25] (Intel Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-05-07] (Research in Motion Limited)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 RZMAELSTROMVADService; C:\Windows\system32\drivers\RzMaelstromVAD.sys [32768 2014-05-23] (Windows (R) Win 7 DDK provider)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [265952 2014-05-19] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111328 2014-05-19] (Samsung Electronics Co., Ltd.)
R1 UimBus; C:\Windows\System32\drivers\uimx64.sys [90960 2013-03-15] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-03-15] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-02-12] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 getbus; \??\C:\Users\Michi\AppData\Local\Temp\getbus.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-24 17:05 - 2014-11-24 17:05 - 00001473 _____ () C:\Users\Michi\Desktop\JRT.txt
2014-11-24 17:03 - 2014-11-24 17:03 - 00000000 ____D () C:\Windows\ERUNT
2014-11-24 17:01 - 2014-11-24 17:01 - 00001143 _____ () C:\Users\Michi\Desktop\AdwCleaner[S1].txt
2014-11-24 17:00 - 2014-11-24 17:00 - 05113624 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-24 17:00 - 2014-11-24 17:00 - 00000578 _____ () C:\Windows\PFRO.log
2014-11-24 16:57 - 2014-11-24 16:59 - 00000000 ____D () C:\AdwCleaner
2014-11-24 16:56 - 2014-11-24 16:56 - 00001194 _____ () C:\Users\Michi\Desktop\mbam.txt
2014-11-24 16:54 - 2014-11-24 16:54 - 00003538 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0 Fallback-Michi-PC-Michi
2014-11-24 16:46 - 2014-11-24 16:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-24 16:46 - 2014-11-24 16:46 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-24 16:46 - 2014-11-24 16:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-24 16:46 - 2014-11-24 16:46 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-11-24 16:46 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-24 16:46 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-24 16:46 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-24 16:45 - 2014-11-24 16:45 - 02148864 _____ () C:\Users\Michi\Desktop\AdwCleaner_4.102.exe
2014-11-24 16:45 - 2014-11-24 16:45 - 01707532 _____ (Thisisu) C:\Users\Michi\Desktop\JRT.exe
2014-11-23 20:11 - 2014-11-23 22:24 - 00003242 _____ () C:\Users\Michi\Documents\MICHI-PC_Michi_2014_11_23.csv
2014-11-23 20:08 - 2014-11-23 20:08 - 00000000 ____D () C:\Users\Michi\Desktop\logos
2014-11-23 20:07 - 2014-10-30 16:35 - 00000000 ____D () C:\Users\Michi\Desktop\GER_20141030
2014-11-23 19:08 - 2014-11-23 19:08 - 00000000 ____D () C:\Users\Michi\Documents\BLACKBERRY-1D83
2014-11-23 18:54 - 2014-11-23 19:40 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Mp3tag
2014-11-23 18:54 - 2014-11-23 18:54 - 00000979 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2014-11-23 18:54 - 2014-11-23 18:54 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-11-23 12:57 - 2014-10-30 12:25 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-23 11:31 - 2014-11-23 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2014-11-23 11:31 - 2014-11-23 11:31 - 00000000 ____D () C:\Program Files\Classic Shell
2014-11-23 11:12 - 2014-11-23 11:12 - 00034253 _____ () C:\Users\Michi\Desktop\ComboFix.txt
2014-11-23 11:05 - 2014-11-23 11:12 - 00000000 ____D () C:\Qoobox
2014-11-23 11:05 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-23 11:05 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-23 11:05 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-23 11:05 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-23 11:05 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-23 11:05 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-11-23 11:05 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-23 11:05 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-23 11:05 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-23 11:04 - 2014-11-23 11:09 - 00000000 ____D () C:\Windows\erdnt
2014-11-23 11:03 - 2014-11-23 11:03 - 05598306 ____R (Swearware) C:\Users\Michi\Desktop\ComboFix.exe
2014-11-22 13:01 - 2014-11-22 13:01 - 00000000 ____D () C:\Users\Michi\Documents\BlackBerry
2014-11-22 13:00 - 2014-11-23 19:08 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Research In Motion
2014-11-22 13:00 - 2014-11-22 13:00 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2014-11-22 13:00 - 2014-11-22 13:00 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\XCPCSync.OEM
2014-11-22 13:00 - 2014-11-22 13:00 - 00000000 ____D () C:\Users\Michi\AppData\Local\Research In Motion
2014-11-22 13:00 - 2014-11-22 13:00 - 00000000 ____D () C:\ProgramData\Research In Motion
2014-11-22 13:00 - 2014-11-22 13:00 - 00000000 _____ () C:\Windows\SysWOW64\out.txt
2014-11-22 13:00 - 2014-11-22 13:00 - 00000000 _____ () C:\Windows\SysWOW64\err.txt
2014-11-22 13:00 - 2012-12-10 15:48 - 00044544 _____ (Research in Motion Ltd) C:\Windows\system32\Drivers\RimSerial_AMD64.sys
2014-11-22 12:59 - 2014-11-22 12:59 - 00002225 _____ () C:\Users\Public\Desktop\BlackBerry Link.lnk
2014-11-22 12:59 - 2014-11-22 12:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry
2014-11-22 12:59 - 2014-11-22 12:59 - 00000000 ____D () C:\Program Files (x86)\Research In Motion
2014-11-22 12:41 - 2014-11-22 12:41 - 00033582 _____ () C:\Users\Michi\Desktop\Addition.txt
2014-11-22 12:40 - 2014-11-24 17:06 - 00028159 _____ () C:\Users\Michi\Desktop\FRST.txt
2014-11-22 12:40 - 2014-11-24 17:06 - 00000000 ____D () C:\FRST
2014-11-22 12:40 - 2014-11-22 12:40 - 02118144 _____ (Farbar) C:\Users\Michi\Desktop\FRST64.exe
2014-11-22 11:49 - 2014-11-22 11:49 - 00000000 ____D () C:\Users\Michi\Desktop\Avira
2014-11-20 17:08 - 2014-11-20 17:08 - 10676051 _____ () C:\Users\Michi\Downloads\formelx_1_0.zip
2014-11-19 22:46 - 2014-11-23 10:58 - 00000000 ____D () C:\Windows\system32\AutoUpdateLicense
2014-11-19 20:50 - 2014-11-19 21:43 - 00000000 ____D () C:\ProgramData\BihxiCaklu
2014-11-18 19:40 - 2014-11-08 12:22 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 19:40 - 2014-11-08 12:21 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 19:40 - 2014-11-08 07:57 - 00187904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 19:40 - 2014-11-08 07:56 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-16 18:57 - 2014-11-16 18:57 - 00001549 _____ () C:\Users\Michi\Desktop\CINEMA 4D.lnk
2014-11-16 18:56 - 2014-11-16 18:56 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\MAXON
2014-11-16 18:56 - 2014-11-16 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cinema 4D R12
2014-11-16 18:53 - 2014-11-16 18:56 - 00000000 ____D () C:\Program Files (x86)\Cinema 4D R12
2014-11-15 19:50 - 2014-07-03 02:59 - 01824784 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-11-15 19:49 - 2014-07-12 05:41 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\KBDRUM.DLL
2014-11-15 19:49 - 2014-07-12 05:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-11-15 19:49 - 2014-07-12 05:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-11-15 19:49 - 2014-07-12 05:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-11-15 19:49 - 2014-07-12 05:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-11-15 19:49 - 2014-07-12 05:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-11-15 19:49 - 2014-07-12 05:16 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRUM.DLL
2014-11-15 19:49 - 2014-07-12 05:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-11-15 19:49 - 2014-07-12 05:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-11-15 19:49 - 2014-07-12 05:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-11-15 19:49 - 2014-07-12 05:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-11-15 19:49 - 2014-07-12 05:15 - 00006144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-11-15 19:49 - 2014-07-12 01:02 - 00478352 _____ () C:\Windows\SysWOW64\locale.nls
2014-11-15 19:49 - 2014-07-12 01:00 - 00478352 _____ () C:\Windows\system32\locale.nls
2014-11-15 19:49 - 2014-07-08 23:33 - 00181248 _____ (Microsoft Corp.) C:\Windows\system32\Defrag.exe
