| |
| |||||||
Log-Analyse und Auswertung: Windows 8.1: Dauernde Trojanerfunde - Crypt.Xpack / Z.pack /..Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
21.02.2015, 03:39
| #1 |
 |  Windows 8.1: Dauernde Trojanerfunde - Crypt.Xpack / Z.pack /.. Hallo liebes Board, nachdem ich gesehen habe was Ihr bei anderen Usern erreicht habt und weil ich mir wirklich Sorgen mache dass das Problem sich verschlimmert, muss ich mich dringend an euch wenden. Seit ein paar Wochen zeigt Avira regelmäßig Trojaner-Funde an. Trotz aller Bemühungen (Systemscan, Abgesicherter Modus) ist die Ruhe immer nur von kurzer Dauer. Lösche ich Crypt.Xpack, findet er Crypt.Zpack, Epack oder sonst was und das immer wieder. Ich hoffe Ihr könnt mir durch das Problem durch helfen, damit ich meinen PC nicht einstampfen muss. Vielen Dank im Voraus für Eure Bemühungen. Schönen Gruß Matze Anbei noch die ersten Logfiles: Avira: Code:
ATTFilter Exportierte Ereignisse:
13.02.2015 00:05 [System-Scanner] Malware gefunden
Die Datei 'C:\Program Files (x86)\Setup Wizard\embird.exe'
enthielt einen Virus oder unerwünschtes Programm 'Worm/Rbot.5013712' [worm].
Durchgeführte Aktion(en):
Eine Sicherungskopie wurde unter dem Namen 50179290.qua erstellt ( QUARANTÄNE ).
Die Datei wurde gelöscht.
12.02.2015 21:26 [System-Scanner] Malware gefunden
Die Datei 'C:\ProgramData\Microsoft\Secure\Icons\temp\tmp8794.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen7' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50f69943.qua'
verschoben!
19.02.2015 05:46 [System-Scanner] Malware gefunden
Die Datei 'C:\ProgramData\Microsoft\Secure\Icons\temp\tmpB521.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan].
Durchgeführte Aktion(en):
Eine Sicherungskopie wurde unter dem Namen 50f7c5ca.qua erstellt ( QUARANTÄNE ).
Die Datei wurde gelöscht.
18.02.2015 22:24 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\Microsoft\Secure\Icons\temp\tmpB521.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
18.02.2015 22:24 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\Microsoft\Secure\Icons\temp\tmpB521.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
13.02.2015 00:05 [System-Scanner] Malware gefunden
Die Datei
'C:\$Recycle.Bin\S-1-5-21-1635521525-480761495-2417052547-1002\$RYTJ33F.exe'
enthielt einen Virus oder unerwünschtes Programm 'Worm/Rbot.5013712' [worm].
Durchgeführte Aktion(en):
Eine Sicherungskopie wurde unter dem Namen 4889becd.qua erstellt ( QUARANTÄNE ).
Die Datei wurde gelöscht.
20.02.2015 02:02 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Matze\AppData\Local\Eftion\tmp76AC.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.101964' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
20.02.2015 02:05 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Matze\AppData\Local\Eftion\tmp76AC.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.101964' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
20.02.2015 02:06 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Matze\Downloads\Super Screen Capture\Super Screen
Capture.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.12582912.5' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
20.02.2015 02:00 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Matze\AppData\Local\Eftion\tmp76AC.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.101964' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
19.02.2015 06:44 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Matze\AppData\Local\Eftion\tmp76AC.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.101964' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
12.02.2015 21:25 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\Microsoft\Secure\Icons\temp\tmp8794.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen7' [trojan]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
12.02.2015 21:25 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\Microsoft\Secure\Icons\temp\tmp8794.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen7' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
14.02.2015 22:09 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\Microsoft\Secure\Icons\temp\tmp8C0E.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen7' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
16.02.2015 02:02 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Matze\AppData\Local\Eftion\tmp9450.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Boaxxe.A.284' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
16.02.2015 02:00 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Matze\AppData\Local\Eftion\tmp9450.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Boaxxe.A.284' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
16.02.2015 22:24 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\Microsoft\Secure\Icons\temp\tmp8EB5.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
16.02.2015 05:36 [System-Scanner] Malware gefunden
Die Datei 'C:\ProgramData\Microsoft\Secure\Icons\temp\tmpDD5D.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Dropper.VB.19003' [trojan].
Durchgeführte Aktion(en):
Eine Sicherungskopie wurde unter dem Namen 4904f9c4.qua erstellt ( QUARANTÄNE ).
Die Datei wurde gelöscht.
16.02.2015 02:46 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Matze\AppData\Local\Eftion\tmp9450.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Boaxxe.A.284' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50f9dea0.qua'
verschoben!
