| |
| |||||||
Log-Analyse und Auswertung: Windows 8.1 Chrome öffnet sporadisch leere FensterWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
14.02.2015, 17:59
| #1 |
| |  Windows 8.1 Chrome öffnet sporadisch leere Fenster Hallo Trojaner-Board, Seit einigen Wochen öffnet Google Chrome sporadisch einfach neue Browser-Fenster. Die Fenster sind leer und es steht auch keine Webseite in der Adressleiste. Selbst wenn der Browser geschlossen ist, startet er (ebenso sporadisch) von alleine mit einem leeren Fenster. Ich habe testweise bereits alle Addons deaktiviert, aber das Problem trat weiterhin auf. Zuerst hatte ich einen Browserhijacker oder eine Toolbar vom letzten Javaupdate in Verdacht, aber selbst als Adblock-Plus deaktiviert war, wurde keine Werbeadresse oder Suchmaschine aufgerufen. Aber! Wenn Winamp im Focus ist, wird dort ebenfalls versucht den internen Browser zu starten, jedoch auch wieder ohne Adresse. Norton hat vor 4 Tagen bei softonicdownloader_for_exif-viewer.exe angeschlagen. (siehe LOG "Behobene Sicherheitsrisiken.txt") Aber auch das war leider nicht die Ursache. Dann hatte ich noch meine Funktastatur in Verdacht, dass von dieser eventuell die Kombination "Strg+N" gesendet wird, aber diese die Tastatur habe ich schon ohne Erfolg deaktiviert. Ich bin mit meinem Latein so ziemlich am Ende und hoffe ihr könnt mir weiter helfen ohne dass ich das System komplett neu aufsetzen muss.   Hier sind meine bisherigen Logs, laut eurer Forenregeln und Anleitung: Behobene Sicherheitsrisiken.txt (von Norton in letzter Zeit behoben) Code:
ATTFilter
Kategorie: Behobene Sicherheitsrisiken
Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Pfad - Dateiname
14.02.2015 16:41:12,Hoch,one_player.exe (SAPE.Heur.ad1) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\christoph\downloads\one_player.exe
10.02.2015 21:19:28,Gering,softonicdownloader_for_exif-viewer.exe (Softonic) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\christoph\downloads\softonicdownloader_for_exif-viewer.exe
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:55 on 14/02/2015 (Christoph)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-02-2015
Ran by Christoph (administrator) on JUKEBOX on 14-02-2015 16:58:35
Running from C:\Users\Christoph\Downloads
Loaded Profiles: Christoph (Available profiles: Christoph & ChristophAdm)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
() C:\Program Files\Ditto\Ditto.exe
(Dropbox, Inc.) C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(Last.fm) C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_31\bin\javaw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(PortableApps.com) C:\Users\Christoph\SkyDrive\Dokumente\ThunderbirdPortable\ThunderbirdPortable.exe
(Mozilla Corporation) C:\Users\Christoph\SkyDrive\Dokumente\ThunderbirdPortable\App\thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Christoph\Downloads\Defogger.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3939742808-1999560202-1390110637-1001\...\Run: [Ditto] => C:\Program Files\Ditto\Ditto.exe [1880064 2014-06-06] ()
HKU\S-1-5-21-3939742808-1999560202-1390110637-1001\...\MountPoints2: {60ddcdea-bd35-11e3-825c-50e54937b7e4} - "H:\Startme.exe"
Startup: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3939742808-1999560202-1390110637-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-3939742808-1999560202-1390110637-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.lovoo.com/
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-03-15]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn [2015-02-14]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "https://www.facebook.com/", "hxxp://de.ogame.gameforge.com/", "hxxp://www.wunderlist.com/", "https://www.evernote.com/Login.action"
CHR Profile: C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-03-15]
CHR Extension: (Google Docs) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-12]
CHR Extension: (Google Drive) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-31]
CHR Extension: (YouTube) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-12]
CHR Extension: (Adblock Plus) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-12]
CHR Extension: (Google-Suche) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-12]
CHR Extension: (Search by Image (by Google)) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2014-03-12]
CHR Extension: (Gmail™ Notifier) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjichoefijpinlfnjghokpkojhlhkgl [2015-01-02]
CHR Extension: (Speed Dial) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi [2014-07-02]
CHR Extension: (Google Kalender) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-03-12]
CHR Extension: (Type Scout) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\fedokkaolmkkoeedicihicdeppjjeamj [2014-03-12]
CHR Extension: (Wunderlist - To-do and Task list) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc [2014-03-12]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-03-12]
CHR Extension: (Last.fm Scrobbler) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhinaapppaileiechjoiifaancjggfjm [2014-03-17]
CHR Extension: (World Weather) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\jefnaahehlimdapgicdacbgklnedgoje [2014-03-12]
CHR Extension: (JDownloader Integration for Google Chrome™) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\laeghehalempfenbefbjbhccjcoakpmm [2014-03-12]
CHR Extension: (AntiGameOrigin) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldbahlcmhmlpomdepooifmhnalokdhgm [2014-03-17]
CHR Extension: (Lazarus: Form Recovery) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2014-03-12]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-03-12]
CHR Extension: (9kw.eu App) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\mogofncadgccpgdipbepfocfafpcohmp [2014-03-12]
CHR Extension: (Google Wallet) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-12]
CHR Extension: (ProxPrice) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nopgehbobniifpngnhmljfojnkkopbje [2014-05-14]
CHR Extension: (Google Mail) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-12]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-03]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-03]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [777728 2014-10-30] (FileZilla Project) [File not signed]
S3 MySQL56; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14243 2014-06-29] () [File not signed]
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37176 2014-04-09] (The OpenVPN Project)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\BASHDefs\20150203.001\BHDrvx64.sys [1622744 2015-02-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\IPSDefs\20150213.001\IDSvia64.sys [669400 2015-02-06] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\VirusDefs\20150213.019\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\VirusDefs\20150213.019\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation )
S3 s0016bus; C:\Windows\System32\drivers\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\system32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\system32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\system32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\system32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\system32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\drivers\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1506000.020\SymELAM.sys [23568 2013-10-30] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-13] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-14 16:58 - 2015-02-14 16:58 - 00022807 _____ () C:\Users\Christoph\Downloads\FRST.txt
2015-02-14 16:58 - 2015-02-14 16:58 - 00000000 ____D () C:\FRST
2015-02-14 16:57 - 2015-02-14 16:57 - 02134528 _____ (Farbar) C:\Users\Christoph\Downloads\frst64.exe
2015-02-14 16:55 - 2015-02-14 16:55 - 00000480 _____ () C:\Users\Christoph\Downloads\defogger_disable.log
2015-02-14 16:55 - 2015-02-14 16:55 - 00000000 _____ () C:\Users\Christoph\defogger_reenable
2015-02-14 16:54 - 2015-02-14 16:54 - 00050477 _____ () C:\Users\Christoph\Downloads\Defogger.exe
2015-02-14 11:29 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-14 11:29 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-13 21:21 - 2015-02-13 21:21 - 00000000 ____D () C:\Users\Christoph\Desktop\Lohnnachweise
2015-02-13 12:11 - 2015-02-14 16:47 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Thunderbird