2014-11-15 19:49 - 2014-07-08 23:32 - 01539584 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2014-11-15 19:49 - 2014-07-08 23:32 - 00340480 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2014-11-15 19:49 - 2014-07-08 23:30 - 01220608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2014-11-15 19:49 - 2014-07-07 06:52 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2014-11-15 19:49 - 2014-07-07 06:52 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2014-11-15 19:49 - 2014-07-04 11:52 - 00328000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-11-15 19:49 - 2014-07-03 01:30 - 01408952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-11-15 19:49 - 2014-06-28 08:01 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2014-11-15 19:49 - 2014-06-28 07:57 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-11-15 19:49 - 2014-06-28 07:56 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2014-11-15 19:49 - 2014-06-25 08:09 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-11-15 19:49 - 2014-06-25 08:07 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-11-15 19:49 - 2014-06-18 00:27 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-11-15 19:49 - 2014-06-18 00:23 - 02238464 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-11-15 19:49 - 2014-06-11 15:47 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-11-15 19:49 - 2014-06-11 05:40 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-11-15 19:49 - 2014-06-10 23:44 - 01403896 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-11-15 19:49 - 2014-02-04 11:57 - 01271664 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-11-15 17:21 - 2014-10-22 04:34 - 00010777 _____ () C:\Windows\system32\AutoconfigV2.cab
2014-11-15 17:21 - 2014-10-22 04:33 - 00581016 _____ (Microsoft Corporation) C:\Windows\system32\AutoUpdate.exe
2014-11-15 17:21 - 2014-10-22 04:33 - 00462760 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-11-15 17:21 - 2014-10-22 02:08 - 00568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-11-15 17:21 - 2014-10-22 02:08 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-11-15 17:21 - 2014-10-22 02:01 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-11-15 17:21 - 2014-10-22 02:00 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2014-11-15 17:20 - 2014-10-22 02:01 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2014-11-15 17:20 - 2014-10-22 02:01 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-11-14 19:02 - 2014-07-15 23:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-11-14 18:57 - 2014-06-10 23:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-11-14 18:57 - 2014-06-10 23:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-11-14 18:54 - 2014-10-11 08:44 - 19764736 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-11-14 18:54 - 2014-10-11 06:57 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-11-14 18:54 - 2014-10-09 04:59 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-11-14 18:54 - 2014-10-09 04:59 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-11-14 18:54 - 2014-10-09 04:58 - 00458240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2014-11-14 18:54 - 2014-09-26 07:30 - 01484288 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2014-11-14 18:54 - 2014-09-22 06:38 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2014-11-14 18:54 - 2014-09-22 04:56 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-11-14 18:54 - 2014-09-18 00:24 - 00987136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmclient.dll
2014-11-14 18:54 - 2014-09-18 00:24 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmscan.dll
2014-11-14 18:54 - 2014-09-18 00:24 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srm.dll
2014-11-14 18:54 - 2014-09-18 00:24 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adrclient.dll
2014-11-14 18:54 - 2014-09-17 23:57 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\srmclient.dll
2014-11-14 18:54 - 2014-09-17 23:57 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\srmscan.dll
2014-11-14 18:54 - 2014-09-17 23:57 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\srm.dll
2014-11-14 18:54 - 2014-09-17 23:57 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\adrclient.dll
2014-11-13 18:02 - 2014-10-18 09:44 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 18:02 - 2014-10-18 08:05 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 18:02 - 2014-10-11 09:35 - 00171840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 18:02 - 2014-10-11 08:45 - 10115072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-11-13 18:02 - 2014-10-11 08:44 - 03248640 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-13 18:02 - 2014-10-11 08:44 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 18:02 - 2014-10-11 08:44 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-11-13 18:02 - 2014-10-11 08:44 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-11-13 18:02 - 2014-10-11 08:43 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-13 18:02 - 2014-10-11 08:43 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 18:02 - 2014-10-11 06:58 - 08858624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-11-13 18:02 - 2014-10-11 06:57 - 02416640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-13 18:02 - 2014-10-11 06:57 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-11-13 18:02 - 2014-10-11 06:57 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-11-13 18:02 - 2014-10-11 06:56 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-11-13 18:02 - 2014-10-11 06:41 - 00713728 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 18:02 - 2014-10-11 06:41 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 18:02 - 2014-10-11 06:05 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 18:02 - 2014-10-11 06:04 - 00713728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 18:02 - 2014-10-03 02:21 - 00522728 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 18:02 - 2014-10-02 23:29 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 18:02 - 2014-10-02 23:29 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 18:02 - 2014-10-02 23:29 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-11-13 18:02 - 2014-10-02 00:05 - 04068864 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 18:02 - 2014-09-13 07:24 - 02233152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-11-13 18:02 - 2014-09-06 01:46 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-11-13 18:02 - 2014-09-03 03:48 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2014-11-13 18:02 - 2014-09-03 03:22 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2014-11-13 18:02 - 2014-08-29 05:17 - 02043392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-11-13 18:02 - 2014-08-29 05:17 - 00227328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-11-13 18:02 - 2014-08-29 05:04 - 02837504 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-11-13 18:02 - 2014-08-29 05:04 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-11-13 18:02 - 2014-08-28 07:04 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSCOMEX.dll
2014-11-13 18:02 - 2014-08-28 07:04 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-11-13 18:02 - 2014-08-28 06:59 - 00616448 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-11-13 18:02 - 2014-08-28 06:59 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2014-11-13 18:02 - 2014-08-28 06:59 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\FXSTIFF.dll
2014-11-13 18:02 - 2014-08-28 06:59 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\FXST30.dll