Der Registrierungseintrag
<HKEY_USERS\S-1-5-21-1635521525-480761495-2417052547-1002\SOFTWARE\Microsoft\Win
dows\CurrentVersion\Run\Eftion> wurde erfolgreich repariert.
16.02.2015 05:36 [System-Scanner] Malware gefunden
Die Datei 'C:\ProgramData\Microsoft\Secure\Icons\temp\tmp9450.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Boaxxe.A.284' [trojan].
Durchgeführte Aktion(en):
Eine Sicherungskopie wurde unter dem Namen 1b5ba32c.qua erstellt ( QUARANTÄNE ).
Die Datei wurde gelöscht.
16.02.2015 05:36 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Matze\AppData\Local\Eftion\tmpDD5D.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Dropper.VB.19003' [trojan].
Durchgeführte Aktion(en):
Eine Sicherungskopie wurde unter dem Namen 5193d663.qua erstellt ( QUARANTÄNE ).
Die Datei wurde gelöscht.
17.02.2015 05:14 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Matze\AppData\Local\Eftion\tmp9486.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Agent.272664' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50bd55a8.qua'
verschoben!
Der Registrierungseintrag
<HKEY_USERS\S-1-5-21-1635521525-480761495-2417052547-1002\SOFTWARE\Microsoft\Win
dows\CurrentVersion\Run\Eftion> wurde erfolgreich repariert.
14.02.2015 22:12 [System-Scanner] Malware gefunden
Die Datei 'C:\ProgramData\Microsoft\Secure\Icons\temp\tmp8C0E.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen7' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50f929ac.qua'
verschoben!
14.02.2015 22:09 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\Microsoft\Secure\Icons\temp\tmp8C0E.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen7' [trojan]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
17.02.2015 04:55 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\Microsoft\Secure\Icons\temp\tmp9486.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.272664' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
16.02.2015 22:24 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\Microsoft\Secure\Icons\temp\tmp8EB5.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
16.02.2015 22:24 [System-Scanner] Malware gefunden
Die Datei 'C:\ProgramData\Microsoft\Secure\Icons\temp\tmp8EB5.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5011f5c2.qua'
verschoben!
17.02.2015 04:33 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\Microsoft\Secure\Icons\temp\tmp9486.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.272664' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
20.02.2015 02:06 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\Microsoft\Secure\Icons\temp\tmp76AC.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.101964' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
21.02.2015 02:11 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\Microsoft\Secure\Icons\temp\tmp2ACE.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.EPACK.21717' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
21.02.2015 02:12 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Matze\AppData\Local\Eftion\tmpD946.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Boaxxe.A.407' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50f34d98.qua'
verschoben!
Der Registrierungseintrag
<HKEY_USERS\S-1-5-21-1635521525-480761495-2417052547-1002\SOFTWARE\Microsoft\Win
dows\CurrentVersion\Run\Eftion> wurde erfolgreich repariert.
21.02.2015 02:11 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\Microsoft\Secure\Icons\temp\tmp2ACE.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.EPACK.21717' [trojan]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
20.02.2015 02:19 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Matze\AppData\Local\Eftion\tmp76AC.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.101964' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
20.02.2015 02:21 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Matze\AppData\Local\Eftion\tmp76AC.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.101964'
[trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50a91cea.qua'
verschoben!
Der Registrierungseintrag
<HKEY_USERS\S-1-5-21-1635521525-480761495-2417052547-1002\SOFTWARE\Microsoft\Win
dows\CurrentVersion\Run\Eftion> wurde erfolgreich repariert.
20.02.2015 02:15 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Matze\Downloads\Super Screen Capture\Super Screen
Capture.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Agent.12582912.5' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '535e25f2.qua'
verschoben!
20.02.2015 02:15 [System-Scanner] Malware gefunden
Die Datei 'C:\ProgramData\Microsoft\Secure\Icons\temp\tmp76AC.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.101964'
[trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4bc90a4d.qua'
verschoben!
21.02.2015 02:13 [System-Scanner] Malware gefunden
Die Datei 'C:\ProgramData\Microsoft\Secure\Icons\temp\tmp2ACE.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.EPACK.21717'
[trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '7c0c72c8.qua'
verschoben!