2015-02-11 13:41 - 2015-02-11 13:41 - 00001592 _____ () C:\Users\Christoph\Desktop\Shopwings.txt
2015-02-11 12:25 - 2015-02-13 09:23 - 00001078 _____ () C:\Users\Christoph\Desktop\Dropbox.lnk
2015-02-11 11:44 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 11:44 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 11:44 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-11 11:44 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-11 11:44 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 11:44 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 11:44 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 11:44 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-11 11:44 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-11 11:44 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 11:44 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 11:44 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 11:44 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 11:44 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 11:44 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 11:44 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 11:44 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 11:44 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-11 11:44 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-11 11:44 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-11 11:44 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 11:44 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-11 11:44 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-11 11:44 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-11 11:44 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-11 11:44 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-11 11:43 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 11:43 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 11:43 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 11:43 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 11:43 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 11:43 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 11:43 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-11 11:43 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 11:43 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 11:43 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 11:43 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 11:43 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 11:43 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 11:43 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 11:43 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 11:43 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 11:43 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 11:43 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 11:43 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-11 11:43 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 11:43 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-11 11:43 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 11:43 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 11:43 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 11:43 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 11:43 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 11:43 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 11:43 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-11 11:43 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-11 11:43 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-11 11:43 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 11:43 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-11 11:43 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 11:43 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 11:43 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 11:43 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 11:43 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 11:43 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 11:43 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 11:43 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 11:43 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 11:43 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 11:43 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 11:43 - 2014-12-09 00:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-11 11:42 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 11:41 - 2015-02-14 11:25 - 00001955 _____ () C:\Windows\setupact.log
2015-02-11 11:41 - 2015-02-11 11:41 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-10 21:01 - 2015-02-10 21:01 - 00001130 _____ () C:\Users\Christoph\Desktop\StarCitizen.lnk
2015-02-10 21:01 - 2015-02-10 21:01 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCitizen
2015-02-10 21:00 - 2015-02-10 21:04 - 00000000 ____D () C:\Users\Christoph\Documents\StarCitizen
2015-02-10 20:36 - 2015-02-10 20:36 - 00010123 _____ () C:\Windows\DirectX.log
2015-02-10 20:36 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-02-10 20:36 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-02-10 20:36 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-02-10 20:36 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-02-10 20:36 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-02-10 20:36 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-02-10 20:36 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-02-10 20:36 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-02-10 20:36 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-02-10 20:36 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-02-10 20:36 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-02-10 20:36 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2015-02-10 20:36 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2015-02-10 20:36 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-02-10 20:36 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-02-10 20:36 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2015-02-10 20:36 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-02-10 20:36 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-02-10 20:36 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-02-10 20:36 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2015-02-10 20:36 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2015-02-10 20:36 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-02-10 20:36 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-02-10 20:36 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-02-10 20:36 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-02-10 20:36 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2015-02-10 20:36 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-02-10 20:36 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-02-10 20:36 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-02-10 20:36 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-02-10 20:36 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-02-10 20:36 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-02-10 20:36 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2015-02-10 20:36 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2015-02-10 20:36 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-02-10 20:36 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-02-10 20:36 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2015-02-10 20:36 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-02-10 20:36 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2015-02-10 20:36 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-02-10 20:36 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2015-02-10 20:36 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-02-10 20:36 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2015-02-10 20:36 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-02-10 20:36 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2015-02-10 20:36 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2015-02-10 20:36 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-02-10 20:36 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-02-10 20:36 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2015-02-10 20:36 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-02-10 20:36 