2014-11-13 18:02 - 2014-07-24 14:12 - 00328512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-11-13 18:01 - 2014-10-23 13:47 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 18:01 - 2014-10-23 12:04 - 00068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 18:01 - 2014-09-25 00:29 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 18:01 - 2014-09-25 00:29 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2014-11-13 18:01 - 2014-09-25 00:01 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 18:01 - 2014-09-25 00:01 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2014-11-13 18:01 - 2014-09-22 06:53 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-11-13 18:01 - 2014-08-26 23:08 - 00270024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-11-13 18:01 - 2014-08-22 00:56 - 01418752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 18:01 - 2014-08-22 00:27 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 18:00 - 2014-10-26 02:56 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 18:00 - 2014-10-26 02:56 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 18:00 - 2014-10-26 02:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-11-13 18:00 - 2014-10-26 02:56 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-11-13 18:00 - 2014-10-26 02:56 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 18:00 - 2014-10-26 02:55 - 19284480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 18:00 - 2014-10-26 02:55 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 18:00 - 2014-10-26 02:55 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 18:00 - 2014-10-26 02:55 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 18:00 - 2014-10-26 02:54 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 18:00 - 2014-10-26 02:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 18:00 - 2014-10-26 02:54 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 18:00 - 2014-10-26 02:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-13 18:00 - 2014-10-26 02:54 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 18:00 - 2014-10-26 02:54 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 18:00 - 2014-10-26 02:54 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 18:00 - 2014-10-26 02:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-13 18:00 - 2014-10-26 02:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 18:00 - 2014-10-26 02:54 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 18:00 - 2014-10-26 02:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 18:00 - 2014-10-26 02:53 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 18:00 - 2014-10-26 01:36 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 18:00 - 2014-10-26 01:35 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 18:00 - 2014-10-26 01:35 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 18:00 - 2014-10-26 01:35 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 18:00 - 2014-10-26 01:35 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-13 18:00 - 2014-10-26 01:35 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 18:00 - 2014-10-26 01:35 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-11-13 18:00 - 2014-10-26 01:34 - 13758464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 18:00 - 2014-10-26 01:34 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 18:00 - 2014-10-26 01:34 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 18:00 - 2014-10-26 01:34 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 18:00 - 2014-10-26 01:34 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-13 18:00 - 2014-10-26 01:34 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 18:00 - 2014-10-26 01:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-13 18:00 - 2014-10-26 01:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 18:00 - 2014-10-26 01:34 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-13 18:00 - 2014-10-26 01:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-13 18:00 - 2014-10-26 01:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 18:00 - 2014-10-26 01:34 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-13 18:00 - 2014-10-26 01:19 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 18:00 - 2014-10-26 01:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-13 18:00 - 2014-10-25 22:48 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-11-11 16:35 - 2014-11-11 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-10 18:32 - 2014-11-10 18:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-09 16:31 - 2014-11-09 16:31 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-11-09 15:43 - 2014-11-16 19:02 - 00000000 ___RD () C:\Users\Michi\Desktop\Batch Stuff
2014-11-07 17:45 - 2014-11-07 17:45 - 00000000 ____D () C:\Users\Michi\AppData\Local\fabi.me
2014-11-06 22:14 - 2014-11-23 21:00 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\.minecraft
2014-11-06 22:10 - 2014-11-06 22:10 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\java
2014-11-06 18:40 - 2014-11-06 18:43 - 00000026 _____ () C:\Users\Michi\AppData\Local\isoworkshop.ini
2014-11-06 18:33 - 2014-11-06 18:33 - 00000000 ____D () C:\ProgramData\ATI
2014-11-06 18:32 - 2014-11-06 18:32 - 00062044 _____ () C:\Windows\SysWOW64\CCCInstall_201411061832378733.log
2014-11-06 18:32 - 2014-11-06 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-11-06 18:32 - 2014-11-06 18:32 - 00000000 ____D () C:\Program Files\ATI
2014-11-06 18:32 - 2014-11-06 18:32 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-11-06 18:31 - 2014-11-06 18:32 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-11-06 18:29 - 2014-11-06 18:29 - 00054772 _____ () C:\Windows\SysWOW64\CCCInstall_201411061829301408.log
2014-11-06 18:04 - 2014-11-06 18:04 - 00001279 _____ () C:\Users\Michi\Desktop\Landwirtschafts Simulator 15 .lnk
2014-11-06 18:04 - 2014-11-06 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2015
2014-11-06 18:00 - 2014-11-06 19:07 - 00000000 ____D () C:\Program Files (x86)\Landwirtschafts Simulator 2015
2014-11-06 17:59 - 2014-11-06 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2014-11-06 17:59 - 2014-11-06 17:59 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-11-06 17:56 - 2014-11-06 17:56 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-11-04 18:15 - 2014-11-15 20:04 - 00001088 _____ () C:\Users\Michi\pixinsight-license
2014-11-04 18:14 - 2014-11-04 18:22 - 00000000 ____D () C:\Program Files\PixInsight
2014-11-04 18:14 - 2014-11-04 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PixInsight Platform
2014-11-02 22:40 - 2014-11-02 22:40 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-10-28 19:52 - 2014-10-28 19:52 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DeepSkyStacker
2014-10-28 19:52 - 2014-10-28 19:52 - 00000000 ____D () C:\Program Files (x86)\DeepSkyStacker
2014-10-28 12:05 - 2014-11-06 18:24 - 00000000 ____D () C:\Program Files (x86)\FITS Liberator
2014-10-28 00:23 - 2014-10-28 00:23 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-28 00:23 - 2014-10-28 00:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-28 00:23 - 2014-10-28 00:23 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-27 23:52 - 2014-10-27 23:52 - 00003120 _____ () C:\Windows\SysWOW64\syswgIip.ocx
2014-10-27 23:52 - 2014-10-27 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProDigital Software
2014-10-25 18:03 - 2014-10-25 18:03 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft ICE
2014-10-25 18:03 - 2014-10-25 18:03 - 00000000 ____D () C:\Program Files\Microsoft Research
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-24 17:06 - 2012-07-26 11:27 - 01982924 _____ () C:\Windows\system32\perfh007.dat
2014-11-24 17:06 - 2012-07-26 11:27 - 00522936 _____ () C:\Windows\system32\perfc007.dat
2014-11-24 17:06 - 2012-07-26 08:28 - 00005430 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-24 17:05 - 2013-11-06 19:37 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Skype
2014-11-24 17:03 - 2014-08-17 19:33 - 00000000 ____D () C:\Users\Michi\AppData\Local\Adobe
2014-11-24 17:02 - 2014-07-17 17:04 - 01645410 _____ () C:\Windows\WindowsUpdate.log
2014-11-24 17:00 - 2014-08-17 18:35 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-24 17:00 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-24 16:59 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-11-24 16:53 - 2013-10-22 15:44 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\ClassicShell