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by Matze (administrator) on MRPINK on 21-02-2015 03:27:32
Running from C:\Users\Matze\Downloads
Loaded Profiles: UpdatusUser & Matze (Available profiles: UpdatusUser & Matze)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Users\Matze\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(nerds.de) C:\Program Files (x86)\nerds.de\LoopBe1\loopBeMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\ARA.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778352 2013-08-28] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Ocs_SM] => C:\Users\Matze\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2014-10-11] (OCS)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKU\S-1-5-21-1635521525-480761495-2417052547-1002\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
HKU\S-1-5-21-1635521525-480761495-2417052547-1002\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-1635521525-480761495-2417052547-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1635521525-480761495-2417052547-1002\...\Run: [IQFsoft] => regsvr32.exe C:\Users\Matze\AppData\Local\IQFsoft\loader_u.dll <===== ATTENTION
HKU\S-1-5-21-1635521525-480761495-2417052547-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-22] (SUPERAntiSpyware)
HKU\S-1-5-18\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [8519984 2015-01-30] (Avira Operations GmbH & Co. KG)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-08-30] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-08-30] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LoopBe1 Monitor.lnk
ShortcutTarget: LoopBe1 Monitor.lnk -> C:\Program Files (x86)\nerds.de\LoopBe1\loopBeMon.exe (nerds.de)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1635521525-480761495-2417052547-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-1635521525-480761495-2417052547-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-1635521525-480761495-2417052547-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://bestwaytosearch.com/?subid=MnSsnOyLrRK2wgdUpd1S9QDQcpF3cx72nd__aBPXt-vWmk9imSRpESqy_MpQ3QxcMLP3mvBiQ9kCJ6g4nNuQjqIL
HKU\S-1-5-21-1635521525-480761495-2417052547-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://bestwaytosearch.com/?subid=MnSsnOyLrRK2wgdUpd1S9QDQcpF3cx72nd__aBPXt-vWmk9imSRpESqy_MpQ3QxcMLP3mvBiQ9kCJ6g4nNuQjqIL
HKU\S-1-5-21-1635521525-480761495-2417052547-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://www.firetab.org/?type=ds3se&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://www.firetab.org/?type=ds3se&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1635521525-480761495-2417052547-1002 -> DefaultScope {D675CC04-44D6-5A92-58B9-C44A7515089C} URL = hxxp://bestwaytosearch.com/?q={searchTerms}&subid=MnSsnOyLrRK2wgdUpd1S9QDQcpF3cx72nd__aBPXt-vWmk9imSRpESqy_MpQ3QxcMLP3mvBiQ9kCJ6g4nNuQjqIL
SearchScopes: HKU\S-1-5-21-1635521525-480761495-2417052547-1002 -> {163F8699-D6CC-4209-A301-2BFF7C752869} URL =
SearchScopes: HKU\S-1-5-21-1635521525-480761495-2417052547-1002 -> {4A162BDE-9BF2-4D63-B59E-1A9284FA51E2} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=3eea11a0-2ba5-4cf9-b91e-ac8b6fa43539&pid=chipde&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-1635521525-480761495-2417052547-1002 -> {515D7A71-BD85-4661-BEA0-B94108ACDE53} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=3eea11a0-2ba5-4cf9-b91e-ac8b6fa43539&pid=chipde&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-1635521525-480761495-2417052547-1002 -> {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://www.firetab.org.anonymize-me.de/?anonymto=687474703A2F2F7777772E666972657461622E6F72672F3F747970653D647333736526703D7B7365617263685465726D737D&st={searchTerms}&clid=3eea11a0-2ba5-4cf9-b91e-ac8b6fa43539&pid=chipde&k=0
SearchScopes: HKU\S-1-5-21-1635521525-480761495-2417052547-1002 -> {897F39F9-9838-472C-B2DD-0E8EF5A22ADD} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=3eea11a0-2ba5-4cf9-b91e-ac8b6fa43539&pid=chipde&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-1635521525-480761495-2417052547-1002 -> {90644D4E-5F15-483C-97FA-4342250FC55C} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=3eea11a0-2ba5-4cf9-b91e-ac8b6fa43539&pid=chipde&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-1635521525-480761495-2417052547-1002 -> {AB85A108-145B-4BE8-BF73-4D8B0F9ADBD2} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=3eea11a0-2ba5-4cf9-b91e-ac8b6fa43539&pid=chipde&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-1635521525-480761495-2417052547-1002 -> {D675CC04-44D6-5A92-58B9-C44A7515089C} URL = hxxp://bestwaytosearch.com/?q={searchTerms}&subid=MnSsnOyLrRK2wgdUpd1S9QDQcpF3cx72nd__aBPXt-vWmk9imSRpESqy_MpQ3QxcMLP3mvBiQ9kCJ6g4nNuQjqIL
SearchScopes: HKU\S-1-5-21-1635521525-480761495-2417052547-1002 -> {DDD5EE6B-603D-41DE-AA31-83D338EA73D9} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=3eea11a0-2ba5-4cf9-b91e-ac8b6fa43539&pid=chipde&mode=bounce&k=0
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: PriceSparrow -> {3F2DC1E7-A56F-49D8-B0CF-DB2300594497} -> C:\Program Files (x86)\PriceSparrow\Internet Explorer\pricesparrow.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\4Wj7aq9l.default