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2015-02-10 20:36 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-02-10 20:36 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-02-10 20:36 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-02-10 20:36 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-02-10 20:36 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-02-10 20:36 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-02-10 20:36 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2015-02-10 20:36 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-02-10 20:36 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-02-10 20:36 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-02-10 20:36 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-02-10 20:36 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2015-02-10 20:36 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-02-10 20:36 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-02-10 20:36 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-02-10 20:36 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-02-10 20:36 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-02-10 20:36 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-02-10 20:36 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-02-10 20:36 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2015-02-10 20:36 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2015-02-10 20:36 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-02-10 20:36 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-02-10 20:36 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2015-02-10 20:36 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2015-02-10 20:36 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-02-10 20:36 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-02-10 20:36 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2015-02-10 20:36 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-02-10 20:36 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2015-02-10 20:36 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-02-10 20:36 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2015-02-10 20:36 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-02-10 20:36 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2015-02-10 20:36 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2015-02-10 20:36 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-02-10 20:36 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-02-10 20:36 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2015-02-10 20:36 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-02-10 20:36 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-02-10 20:36 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-02-10 20:36 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2015-02-10 20:36 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-02-10 20:36 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2015-02-10 20:36 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-02-10 20:36 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2015-02-10 20:36 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-02-10 20:36 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2015-02-10 20:36 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-02-10 20:36 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2015-02-10 20:36 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-02-10 20:36 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2015-02-10 20:36 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-02-10 20:36 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2015-02-10 20:36 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-02-10 20:36 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2015-02-10 20:36 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-02-10 20:36 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2015-02-10 20:36 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-02-10 20:36 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2015-02-10 20:36 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-02-10 20:36 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2015-02-10 20:36 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-02-10 20:36 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2015-02-10 20:36 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-02-10 20:36 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2015-02-10 20:36 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-02-10 20:36 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-02-10 20:36 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-02-10 20:36 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2015-02-10 20:36 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-02-10 20:36 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2015-02-10 20:36 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-02-10 20:36 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-02-10 20:36 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-02-10 20:36 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2015-02-10 20:36 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-02-10 20:36 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2015-02-10 20:36 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-02-10 20:36 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-02-10 20:36 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-02-10 20:36 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-02-10 20:36 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-02-10 20:36 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2015-02-10 20:36 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2015-02-10 20:36 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-02-10 20:36 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-02-10 20:36 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2015-02-10 20:36 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-02-10 20:36 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2015-02-10 20:36 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-02-10 20:36 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-02-10 20:36 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-02-10 20:36 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-02-10 20:36 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-02-10 20:36 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-02-10 20:36 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-02-10 20:36 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-02-10 20:36 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-02-10 20:36 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-02-10 20:36 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-02-10 20:36 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-02-10 20:36 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-02-10 20:36 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-02-10 20:36 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-02-10 20:36 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-02-10 20:36 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-02-10 20:36 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-02-10 20:36 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-02-10 20:36 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-02-10 20:36 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-02-10 20:36 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-02-10 20:36 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-02-10 20:36 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-02-10 20:36 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-02-10 20:36 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-02-10 20:36 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-02-10 20:36 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-02-10 20:36 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-02-10 20:36 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-02-10 20:36 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-02-10 20:36 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-02-10 20:31 - 2015-02-10 20:36 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-02-10 20:07 - 2015-02-10 20:07 - 32802904 _____ () C:\Users\Christoph\Downloads\StarCitizenInstaller.exe
2015-01-30 13:02 - 2015-01-30 13:02 - 00010415 _____ () C:\Users\Christoph\AppData\Local\recently-used.xbel