2014-11-24 16:41 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-11-23 22:14 - 2013-12-09 18:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-23 22:08 - 2014-08-17 18:35 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-23 13:00 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-11-23 11:25 - 2014-10-18 22:10 - 00000866 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-23 11:12 - 2012-07-26 06:37 - 00000000 __RHD () C:\Users\Default
2014-11-23 11:09 - 2012-07-26 06:26 - 00000215 _____ () C:\Windows\system.ini
2014-11-22 13:08 - 2013-11-06 19:31 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-21 23:20 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-11-20 16:30 - 2013-10-22 15:50 - 00000000 ___RD () C:\Users\Michi\Desktop\Michi
2014-11-19 22:46 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2014-11-19 22:46 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-11-19 22:29 - 2013-12-08 17:44 - 00000000 ____D () C:\Users\Michi\Documents\Outlook-Dateien
2014-11-19 18:45 - 2014-08-20 10:27 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\vlc
2014-11-16 19:15 - 2013-10-21 19:26 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-203259023-386501227-1076918401-1001
2014-11-16 19:00 - 2014-09-26 15:55 - 00000000 ____D () C:\Games
2014-11-16 17:03 - 2014-08-17 18:35 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-16 17:03 - 2014-08-17 18:35 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-15 11:45 - 2014-06-15 12:17 - 00000425 _____ () C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-11-15 11:45 - 2013-10-16 21:19 - 00000000 ____D () C:\Intel
2014-11-14 19:47 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData
2014-11-14 19:47 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-14 19:47 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-14 19:47 - 2012-07-26 09:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-14 19:47 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-14 19:47 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-14 19:47 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-14 19:13 - 2013-10-28 21:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-14 19:00 - 2013-10-24 18:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 17:51 - 2014-01-02 21:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-11 21:17 - 2013-12-09 18:13 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-11 18:56 - 2014-06-17 16:46 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Notepad++
2014-11-11 16:38 - 2014-08-17 18:35 - 00000000 ____D () C:\Users\Michi\AppData\Local\Google
2014-11-11 16:35 - 2014-08-17 18:35 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-10 15:51 - 2014-06-11 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-10 15:51 - 2014-06-11 16:44 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-10 15:51 - 2013-10-21 19:44 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-07 18:06 - 2013-10-21 19:56 - 00000000 ____D () C:\Users\Michi\AppData\Local\FSP
2014-11-06 18:36 - 2014-07-20 17:42 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Raptr
2014-11-06 18:32 - 2014-07-30 09:51 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-11-06 18:32 - 2013-10-21 19:45 - 00000000 ____D () C:\ProgramData\AMD
2014-11-06 18:31 - 2014-01-03 18:47 - 00000000 ____D () C:\AMD
2014-11-06 18:13 - 2013-10-23 19:08 - 00000000 ____D () C:\Users\Michi\Documents\My Games
2014-11-04 18:15 - 2013-10-21 19:20 - 00000000 ____D () C:\Users\Michi
2014-11-04 18:14 - 2014-09-17 19:54 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Pleiades
2014-11-03 15:54 - 2014-10-18 22:10 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-02 18:53 - 2013-10-28 21:32 - 00000000 ____D () C:\Users\Michi\AppData\Local\Microsoft Help
2014-10-31 23:26 - 2013-10-24 18:14 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-30 13:09 - 2013-10-21 22:40 - 00007611 _____ () C:\Users\Michi\AppData\Local\Resmon.ResmonCfg
2014-10-30 01:53 - 2012-07-26 09:14 - 00713672 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-30 01:53 - 2012-07-26 09:14 - 00106432 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-28 00:23 - 2013-12-09 18:04 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-27 23:52 - 2014-09-24 14:32 - 00000000 ____D () C:\Users\Michi\AppData\Local\ProDigital
2014-10-27 23:52 - 2014-09-24 14:32 - 00000000 ____D () C:\ProgramData\ProDigitalSoftware
2014-10-27 23:52 - 2014-09-24 14:32 - 00000000 ____D () C:\Program Files\ProDigital Software
2014-10-27 23:52 - 2014-09-24 14:32 - 00000000 ____D () C:\Program Files (x86)\ProDigital Software
2014-10-26 21:10 - 2013-11-07 17:53 - 00000000 ____D () C:\ProgramData\Origin
2014-10-25 17:41 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
Some content of TEMP:
====================
C:\Users\Michi\AppData\Local\temp\avgnt.exe
C:\Users\Michi\AppData\Local\temp\Quarantine.exe
C:\Users\Michi\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-14 15:25
==================== End Of Log ============================
Nochmal vielen Dank für deine Hilfe! Ich weiß das wirklich sehr zu schätzen  |
|
25.11.2014, 12:58
| #8 |
| /// the machine /// TB-Ausbilder | Avira meldet Funde (TR/Crypt.ZPACK.104691)ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.11.2014, 16:54
| #9 |
| | Avira meldet Funde (TR/Crypt.ZPACK.104691) Hey, hier sind die logs: ESET Online Scanner: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=34e5ccc0294e0a43b5dce4b38da05c9d
# engine=21257
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-25 03:00:31
# local_time=2014-11-25 04:00:31 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 62290 17300629 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 0 7836751 0 0
# scanned=269
# found=0
# cleaned=0
# scan_time=155
Code:
ATTFilter Results of screen317's Security Check version 0.99.90
x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (3.0.0.9016)
Java 8 Update 25
Java version out of Date!
Adobe Flash Player 15.0.0.239
Adobe Reader XI
Mozilla Firefox (33.1)
Google Chrome (38.0.2125.111)
Google Chrome (39.0.2171.65)
Google Chrome (chrome.exe..)
Google Chrome (master_preferences...)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-11-2014
Ran by Michi (administrator) on MICHI-PC on 26-11-2014 16:47:47
Running from C:\Users\Michi\Desktop
Loaded Profile: Michi (Available profiles: Michi)
Platform: Windows 8 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AuthenTec, Inc) C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\mDNSResponder.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\tunmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\BbDevMgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
() C:\Program Files\AuthenTec TrueSuite\x86\IEWebSiteLogon.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Sentelic Corporation) C:\Program Files\FSP\FspUip.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Authentec) C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Flux Software LLC) C:\Users\Michi\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\PeerManager.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
() C:\Program Files (x86)\Common Files\Research in Motion\nginx\nginx.exe
() C:\Program Files (x86)\Common Files\Research in Motion\nginx\nginx.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [6263120 2013-10-21] (Sentelic Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13449288 2013-03-26] (Realtek Semiconductor)
HKLM\...\Run: [KeepSafe] => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe [38728 2011-10-21] (Authentec)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281312 2014-05-19] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [Sound Blaster X-Fi MB 3] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe [2104832 2013-01-30] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2014-02-07] (BlackBerry Limited)
HKLM-x32\...\Run: [RIM PeerManager] => C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4493824 2014-05-07] (Research In Motion Limited)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation)
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\Run: [f.lux] => C:\Users\Michi\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-06-24] (Raptr, Inc)
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095328 2014-09-16] (Nota Inc.)
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\Run: [BlackBerryLink.exe] => C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe [1463824 2014-05-08] (Research In Motion)
HKU\S-1-5-21-203259023-386501227-1076918401-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [405504 2012-07-26] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
Startup: C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [UEAFOverlay] -> {BC6D10E6-AE59-4cef-83DB-FD4C9BC7B7F2} => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvns.dll (Authentec)
ShellIconOverlayIdentifiers: [UEAFOverlayOpen] -> {93BB455E-3D52-4fba-9733-E5103B30FC12} => C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvns.dll (Authentec)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-203259023-386501227-1076918401-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-203259023-386501227-1076918401-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://startpage.com/
HKU\S-1-5-21-203259023-386501227-1076918401-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEC5E0EA38CCECE01
HKU\S-1-5-21-203259023-386501227-1076918401-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\AuthenTec TrueSuite\IEBHO.DLL (AuthenTec Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Browser Helper Object -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll (AuthenTec Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mi55ozh8.default
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: ecosia.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files\AuthenTec TrueSuite\x86\npffwloplugin.dll (AuthenTec, Inc)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-203259023-386501227-1076918401-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Michi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-203259023-386501227-1076918401-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Avira Browser Safety - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mi55ozh8.default\Extensions\abs@avira.com [2014-06-11]
FF Extension: WOT - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mi55ozh8.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: DownloadHelper - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mi55ozh8.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-10-10]
FF Extension: Reddit Enhancement Suite - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mi55ozh8.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2013-11-14]
FF Extension: Download Status Bar - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mi55ozh8.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-01-30]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mi55ozh8.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-10-08]
FF Extension: Ecosia - The search engine that plants trees - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mi55ozh8.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2014-04-02]
FF Extension: Greasemonkey - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mi55ozh8.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-03-17]
FF Extension: Adblock Edge - C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\mi55ozh8.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-10-23]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2014-11-10]
Chrome:
=======
CHR Profile: C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-11]
CHR Extension: (YouTube) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-11]
CHR Extension: (Google-Suche) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-11]
CHR Extension: (AdBlock) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-16]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-11-12]
CHR Extension: (Google Wallet) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-11]
CHR Extension: (Google Mail) - C:\Users\Michi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-11]
CHR HKLM-x32\...\Chrome\Extension: [bkdegagmpemadclljncealhmmkojfoam] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com.crx []
CHR HKLM-x32\...\Chrome\Extension: [oelloajafbopojkjmieelljfkcmdpdhf] - C:\Program Files\AuthenTec TrueSuite\x86\tschrome.crx [2012-08-13]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-19] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2014-01-21] (BlackBerry Limited) [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-10-28] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-10-28] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [406016 2011-09-14] (Creative Technology Ltd) [File not signed]
R2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [2125160 2012-08-24] (AuthenTec, Inc)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [187848 2014-06-06] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-28] ()
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [47104 2013-05-29] () [File not signed]
R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2014-05-07] (Apple Inc.) [File not signed]
R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1324544 2014-05-07] (Research In Motion Limited) [File not signed]
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [27872 2014-05-19] (Samsung Electronics Co., Ltd.)
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [15888 2013-02-11] (Intel(R) Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
S2 HPSLPSVC; C:\Users\Michi\AppData\Local\Temp\7zS62EA\hpslpsvc64.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AirplaneModeHid; C:\Windows\system32\DRIVERS\AirplaneModeHid.sys [25264 2012-12-23] (Insyde Corporation)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1424184 2014-04-22] (Motorola Solutions, Inc.)
R3 fspad_win764; C:\Windows\system32\DRIVERS\fspad_win764.sys [155472 2013-10-21] (Sentelic Corporation)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-11-29] (LogMeIn Inc.)
R2 iocbios2; C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [25448 2013-01-07] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3349984 2014-02-25] (Intel Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-05-07] (Research in Motion Limited)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 RZMAELSTROMVADService; C:\Windows\system32\drivers\RzMaelstromVAD.sys [32768 2014-05-23] (Windows (R) Win 7 DDK provider)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [265952 2014-05-19] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111328 2014-05-19] (Samsung Electronics Co., Ltd.)
R1 UimBus; C:\Windows\System32\drivers\uimx64.sys [90960 2013-03-15] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-03-15] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-02-12] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-26] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 getbus; \??\C:\Users\Michi\AppData\Local\Temp\getbus.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-26 16:47 - 2014-11-26 16:48 - 00028217 _____ () C:\Users\Michi\Desktop\FRST.txt
2014-11-26 16:46 - 2014-11-26 16:46 - 00000986 _____ () C:\Users\Michi\Desktop\checkup.txt
2014-11-25 22:18 - 2014-11-25 22:18 - 00002992 _____ () C:\Users\Michi\Documents\MICHI-PC_Michi_2014_11_25.csv
2014-11-25 15:50 - 2014-11-25 15:50 - 00854414 _____ () C:\Users\Michi\Desktop\SecurityCheck.exe
2014-11-25 15:50 - 2014-11-25 15:50 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-25 15:46 - 2014-11-25 15:46 - 02347384 _____ (ESET) C:\Users\Michi\Desktop\esetsmartinstaller_deu.exe
2014-11-25 15:35 - 2014-11-25 22:13 - 00106573 _____ () C:\Windows\WindowsUpdate.log
2014-11-24 17:17 - 2014-11-24 17:17 - 00000000 ____D () C:\Program Files\Classic Shell
2014-11-24 17:03 - 2014-11-24 17:03 - 00000000 ____D () C:\Windows\ERUNT
2014-11-24 17:00 - 2014-11-24 17:00 - 05113624 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-24 16:57 - 2014-11-24 16:59 - 00000000 ____D () C:\AdwCleaner
2014-11-24 16:46 - 2014-11-24 16:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-24 16:46 - 2014-11-24 16:46 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-24 16:46 - 2014-11-24 16:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-24 16:46 - 2014-11-24 16:46 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-11-24 16:46 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-24 16:46 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-24 16:46 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-24 16:45 - 2014-11-24 16:45 - 02148864 _____ () C:\Users\Michi\Desktop\AdwCleaner_4.102.exe
2014-11-24 16:45 - 2014-11-24 16:45 - 01707532 _____ (Thisisu) C:\Users\Michi\Desktop\JRT.exe
2014-11-23 20:08 - 2014-11-25 20:44 - 00000000 ____D () C:\Users\Michi\Desktop\Radio Covers
2014-11-23 20:07 - 2014-10-30 16:35 - 00000000 ____D () C:\Users\Michi\Desktop\GER_20141030
2014-11-23 19:08 - 2014-11-23 19:08 - 00000000 ____D () C:\Users\Michi\Documents\BLACKBERRY-1D83
2014-11-23 18:54 - 2014-11-25 20:37 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Mp3tag