2015-01-29 21:40 - 2015-01-29 21:40 - 00000557 _____ () C:\Users\Christoph\Downloads\qr_code.zip
2015-01-23 15:01 - 2015-02-06 21:11 - 00002195 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-23 15:01 - 2015-01-23 15:01 - 00880784 _____ (Google Inc.) C:\Users\Christoph\Downloads\ChromeSetup (2).exe
2015-01-23 15:00 - 2015-02-14 16:10 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-23 15:00 - 2015-02-14 11:25 - 00001130 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-23 15:00 - 2015-02-06 21:05 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-23 15:00 - 2015-02-06 21:05 - 00003870 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-23 14:57 - 2015-01-23 14:57 - 00880784 _____ (Google Inc.) C:\Users\Christoph\Downloads\ChromeSetup (1).exe
2015-01-23 14:56 - 2015-01-23 14:56 - 00880784 _____ (Google Inc.) C:\Users\Christoph\Downloads\ChromeSetup.exe
2015-01-23 14:16 - 2015-01-23 14:16 - 00000000 ____D () C:\NPE
2015-01-23 14:15 - 2015-01-23 14:15 - 03077776 ____N (Symantec Corporation) C:\Users\Christoph\Downloads\NPE.exe
2015-01-20 14:58 - 2015-01-20 14:58 - 00044748 _____ () C:\Users\Christoph\Downloads\schufaauskunft (1).zip
2015-01-20 14:56 - 2015-01-20 14:56 - 00044748 _____ () C:\Users\Christoph\Downloads\schufaauskunft.zip
2015-01-19 16:36 - 2015-01-19 16:36 - 00907595 _____ () C:\Users\Christoph\Downloads\Rasterbator_Standalone_1.21.zip
2015-01-17 18:26 - 2015-01-17 18:26 - 01179936 _____ () C:\Users\Christoph\Downloads\OpenOffice Kalendervorlagen 2015 - CHIP-Installer.exe
2015-01-17 18:26 - 2015-01-17 18:26 - 00156786 _____ () C:\Users\Christoph\Downloads\Openoffice_Kalender_2015.zip
2015-01-17 00:56 - 2015-01-17 00:56 - 00048640 _____ () C:\Users\Christoph\Downloads\kalender-2015-berlin-querformat.xls
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-14 16:58 - 2014-03-17 00:10 - 00000000 ____D () C:\Users\Christoph\AppData\Local\Last.fm
2015-02-14 16:55 - 2014-03-12 22:38 - 00000000 ____D () C:\Users\Christoph
2015-02-14 16:55 - 2014-03-12 22:26 - 01971284 _____ () C:\Windows\WindowsUpdate.log
2015-02-14 16:47 - 2014-07-12 14:19 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Ditto
2015-02-14 16:43 - 2014-03-12 23:10 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\ClassicShell
2015-02-14 16:39 - 2014-03-15 13:46 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\vlc
2015-02-14 16:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-14 14:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-02-14 13:48 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-14 11:31 - 2014-03-12 22:43 - 01778432 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-14 11:31 - 2013-08-23 00:24 - 00764802 _____ () C:\Windows\system32\perfh007.dat
2015-02-14 11:31 - 2013-08-23 00:24 - 00159332 _____ () C:\Windows\system32\perfc007.dat
2015-02-14 11:28 - 2014-03-12 22:44 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{09058031-F821-49D3-B323-B5D8123D26DE}
2015-02-14 11:28 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-02-14 11:25 - 2014-06-30 21:41 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-14 11:25 - 2014-03-14 01:53 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Dropbox
2015-02-14 11:25 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-13 21:52 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-13 18:18 - 2014-03-12 22:46 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3939742808-1999560202-1390110637-1001
2015-02-13 17:53 - 2014-09-18 05:44 - 00000872 _____ () C:\Windows\system32\TeamViewer9_Hooks.log
2015-02-13 17:53 - 2014-08-19 21:36 - 00001118 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2015-02-13 09:23 - 2014-03-14 01:53 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-13 09:22 - 2014-03-12 22:19 - 00510756 _____ () C:\Windows\PFRO.log
2015-02-13 09:22 - 2013-08-22 15:44 - 00362848 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 22:10 - 2014-12-11 03:27 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 22:10 - 2014-07-09 23:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 22:10 - 2014-03-19 01:46 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 22:08 - 2014-03-19 01:46 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-12 11:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-11 13:10 - 2014-03-14 13:11 - 02966016 ___SH () C:\Users\Christoph\Desktop\Thumbs.db
2015-02-11 00:46 - 2014-03-17 18:41 - 00000000 ____D () C:\Windows\Minidump
2015-02-10 20:13 - 2014-03-17 00:05 - 00658432 ___SH () C:\Users\Christoph\Downloads\Thumbs.db
2015-02-05 20:13 - 2014-03-16 22:26 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Notepad++
2015-02-04 20:03 - 2014-05-11 19:18 - 00000000 ____D () C:\Users\Christoph\Desktop\Exes
2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-30 13:02 - 2014-04-16 09:23 - 00000000 ____D () C:\Users\Christoph\.gimp-2.8
2015-01-25 16:11 - 2014-03-17 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-01-25 02:25 - 2014-03-19 16:17 - 00000000 ____D () C:\Program Files (x86)\Media Center Master
2015-01-23 18:51 - 2014-04-16 10:09 - 00000000 ____D () C:\Users\Christoph\AppData\Local\gtk-2.0
2015-01-23 15:01 - 2014-03-12 22:51 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-23 14:26 - 2014-03-17 01:54 - 00000000 ____D () C:\Users\Christoph\AppData\Local\NPE
2015-01-23 14:26 - 2014-03-15 14:01 - 00000000 ____D () C:\Program Files (x86)\Winamp Backup Tool
2015-01-23 01:35 - 2014-03-17 14:18 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Skype
2015-01-22 16:21 - 2014-03-15 18:26 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-22 16:19 - 2014-10-19 20:47 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-22 16:19 - 2014-05-14 15:04 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-22 16:19 - 2014-05-14 15:04 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-22 16:19 - 2014-05-14 15:04 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-22 16:19 - 2014-05-14 15:04 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-01-22 16:19 - 2014-05-14 15:04 - 00000000 ____D () C:\Program Files\Java
2015-01-22 16:18 - 2014-10-19 20:47 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-22 16:18 - 2014-10-19 20:47 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-22 16:18 - 2014-10-19 20:47 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-22 16:18 - 2014-10-19 20:47 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-22 16:18 - 2014-03-17 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-21 13:09 - 2014-05-11 19:18 - 00046080 ___SH () C:\Users\Christoph\Documents\Thumbs.db
2015-01-16 23:16 - 2014-07-09 12:25 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\.minecraft
==================== Files in the root of some directories =======
2014-07-19 08:41 - 2014-12-16 18:53 - 0000600 _____ () C:\Users\Christoph\AppData\Local\PUTTY.RND
2015-01-30 13:02 - 2015-01-30 13:02 - 0010415 _____ () C:\Users\Christoph\AppData\Local\recently-used.xbel
Some content of TEMP:
====================
C:\Users\Christoph\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpku4fgz.dll
C:\Users\Christoph\AppData\Local\Temp\proxy_vole2110875379520373615.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-14 13:46
==================== End Of Log ============================
Addition.txt FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-02-2015
Ran by Christoph at 2015-02-14 16:59:07
Running from C:\Users\Christoph\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 Premier Edition (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Album Art Downloader XUI 1.01 (HKLM-x32\...\Album Art Downloader XUI) (Version: 1.01 - hxxp://sourceforge.net/projects/album-art)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AmoK Playlist Copy 2.06 (HKLM-x32\...\AmoK Playlist Copy) (Version: 2.06 - Dirk Paehl)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
ClassicPro© v2.01 (HKLM-x32\...\ClassicPro) (Version: 2.01 - Skin Consortium)
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
CrystalDiskInfo 6.1.9a (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.1.9a - Crystal Dew World)
DH Driver Cleaner Professional Edition (HKLM-x32\...\Driver Cleaner Pro) (Version: Version 1.5 - Ruud Ketelaars)
Ditto (HKLM\...\Ditto_is1) (Version: - Scott Brogden)
Dropbox (HKU\S-1-5-21-3939742808-1999560202-1390110637-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
EVE Online (nur entfernen) (HKLM-x32\...\EVE) (Version: - CCP Games Ltd.)