2014-11-23 18:54 - 2014-11-23 18:54 - 00000979 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2014-11-23 18:54 - 2014-11-23 18:54 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-11-23 12:57 - 2014-10-30 12:25 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-23 11:05 - 2014-11-23 11:12 - 00000000 ____D () C:\Qoobox
2014-11-23 11:05 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-23 11:05 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-23 11:05 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-23 11:05 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-23 11:05 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-23 11:05 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-11-23 11:05 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-23 11:05 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-23 11:05 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-23 11:04 - 2014-11-23 11:09 - 00000000 ____D () C:\Windows\erdnt
2014-11-23 11:03 - 2014-11-23 11:03 - 05598306 ____R (Swearware) C:\Users\Michi\Desktop\ComboFix.exe
2014-11-22 13:01 - 2014-11-22 13:01 - 00000000 ____D () C:\Users\Michi\Documents\BlackBerry
2014-11-22 13:00 - 2014-11-23 19:08 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Research In Motion
2014-11-22 13:00 - 2014-11-22 13:00 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2014-11-22 13:00 - 2014-11-22 13:00 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\XCPCSync.OEM
2014-11-22 13:00 - 2014-11-22 13:00 - 00000000 ____D () C:\Users\Michi\AppData\Local\Research In Motion
2014-11-22 13:00 - 2014-11-22 13:00 - 00000000 ____D () C:\ProgramData\Research In Motion
2014-11-22 13:00 - 2014-11-22 13:00 - 00000000 _____ () C:\Windows\SysWOW64\out.txt
2014-11-22 13:00 - 2014-11-22 13:00 - 00000000 _____ () C:\Windows\SysWOW64\err.txt
2014-11-22 13:00 - 2012-12-10 15:48 - 00044544 _____ (Research in Motion Ltd) C:\Windows\system32\Drivers\RimSerial_AMD64.sys
2014-11-22 12:59 - 2014-11-22 12:59 - 00002225 _____ () C:\Users\Public\Desktop\BlackBerry Link.lnk
2014-11-22 12:59 - 2014-11-22 12:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry
2014-11-22 12:59 - 2014-11-22 12:59 - 00000000 ____D () C:\Program Files (x86)\Research In Motion
2014-11-22 12:40 - 2014-11-26 16:47 - 00000000 ____D () C:\FRST
2014-11-22 12:40 - 2014-11-22 12:40 - 02118144 _____ (Farbar) C:\Users\Michi\Desktop\FRST64.exe
2014-11-22 11:49 - 2014-11-22 11:49 - 00000000 ____D () C:\Users\Michi\Desktop\Avira
2014-11-20 17:08 - 2014-11-20 17:08 - 10676051 _____ () C:\Users\Michi\Downloads\formelx_1_0.zip
2014-11-19 22:46 - 2014-11-23 10:58 - 00000000 ____D () C:\Windows\system32\AutoUpdateLicense
2014-11-19 20:50 - 2014-11-19 21:43 - 00000000 ____D () C:\ProgramData\BihxiCaklu
2014-11-18 19:40 - 2014-11-08 12:22 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 19:40 - 2014-11-08 12:21 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 19:40 - 2014-11-08 07:57 - 00187904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 19:40 - 2014-11-08 07:56 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-16 18:57 - 2014-11-16 18:57 - 00001549 _____ () C:\Users\Michi\Desktop\CINEMA 4D.lnk
2014-11-16 18:56 - 2014-11-16 18:56 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\MAXON
2014-11-16 18:56 - 2014-11-16 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cinema 4D R12
2014-11-16 18:53 - 2014-11-16 18:56 - 00000000 ____D () C:\Program Files (x86)\Cinema 4D R12
2014-11-15 19:50 - 2014-07-03 02:59 - 01824784 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-11-15 19:49 - 2014-07-12 05:41 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\KBDRUM.DLL
2014-11-15 19:49 - 2014-07-12 05:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-11-15 19:49 - 2014-07-12 05:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-11-15 19:49 - 2014-07-12 05:41 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-11-15 19:49 - 2014-07-12 05:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-11-15 19:49 - 2014-07-12 05:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-11-15 19:49 - 2014-07-12 05:16 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRUM.DLL
2014-11-15 19:49 - 2014-07-12 05:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-11-15 19:49 - 2014-07-12 05:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-11-15 19:49 - 2014-07-12 05:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-11-15 19:49 - 2014-07-12 05:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-11-15 19:49 - 2014-07-12 05:15 - 00006144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-11-15 19:49 - 2014-07-12 01:02 - 00478352 _____ () C:\Windows\SysWOW64\locale.nls
2014-11-15 19:49 - 2014-07-12 01:00 - 00478352 _____ () C:\Windows\system32\locale.nls
2014-11-15 19:49 - 2014-07-08 23:33 - 00181248 _____ (Microsoft Corp.) C:\Windows\system32\Defrag.exe
2014-11-15 19:49 - 2014-07-08 23:32 - 01539584 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2014-11-15 19:49 - 2014-07-08 23:32 - 00340480 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2014-11-15 19:49 - 2014-07-08 23:30 - 01220608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2014-11-15 19:49 - 2014-07-07 06:52 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2014-11-15 19:49 - 2014-07-07 06:52 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2014-11-15 19:49 - 2014-07-04 11:52 - 00328000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-11-15 19:49 - 2014-07-03 01:30 - 01408952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-11-15 19:49 - 2014-06-28 08:01 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2014-11-15 19:49 - 2014-06-28 07:57 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-11-15 19:49 - 2014-06-28 07:56 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2014-11-15 19:49 - 2014-06-25 08:09 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-11-15 19:49 - 2014-06-25 08:07 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-11-15 19:49 - 2014-06-18 00:27 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-11-15 19:49 - 2014-06-18 00:23 - 02238464 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-11-15 19:49 - 2014-06-11 15:47 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-11-15 19:49 - 2014-06-11 05:40 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-11-15 19:49 - 2014-06-10 23:44 - 01403896 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-11-15 19:49 - 2014-02-04 11:57 - 01271664 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-11-15 17:21 - 2014-10-22 04:34 - 00010777 _____ () C:\Windows\system32\AutoconfigV2.cab
2014-11-15 17:21 - 2014-10-22 04:33 - 00581016 _____ (Microsoft Corporation) C:\Windows\system32\AutoUpdate.exe
2014-11-15 17:21 - 2014-10-22 04:33 - 00462760 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-11-15 17:21 - 2014-10-22 02:08 - 00568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-11-15 17:21 - 2014-10-22 02:08 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-11-15 17:21 - 2014-10-22 02:01 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-11-15 17:21 - 2014-10-22 02:00 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2014-11-15 17:20 - 2014-10-22 02:01 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2014-11-15 17:20 - 2014-10-22 02:01 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-11-14 19:02 - 2014-07-15 23:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-11-14 18:57 - 2014-06-10 23:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-11-14 18:57 - 2014-06-10 23:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-11-14 18:54 - 2014-10-11 08:44 - 19764736 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-11-14 18:54 - 2014-10-11 06:57 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-11-14 18:54 - 2014-10-09 04:59 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-11-14 18:54 - 2014-10-09 04:59 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-11-14 18:54 - 2014-10-09 04:58 - 00458240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2014-11-14 18:54 - 2014-09-26 07:30 - 01484288 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2014-11-14 18:54 - 2014-09-22 06:38 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2014-11-14 18:54 - 2014-09-22 04:56 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-11-14 18:54 - 2014-09-18 00:24 - 00987136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmclient.dll
2014-11-14 18:54 - 2014-09-18 00:24 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmscan.dll
2014-11-14 18:54 - 2014-09-18 00:24 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srm.dll
2014-11-14 18:54 - 2014-09-18 00:24 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adrclient.dll
2014-11-14 18:54 - 2014-09-17 23:57 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\srmclient.dll
2014-11-14 18:54 - 2014-09-17 23:57 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\srmscan.dll
2014-11-14 18:54 - 2014-09-17 23:57 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\srm.dll
2014-11-14 18:54 - 2014-09-17 23:57 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\adrclient.dll
2014-11-13 18:02 - 2014-10-18 09:44 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 18:02 - 2014-10-18 08:05 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 18:02 - 2014-10-11 09:35 - 00171840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 18:02 - 2014-10-11 08:45 - 10115072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-11-13 18:02 - 2014-10-11 08:44 - 03248640 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-13 18:02 - 2014-10-11 08:44 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 18:02 - 2014-10-11 08:44 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-11-13 18:02 - 2014-10-11 08:44 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-11-13 18:02 - 2014-10-11 08:43 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-13 18:02 - 2014-10-11 08:43 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 18:02 - 2014-10-11 06:58 - 08858624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-11-13 18:02 - 2014-10-11 06:57 - 02416640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-13 18:02 - 2014-10-11 06:57 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-11-13 18:02 - 2014-10-11 06:57 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-11-13 18:02 - 2014-10-11 06:56 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-11-13 18:02 - 2014-10-11 06:41 - 00713728 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 18:02 - 2014-10-11 06:41 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 18:02 - 2014-10-11 06:05 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 18:02 - 2014-10-11 06:04 - 00713728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 18:02 - 2014-10-03 02:21 - 00522728 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 18:02 - 2014-10-02 23:29 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 18:02 - 2014-10-02 23:29 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 18:02 - 2014-10-02 23:29 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-11-13 18:02 - 2014-10-02 00:05 - 04068864 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 18:02 - 2014-09-13 07:24 - 02233152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-11-13 18:02 - 2014-09-06 01:46 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-11-13 18:02 - 2014-09-03 03:48 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2014-11-13 18:02 - 2014-09-03 03:22 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2014-11-13 18:02 - 2014-08-29 05:17 - 02043392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-11-13 18:02 - 2014-08-29 05:17 - 00227328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-11-13 18:02 - 2014-08-29 05:04 - 02837504 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-11-13 18:02 - 2014-08-29 05:04 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-11-13 18:02 - 2014-08-28 07:04 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSCOMEX.dll
2014-11-13 18:02 - 2014-08-28 07:04 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-11-13 18:02 - 2014-08-28 06:59 - 00616448 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-11-13 18:02 - 2014-08-28 06:59 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2014-11-13 18:02 - 2014-08-28 06:59 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\FXSTIFF.dll
2014-11-13 18:02 - 2014-08-28 06:59 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\FXST30.dll
2014-11-13 18:02 - 2014-07-24 14:12 - 00328512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-11-13 18:01 - 2014-10-23 13:47 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 18:01 - 2014-10-23 12:04 - 00068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 18:01 - 2014-09-25 00:29 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 18:01 - 2014-09-25 00:29 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2014-11-13 18:01 - 2014-09-25 00:01 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 18:01 - 2014-09-25 00:01 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2014-11-13 18:01 - 2014-09-22 06:53 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-11-13 18:01 - 2014-08-26 23:08 - 00270024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-11-13 18:01 - 2014-08-22 00:56 - 01418752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 18:01 - 2014-08-22 00:27 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 18:00 - 2014-10-26 02:56 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 18:00 - 2014-10-26 02:56 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 18:00 - 2014-10-26 02:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-11-13 18:00 - 2014-10-26 02:56 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-11-13 18:00 - 2014-10-26 02:56 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 18:00 - 2014-10-26 02:55 - 19284480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 18:00 - 2014-10-26 02:55 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 18:00 - 2014-10-26 02:55 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 18:00 - 2014-10-26 02:55 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 18:00 - 2014-10-26 02:54 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 18:00 - 2014-10-26 02:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 18:00 - 2014-10-26 02:54 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 18:00 - 2014-10-26 02:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-13 18:00 - 2014-10-26 02:54 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 18:00 - 2014-10-26 02:54 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 18:00 - 2014-10-26 02:54 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 18:00 - 2014-10-26 02:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-13 18:00 - 2014-10-26 02:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 18:00 - 2014-10-26 02:54 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 18:00 - 2014-10-26 02:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 18:00 - 2014-10-26 02:53 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 18:00 - 2014-10-26 01:36 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 18:00 - 2014-10-26 01:35 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 18:00 - 2014-10-26 01:35 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 18:00 - 2014-10-26 01:35 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 18:00 - 2014-10-26 01:35 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-13 18:00 - 2014-10-26 01:35 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 18:00 - 2014-10-26 01:35 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-11-13 18:00 - 2014-10-26 01:34 - 13758464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 18:00 - 2014-10-26 01:34 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 18:00 - 2014-10-26 01:34 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 18:00 - 2014-10-26 01:34 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 18:00 - 2014-10-26 01:34 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-13 18:00 - 2014-10-26 01:34 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 18:00 - 2014-10-26 01:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-13 18:00 - 2014-10-26 01:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 18:00 - 2014-10-26 01:34 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-13 18:00 - 2014-10-26 01:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-13 18:00 - 2014-10-26 01:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 18:00 - 2014-10-26 01:34 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-13 18:00 - 2014-10-26 01:19 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 18:00 - 2014-10-26 01:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-13 18:00 - 2014-10-25 22:48 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-11-11 16:35 - 2014-11-11 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-10 18:32 - 2014-11-10 18:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-09 16:31 - 2014-11-09 16:31 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-11-09 15:43 - 2014-11-16 19:02 - 00000000 ___RD () C:\Users\Michi\Desktop\Batch Stuff
2014-11-07 17:45 - 2014-11-07 17:45 - 00000000 ____D () C:\Users\Michi\AppData\Local\fabi.me
2014-11-06 22:14 - 2014-11-26 13:51 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\.minecraft
2014-11-06 22:10 - 2014-11-06 22:10 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\java
2014-11-06 18:40 - 2014-11-06 18:43 - 00000026 _____ () C:\Users\Michi\AppData\Local\isoworkshop.ini
2014-11-06 18:33 - 2014-11-06 18:33 - 00000000 ____D () C:\ProgramData\ATI