Exif-Viewer 2.51 (HKLM-x32\...\Exif-Viewer) (Version: 2.51 - Ralf Bibinger)
FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.48 - FileZilla Project)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Last.fm Scrobbler 2.1.36 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Lyrics Plugin for Winamp (HKLM-x32\...\{75E9A522-65D2-4200-A95F-C3EF89703263}) (Version: 0.4 - Lyrics Plugin)
Media Center Master (HKLM-x32\...\Media Center Master_is1) (Version: 2.14.3415.889 - Media Center Master, Inc.)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mp3tag v2.66 (HKLM-x32\...\Mp3tag) (Version: v2.66 - Florian Heidenreich)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
MySQL Connector C++ 1.1.3 (HKLM\...\{5C7A1ED6-DC5F-4017-B363-3E80644B4BD0}) (Version: 1.1.3 - Oracle and/or its affiliates)
MySQL Connector J (HKLM-x32\...\{9B0DB369-396B-4A81-94FE-5631916D6C6F}) (Version: 5.1.30 - Oracle Corporation)
MySQL Connector Net 6.8.3 (HKLM-x32\...\{38157422-F952-42F7-88AA-CC16A63CD109}) (Version: 6.8.3 - Oracle)
MySQL Connector/C 6.1 (HKLM\...\{BDD417A0-EBEC-46E4-8879-426B9C617C53}) (Version: 6.1.3 - Oracle Corporation)
MySQL Documents 5.6 (HKLM-x32\...\{A0E83565-E770-466D-BD7F-2DB3D55EDE25}) (Version: 5.6.17 - Oracle Corporation)
MySQL Examples and Samples 5.6 (HKLM-x32\...\{234616A4-659D-48F6-B204-ACCA217F896B}) (Version: 5.6.17 - Oracle Corporation)
MySQL Installer (HKLM-x32\...\{88359D24-F64F-477E-B080-50FB024BA6F7}) (Version: 1.3.3.0 - Oracle Corporation)
MySQL Notifier 1.1.5 (HKLM-x32\...\{DB02F4B3-3FC4-4FED-B2A2-7CDCF88D87D3}) (Version: 1.1.5 - Oracle)
MySQL Server 5.6 (HKLM\...\{319E6998-5D33-44F0-926F-671C8773B0BE}) (Version: 5.6.17 - Oracle Corporation)
MySQL Utilities (HKLM-x32\...\{E967FF67-DE28-4BB0-857C-87A825CCF003}) (Version: 1.3.6 - Oracle)
MySQL Workbench 6.1 CE (HKLM-x32\...\{625991FA-1A48-4AD8-95D5-84A0C9896C9A}) (Version: 6.1.4 - Oracle Corporation)
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
OpenVPN 2.3.3 (HKLM\...\OpenVPN) (Version: 2.3.3 - )
Oracle VM VirtualBox 4.3.20 (HKLM\...\{DD8F7A7A-852F-4648-8A73-B8FC1DF5F082}) (Version: 4.3.20 - Oracle Corporation)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.5.201403281437 - Sony Mobile Communications AB)
Sony PC Companion 2.10.236 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.236 - Sony)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.38846 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
TeXnicCenter Version 2.02 Stable (HKLM\...\TeXnicCenter_is1) (Version: 2.02 Stable - The TeXnicCenter Team)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51 RC3 - Ghisler Software GmbH)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TweakMe! (HKLM-x32\...\{709D0207-B1F8-4ADC-BB2F-CDBE2367A475}_is1) (Version: 1.3.0.0 - pXc-coding.com)
UltraStar 1.0.2 (HKLM-x32\...\UltraStar) (Version: 1.0.2 - SterGames)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.3.0.0 - Azureus Software, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Winamp Backup Tool (HKLM-x32\...\Winamp Backup Tool) (Version: 1.1.0.1442 - Christoph Grether & Paweł Porwisz)
WinHTTrack Website Copier 3.47-27 (HKLM-x32\...\WinHTTrack Website Copier_is1) (Version: 3.47.27 - HTTrack)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Wizard101(DE) (HKU\S-1-5-21-3939742808-1999560202-1390110637-1001\...\Wizard101(DE)_is1) (Version: - Gameforge 4D GmbH)
Xming 6.9.0.31 (HKLM-x32\...\Xming_is1) (Version: 6.9.0.31 - Colin Harrison)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3939742808-1999560202-1390110637-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3939742808-1999560202-1390110637-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3939742808-1999560202-1390110637-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3939742808-1999560202-1390110637-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3939742808-1999560202-1390110637-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3939742808-1999560202-1390110637-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3939742808-1999560202-1390110637-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3939742808-1999560202-1390110637-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3939742808-1999560202-1390110637-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3939742808-1999560202-1390110637-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Christoph\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
14-02-2015 13:47:06 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0984B4E7-0E3E-4C11-8CA9-D292BE7A3B2D} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {0F05A8EE-B7B5-4A87-99BA-FDEE250A5671} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.)
Task: {401FFDCB-3EF4-445B-9ACA-70073D8BBDEC} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {51340470-A818-4B39-AFB0-AE0EB8D83ED1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.)
Task: {690D7B10-17A7-45FE-AC45-A109B9B332E9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-12] (Microsoft Corporation)
Task: {970936F5-043D-496C-AD61-E5940454A716} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {E82DF3FB-57AB-4D73-B036-236E4389E880} - System32\Tasks\MySQLNotifierTask => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.5\MySQLNotifier.exe [2013-11-25] (Oracle Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-09-15 17:13 - 2014-09-15 17:13 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-07-12 14:19 - 2014-06-06 20:43 - 01880064 _____ () C:\Program Files\Ditto\Ditto.exe
2015-02-14 15:38 - 2015-02-14 15:38 - 00040448 ____N () C:\Users\Christoph\AppData\Local\Temp\proxy_vole2110875379520373615.dll
2015-02-14 15:39 - 2015-02-14 15:39 - 00566439 _____ () C:\Users\Christoph\SkyDrive\Dokumente\JDownloader 2\tmp\7zip\SevenZipJBinding-FKPz9\libgcc_s_sjlj-1.dll
2015-02-14 15:39 - 2015-02-14 15:39 - 04078962 ____N () C:\Users\Christoph\SkyDrive\Dokumente\JDownloader 2\tmp\7zip\SevenZipJBinding-FKPz9\lib7-Zip-JBinding.dll
2015-02-14 16:54 - 2015-02-14 16:54 - 00050477 _____ () C:\Users\Christoph\Downloads\Defogger.exe
2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\Christoph\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-14 11:25 - 2015-02-14 11:25 - 00043008 _____ () c:\Users\Christoph\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpku4fgz.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00047616 _____ () C:\Users\Christoph\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00865280 _____ () C:\Users\Christoph\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00200704 _____ () C:\Users\Christoph\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00118784 _____ () C:\Users\Christoph\AppData\Roaming\Dropbox\bin\plugins\accessible\qtaccessiblewidgets.dll
2015-02-06 21:11 - 2015-02-04 10:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-06 21:11 - 2015-02-04 10:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-06 21:11 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll
2015-02-14 15:17 - 2015-02-14 15:17 - 00014336 _____ () C:\Users\Christoph\AppData\Local\Temp\WDE61BB.tmp\ml_online.lng
2015-02-14 15:17 - 2015-02-14 15:17 - 00036352 _____ () C:\Users\Christoph\AppData\Local\Temp\WDE61BB.tmp\ombrowser.lng
2013-02-26 10:27 - 2013-02-26 10:27 - 00129536 _____ () C:\Program Files (x86)\Winamp\System\ClassicPro.w5s
2013-12-13 03:47 - 2013-12-13 03:47 - 00333824 _____ () C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
2006-03-12 14:06 - 2006-03-12 14:06 - 00025088 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_tips.dll
2010-05-13 23:19 - 2010-05-13 23:19 - 00013312 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_yar.dll
2014-03-17 21:51 - 2013-09-03 14:01 - 00736768 _____ () C:\Program Files (x86)\Last.fm\unicorn.dll
2014-03-17 21:51 - 2013-09-03 14:01 - 00126976 _____ () C:\Program Files (x86)\Last.fm\listener.dll
2014-03-17 21:51 - 2013-09-03 14:01 - 00032768 _____ () C:\Program Files (x86)\Last.fm\logger.dll
2014-03-17 21:51 - 2013-09-03 10:54 - 00351232 _____ () C:\Program Files (x86)\Last.fm\lastfm.dll
2014-03-17 21:51 - 2013-01-18 12:39 - 00302592 _____ () C:\Program Files (x86)\Last.fm\phonon.dll
2014-03-17 21:51 - 2013-01-18 12:49 - 00182784 _____ () C:\Program Files (x86)\Last.fm\plugins\phonon_backend\phonon_vlc.dll
2014-03-17 21:51 - 2012-12-13 01:12 - 00111104 _____ () C:\Program Files (x86)\Last.fm\libvlc.dll
2014-03-17 21:51 - 2012-12-13 01:13 - 02286592 _____ () C:\Program Files (x86)\Last.fm\libvlccore.dll
2014-03-17 21:51 - 2012-12-13 01:13 - 00049664 _____ () C:\Program Files (x86)\Last.fm\plugins\audio_output\libaout_directx_plugin.dll
2015-02-14 16:47 - 2015-02-14 16:47 - 00008704 _____ () C:\Users\Christoph\AppData\Local\Temp\nso7362.tmp\newadvsplash.dll
2015-02-14 16:47 - 2015-02-14 16:47 - 00029696 _____ () C:\Users\Christoph\AppData\Local\Temp\nso7362.tmp\registry.dll
2015-02-14 16:47 - 2015-02-14 16:47 - 00011264 _____ () C:\Users\Christoph\AppData\Local\Temp\nso7362.tmp\System.dll
2015-01-14 18:39 - 2015-01-14 18:39 - 03347056 _____ () C:\Users\Christoph\SkyDrive\Dokumente\ThunderbirdPortable\App\thunderbird\mozjs.dll
2015-01-14 18:39 - 2015-01-14 18:39 - 00158832 _____ () C:\Users\Christoph\SkyDrive\Dokumente\ThunderbirdPortable\App\thunderbird\NSLDAP32V60.dll
2015-01-14 18:39 - 2015-01-14 18:39 - 00023152 _____ () C:\Users\Christoph\SkyDrive\Dokumente\ThunderbirdPortable\App\thunderbird\NSLDAPPR32V60.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Christoph\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3939742808-1999560202-1390110637-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKU\S-1-5-21-3939742808-1999560202-1390110637-1001\...\StartupApproved\Run: => "MySQL Notifier"
==================== Accounts: =============================
Administrator (S-1-5-21-3939742808-1999560202-1390110637-500 - Administrator - Disabled)
Christoph (S-1-5-21-3939742808-1999560202-1390110637-1001 - Administrator - Enabled) => C:\Users\Christoph
ChristophAdm (S-1-5-21-3939742808-1999560202-1390110637-1005 - Administrator - Enabled) => C:\Users\ChristophAdm
Gast (S-1-5-21-3939742808-1999560202-1390110637-501 - Limited - Disabled)
Gast2 (S-1-5-21-3939742808-1999560202-1390110637-1007 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3939742808-1999560202-1390110637-1003 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: ATI Radeon HD 4250 (Microsoft Corporation - WDDM v1.1)
Description: ATI Radeon HD 4250 (Microsoft Corporation - WDDM v1.1)
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices, Inc.