2014-11-06 18:32 - 2014-11-06 18:32 - 00062044 _____ () C:\Windows\SysWOW64\CCCInstall_201411061832378733.log
2014-11-06 18:32 - 2014-11-06 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-11-06 18:32 - 2014-11-06 18:32 - 00000000 ____D () C:\Program Files\ATI
2014-11-06 18:32 - 2014-11-06 18:32 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-11-06 18:31 - 2014-11-06 18:32 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-11-06 18:29 - 2014-11-06 18:29 - 00054772 _____ () C:\Windows\SysWOW64\CCCInstall_201411061829301408.log
2014-11-06 18:04 - 2014-11-06 18:04 - 00001279 _____ () C:\Users\Michi\Desktop\Landwirtschafts Simulator 15 .lnk
2014-11-06 18:04 - 2014-11-06 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2015
2014-11-06 18:00 - 2014-11-06 19:07 - 00000000 ____D () C:\Program Files (x86)\Landwirtschafts Simulator 2015
2014-11-06 17:59 - 2014-11-06 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2014-11-06 17:59 - 2014-11-06 17:59 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-11-06 17:56 - 2014-11-06 17:56 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-11-04 18:15 - 2014-11-15 20:04 - 00001088 _____ () C:\Users\Michi\pixinsight-license
2014-11-04 18:14 - 2014-11-04 18:22 - 00000000 ____D () C:\Program Files\PixInsight
2014-11-04 18:14 - 2014-11-04 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PixInsight Platform
2014-11-02 22:40 - 2014-11-02 22:40 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2014-10-28 19:52 - 2014-10-28 19:52 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DeepSkyStacker
2014-10-28 19:52 - 2014-10-28 19:52 - 00000000 ____D () C:\Program Files (x86)\DeepSkyStacker
2014-10-28 12:05 - 2014-11-06 18:24 - 00000000 ____D () C:\Program Files (x86)\FITS Liberator
2014-10-28 00:23 - 2014-10-28 00:23 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-28 00:23 - 2014-10-28 00:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-28 00:23 - 2014-10-28 00:23 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-27 23:52 - 2014-10-27 23:52 - 00003120 _____ () C:\Windows\SysWOW64\syswgIip.ocx
2014-10-27 23:52 - 2014-10-27 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProDigital Software
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-26 16:47 - 2013-11-06 19:37 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Skype
2014-11-26 16:46 - 2014-06-17 16:46 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Notepad++
2014-11-26 16:46 - 2013-10-22 15:44 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\ClassicShell
2014-11-26 16:14 - 2013-12-09 18:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-26 16:08 - 2014-08-17 18:35 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-26 16:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-11-26 13:43 - 2014-08-17 19:33 - 00000000 ____D () C:\Users\Michi\AppData\Local\Adobe
2014-11-26 13:40 - 2014-08-17 18:35 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-25 20:40 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-11-25 20:16 - 2013-12-09 18:13 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-25 19:44 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-11-25 19:24 - 2013-11-06 19:31 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-25 15:49 - 2012-07-26 11:27 - 01998720 _____ () C:\Windows\system32\perfh007.dat
2014-11-25 15:49 - 2012-07-26 11:27 - 00527672 _____ () C:\Windows\system32\perfc007.dat
2014-11-25 15:49 - 2012-07-26 08:28 - 00005430 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-24 17:00 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-24 16:59 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-11-23 13:00 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-11-23 11:25 - 2014-10-18 22:10 - 00000866 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-23 11:12 - 2012-07-26 06:37 - 00000000 __RHD () C:\Users\Default
2014-11-23 11:09 - 2012-07-26 06:26 - 00000215 _____ () C:\Windows\system.ini
2014-11-20 16:30 - 2013-10-22 15:50 - 00000000 ___RD () C:\Users\Michi\Desktop\Michi
2014-11-19 22:46 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2014-11-19 22:29 - 2013-12-08 17:44 - 00000000 ____D () C:\Users\Michi\Documents\Outlook-Dateien
2014-11-19 18:45 - 2014-08-20 10:27 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\vlc
2014-11-16 19:15 - 2013-10-21 19:26 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-203259023-386501227-1076918401-1001
2014-11-16 19:00 - 2014-09-26 15:55 - 00000000 ____D () C:\Games
2014-11-16 17:03 - 2014-08-17 18:35 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-16 17:03 - 2014-08-17 18:35 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-15 11:45 - 2014-06-15 12:17 - 00000425 _____ () C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-11-15 11:45 - 2013-10-16 21:19 - 00000000 ____D () C:\Intel
2014-11-14 19:47 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData
2014-11-14 19:47 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-14 19:47 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-14 19:47 - 2012-07-26 09:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-14 19:47 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-14 19:47 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-14 19:47 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-14 19:13 - 2013-10-28 21:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-14 19:00 - 2013-10-24 18:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 17:51 - 2014-01-02 21:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-11 16:38 - 2014-08-17 18:35 - 00000000 ____D () C:\Users\Michi\AppData\Local\Google
2014-11-11 16:35 - 2014-08-17 18:35 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-10 15:51 - 2014-06-11 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-10 15:51 - 2014-06-11 16:44 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-10 15:51 - 2013-10-21 19:44 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-07 18:06 - 2013-10-21 19:56 - 00000000 ____D () C:\Users\Michi\AppData\Local\FSP
2014-11-06 18:36 - 2014-07-20 17:42 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Raptr
2014-11-06 18:32 - 2014-07-30 09:51 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-11-06 18:32 - 2013-10-21 19:45 - 00000000 ____D () C:\ProgramData\AMD
2014-11-06 18:31 - 2014-01-03 18:47 - 00000000 ____D () C:\AMD
2014-11-06 18:13 - 2013-10-23 19:08 - 00000000 ____D () C:\Users\Michi\Documents\My Games
2014-11-04 18:15 - 2013-10-21 19:20 - 00000000 ____D () C:\Users\Michi
2014-11-04 18:14 - 2014-09-17 19:54 - 00000000 ____D () C:\Users\Michi\AppData\Roaming\Pleiades
2014-11-03 15:54 - 2014-10-18 22:10 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-02 18:53 - 2013-10-28 21:32 - 00000000 ____D () C:\Users\Michi\AppData\Local\Microsoft Help
2014-10-31 23:26 - 2013-10-24 18:14 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-30 13:09 - 2013-10-21 22:40 - 00007611 _____ () C:\Users\Michi\AppData\Local\Resmon.ResmonCfg
2014-10-30 01:53 - 2012-07-26 09:14 - 00713672 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-30 01:53 - 2012-07-26 09:14 - 00106432 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-28 00:23 - 2013-12-09 18:04 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-27 23:52 - 2014-09-24 14:32 - 00000000 ____D () C:\Users\Michi\AppData\Local\ProDigital
2014-10-27 23:52 - 2014-09-24 14:32 - 00000000 ____D () C:\ProgramData\ProDigitalSoftware
2014-10-27 23:52 - 2014-09-24 14:32 - 00000000 ____D () C:\Program Files\ProDigital Software
2014-10-27 23:52 - 2014-09-24 14:32 - 00000000 ____D () C:\Program Files (x86)\ProDigital Software
Some content of TEMP:
====================
C:\Users\Michi\AppData\Local\temp\avgnt.exe
C:\Users\Michi\AppData\Local\temp\Quarantine.exe
C:\Users\Michi\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-25 18:58
==================== End Of Log ============================
|
|
27.11.2014, 10:37
| #10 |
| /// the machine /// TB-Ausbilder | Avira meldet Funde (TR/Crypt.ZPACK.104691) Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.11.2014, 13:51
| #11 |
| | Avira meldet Funde (TR/Crypt.ZPACK.104691) Super! Vielen Dank, habe noch einige Ratschläge zum zusätzlichen Schutz befolgt. Noch eine Frage, was soll ich mit den Dateien in der Quarantäne von Avira Free AntiVirus machen? Löschen oder drinbehalten? |
|
28.11.2014, 08:50
| #12 |
| /// the machine /// TB-Ausbilder | Avira meldet Funde (TR/Crypt.ZPACK.104691) Kannste löschen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Avira meldet Funde (TR/Crypt.ZPACK.104691) |
| antivirus, appl/somoto.gen2, autostart, bihxicaklu, deaktiviert, fehler, fehlercode 0x5, fehlercode 22, fehlercode 40, fehlercode windows, funktioniert, maleware, microsoft, quarantäne, software, this device is disabled. (code 22), tr/crypt.zpack.104691, tr/crypt.zpack.108102, trojan, unerwünschtes programm, windows, zugriff |
WARNUNG an die MITLESER: 