Service: amdkmdap
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/14/2015 04:36:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: N360.exe, Version: 12.11.4.4, Zeitstempel: 0x53f531a0
Name des fehlerhaften Moduls: SYMHTMDX.DLL, Version: 8.0.0.58, Zeitstempel: 0x52018148
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00018d4f
ID des fehlerhaften Prozesses: 0xaa8
Startzeit der fehlerhaften Anwendung: 0xN360.exe0
Pfad der fehlerhaften Anwendung: N360.exe1
Pfad des fehlerhaften Moduls: N360.exe2
Berichtskennung: N360.exe3
Vollständiger Name des fehlerhaften Pakets: N360.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: N360.exe5
Error: (02/14/2015 01:47:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (02/13/2015 09:50:30 PM) (Source: ATIeRecord) (EventID: 16393) (User: )
Description: ATI EEU failed to create a QNode
Error: (02/13/2015 09:50:30 PM) (Source: ATIeRecord) (EventID: 16393) (User: )
Description: ATI EEU failed to create a QNode
Error: (02/13/2015 05:59:32 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {0916b9f8-0655-4fd8-9ddb-b3fb32e40bff}
Error: (02/13/2015 00:18:10 PM) (Source: ATIeRecord) (EventID: 16393) (User: )
Description: ATI EEU failed to create a QNode
Error: (02/13/2015 00:18:10 PM) (Source: ATIeRecord) (EventID: 16393) (User: )
Description: ATI EEU failed to create a QNode
Error: (02/12/2015 10:07:45 PM) (Source: ATIeRecord) (EventID: 16393) (User: )
Description: ATI EEU failed to create a QNode
Error: (02/12/2015 10:07:45 PM) (Source: ATIeRecord) (EventID: 16393) (User: )
Description: ATI EEU failed to create a QNode
Error: (02/12/2015 05:28:10 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {f2aa305d-a846-4c65-a8f6-8db46cabd527}
System errors:
=============
Error: (02/14/2015 01:47:43 PM) (Source: DCOM) (EventID: 10010) (User: JUKEBOX)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (02/14/2015 01:47:13 PM) (Source: DCOM) (EventID: 10010) (User: JUKEBOX)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (02/14/2015 11:25:10 AM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "O2" zum Namen "JUKEBOX" auf Transport "NetBT_Tcpip_{FD8C588E-B15F-4A8A-8041-67D3BBF787CA}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
Error: (02/13/2015 06:36:31 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (02/13/2015 00:29:26 PM) (Source: DCOM) (EventID: 10010) (User: JUKEBOX)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (02/13/2015 09:22:29 AM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "O2" zum Namen "JUKEBOX" auf Transport "NetBT_Tcpip_{FD8C588E-B15F-4A8A-8041-67D3BBF787CA}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
Error: (02/12/2015 10:10:51 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Sicherheitsupdate für Windows 8.1 für x64-basierte Systeme (KB3023562)
Error: (02/12/2015 10:10:51 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Update für Windows 8.1 für x64-Systeme (KB3020338)
Error: (02/12/2015 10:10:51 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Update für Windows 8.1 für x64-Systeme (KB3019868)
Error: (02/12/2015 10:10:51 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8007045b fehlgeschlagen: Sicherheitsupdate für Windows 8.1 für x64-basierte Systeme (KB3004361)
Microsoft Office Sessions:
=========================
Error: (02/14/2015 04:36:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: N360.exe12.11.4.453f531a0SYMHTMDX.DLL8.0.0.5852018148c000000500018d4faa801d0484081c6bdb7C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exeC:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SYMHTMDX.DLL3d78cf9a-b45f-11e4-82bf-50e54937b7e4
Error: (02/14/2015 01:47:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
Error: (02/13/2015 09:50:30 PM) (Source: ATIeRecord) (EventID: 16393) (User: )
Description:
Error: (02/13/2015 09:50:30 PM) (Source: ATIeRecord) (EventID: 16393) (User: )
Description:
Error: (02/13/2015 05:59:32 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {0916b9f8-0655-4fd8-9ddb-b3fb32e40bff}
Error: (02/13/2015 00:18:10 PM) (Source: ATIeRecord) (EventID: 16393) (User: )
Description:
Error: (02/13/2015 00:18:10 PM) (Source: ATIeRecord) (EventID: 16393) (User: )
Description:
Error: (02/12/2015 10:07:45 PM) (Source: ATIeRecord) (EventID: 16393) (User: )
Description:
Error: (02/12/2015 10:07:45 PM) (Source: ATIeRecord) (EventID: 16393) (User: )
Description:
Error: (02/12/2015 05:28:10 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {f2aa305d-a846-4c65-a8f6-8db46cabd527}
==================== Memory info ===========================
Processor: AMD Phenom(tm) II X4 955 Processor
Percentage of memory in use: 34%
Total physical RAM: 9725.52 MB
Available physical RAM: 6387.93 MB
Total Pagefile: 11261.52 MB
Available Pagefile: 7398.76 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:119.14 GB) (Free:35.25 GB) NTFS
Drive d: (TB) (Fixed) (Total:931.51 GB) (Free:403.51 GB) NTFS
Drive e: (Volume) (Fixed) (Total:2794.39 GB) (Free:1833.18 GB) NTFS
Drive f: (Western1TB) (Fixed) (Total:931.51 GB) (Free:788.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: F4B10F5B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: AD4170F4)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DCF7C465)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Gmer.txt [CODE] GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-14 17:18:07
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002a M4-CT128M4SSD2 rev.070H 119,24GB
Running: Gmer-19357.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\kxddypow.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff9600006a200 15 bytes [00, 65, F4, 01, 80, 7D, 6A, ...]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 17 fffff9600006a211 10 bytes [F3, FB, FF, 00, 17, C7, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\atiesrxx.exe[300] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffdf1c2169a 4 bytes [C2, F1, FD, 7F]
.text C:\Windows\system32\atiesrxx.exe[300] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffdf1c216a2 4 bytes [C2, F1, FD, 7F]
.text C:\Windows\system32\atiesrxx.exe[300] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffdf1c2181a 4 bytes [C2, F1, FD, 7F]
.text C:\Windows\system32\atiesrxx.exe[300] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffdf1c21832 4 bytes [C2, F1, FD, 7F]
.text C:\Windows\system32\atieclxx.exe[2528] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffdf1c2169a 4 bytes [C2, F1, FD, 7F]
.text C:\Windows\system32\atieclxx.exe[2528] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffdf1c216a2 4 bytes [C2, F1, FD, 7F]
.text C:\Windows\system32\atieclxx.exe[2528] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffdf1c2181a 4 bytes [C2, F1, FD, 7F]
.text C:\Windows\system32\atieclxx.exe[2528] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffdf1c21832 4 bytes [C2, F1, FD, 7F]
.text C:\Windows\Explorer.EXE[2804] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffdf1c2169a 4 bytes [C2, F1, FD, 7F]
.text C:\Windows\Explorer.EXE[2804] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffdf1c216a2 4 bytes [C2, F1, FD, 7F]
.text C:\Windows\Explorer.EXE[2804] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffdf1c2181a 4 bytes [C2, F1, FD, 7F]
.text C:\Windows\Explorer.EXE[2804] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffdf1c21832 4 bytes [C2, F1, FD, 7F]
.text C:\Windows\Explorer.EXE[2804] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffdde311f6a 4 bytes [31, DE, FD, 7F]
.text C:\Windows\Explorer.EXE[2804] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffdde311f82 4 bytes [31, DE, FD, 7F]
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4044] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffdde311f6a 4 bytes [31, DE, FD, 7F]
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4044] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffdde311f82 4 bytes [31, DE, FD, 7F]
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4044] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffdf1c2169a 4 bytes [C2, F1, FD, 7F]
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4044] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffdf1c216a2 4 bytes [C2, F1, FD, 7F]
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4044] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffdf1c2181a 4 bytes [C2, F1, FD, 7F]
.text C:\Program Files\Logitech\SetPointP\SetPoint.exe[4044] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffdf1c21832 4 bytes [C2, F1, FD, 7F]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [588:620] fffff960008b3b90
---- Processes - GMER 2.1 ----
Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:28) 000000006e7d0000
Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000006e4c0000
Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000006e0d0000
Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448](2015-02-10 21:00:30) 000000006e010000
Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448] (ICU I18N DLL/The ICU Project)(2015-02-10 21:00:30) 000000004a900000
Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448] (ICU Common DLL/The ICU Project)(2015-02-10 21:00:30) 0000000003ed0000
Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448] (ICU Data DLL/The ICU Project)(2015-02-10 21:00:30) 000000004ad00000
Library c:\users\christ~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpku4fgz.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448](2015-02-14 10:25:22) 0000000004260000
Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000006dca0000
Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:26) 000000006ccb0000
Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000006ca90000
Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000006c830000
Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000006c800000
Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448](2015-02-10 21:00:30) 000000006c7f0000
Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:26) 000000006c7c0000
Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000006c780000
Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000006c730000
Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448](2015-02-10 21:00:28) 000000006c650000
Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448](2015-02-10 21:00:28) 000000006c610000
Library C:\Users\Christoph\AppData\Roaming\Dropbox\bin\plugins\accessible\qtaccessiblewidgets.dll (*** suspicious ***) @ C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe [4448](2015-02-10 21:00:28) 00000000657d0000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{739253D9-F095-4ACC-990D-103F646E2B76}\Connection@Name isatap.localdomain
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -2116528840
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{739253D9-F095-4ACC-990D-103F646E2B76}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{739253D9-F095-4ACC-990D-103F646E2B76}@DefunctTimestamp 0x9C 0xDD 0xDD 0x54 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 7714
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 2092
---- EOF - GMER 2.1 ----
Geändert von reclaimer (14.02.2015 um 18:00 Uhr) Grund: Norton Code beschriftet |
Baum-Darstellung