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Windows\system32\C2MP\npdivx32.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\4Wj7aq9l.default\searchplugins\bestwaytosearch.xml
FF Extension: Avira Browser Safety - C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\4Wj7aq9l.default\Extensions\abs@avira.com [2014-11-05]
Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.de/"
CHR Profile: C:\Users\Matze\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Matze\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-02-23]
CHR Extension: (Google Docs) - C:\Users\Matze\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matze\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-16]
CHR Extension: (Avira Browser Safety) - C:\Users\Matze\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-06]
CHR Extension: (AdBlock) - C:\Users\Matze\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-21]
CHR Extension: (Google Wallet) - C:\Users\Matze\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-21]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [kljkanaekoongefljnjbghkgjjocmikm] - C:\Program Files (x86)\PriceSparrow\Chrome\pricesparrow-1.4.9.crx [2013-03-11]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2798336 2014-02-13] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [254016 2014-11-04] (WildTangent)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-03] (Acer Incorporate)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation)
R2 SearchAnonymizer; C:\Users\Matze\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2014-10-11] () [File not signed]
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [977088 2014-03-02] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 AddonsHelper; C:\Users\Matze\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\3356edf7a88e475d88eac25e50bcafe7\AddonsHelper.exe [X]
S4 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-03-07] (Disc Soft Ltd)
S3 ffusb2audio; C:\Windows\system32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 LoopBeMidi1; C:\Windows\system32\drivers\loopbe1.sys [13824 2011-04-09] (nerds.de)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2014-03-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
S3 RDID1104; C:\Windows\system32\Drivers\rdwm1104.sys [198144 2012-10-23] (Roland Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [427736 2013-08-09] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 ysusb64; C:\Windows\system32\drivers\ysusb64.sys [132160 2014-08-19] (Yamaha Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-21 02:52 - 2015-02-21 02:53 - 00047189 _____ () C:\Users\Matze\Downloads\Addition.txt
2015-02-21 02:51 - 2015-02-21 03:27 - 00026502 _____ () C:\Users\Matze\Downloads\FRST.txt
2015-02-21 02:51 - 2015-02-21 03:27 - 00000000 ____D () C:\FRST
2015-02-21 02:51 - 2015-02-21 02:51 - 02086912 _____ (Farbar) C:\Users\Matze\Downloads\FRST64.exe
2015-02-21 02:49 - 2015-02-21 02:49 - 00000542 _____ () C:\Users\Matze\Downloads\defogger_disable.log
2015-02-21 02:49 - 2015-02-21 02:49 - 00000168 _____ () C:\Users\Matze\defogger_reenable
2015-02-21 02:48 - 2015-02-21 02:48 - 00050477 _____ () C:\Users\Matze\Downloads\Defogger.exe
2015-02-21 02:44 - 2015-02-21 02:44 - 00024638 _____ () C:\Users\Matze\Documents\Ereignisse.txt
2015-02-20 18:26 - 2015-02-20 18:26 - 00000000 ____D () C:\Windows\LastGood
2015-02-19 10:24 - 2015-02-19 10:24 - 00000000 ____D () C:\Users\Matze\Downloads\Blockhead
2015-02-19 09:49 - 2015-02-19 09:49 - 00000000 ____D () C:\Users\Matze\Downloads\Blockhead - The Music Scene
2015-02-19 09:22 - 2015-02-19 09:28 - 00000000 ____D () C:\Users\Matze\Downloads\Daft Punk - Discovery
2015-02-14 22:21 - 2015-02-21 02:00 - 00000524 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 5bbf76c7-a9e6-401d-b1d4-a8915562d9ec.job
2015-02-14 22:21 - 2015-02-20 22:21 - 00000524 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 30e8a3b2-67b1-4509-ad2c-9f6805d5d754.job
2015-02-14 22:21 - 2015-02-14 22:21 - 00003574 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 5bbf76c7-a9e6-401d-b1d4-a8915562d9ec
2015-02-14 22:21 - 2015-02-14 22:21 - 00003492 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 30e8a3b2-67b1-4509-ad2c-9f6805d5d754
2015-02-14 22:15 - 2015-02-20 22:21 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-14 22:15 - 2015-02-14 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-02-14 22:15 - 2015-02-14 22:15 - 00000000 ____D () C:\Users\Matze\AppData\Roaming\SUPERAntiSpyware.com
2015-02-14 22:15 - 2015-02-14 22:15 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-02-14 22:12 - 2015-02-14 22:12 - 21318368 _____ (SUPERAntiSpyware) C:\Users\Matze\Downloads\SUPERAntiSpyware.exe
2015-02-14 21:22 - 2015-02-14 21:22 - 00000000 ____D () C:\Users\Matze\AppData\Local\IQFsoft
2015-02-12 21:33 - 2015-02-12 21:40 - 00000000 ____D () C:\Users\Matze\Downloads\Camtasia Studio 8.2.1 Build 1423+Key-T.F.K
2015-02-12 21:16 - 2015-02-12 21:16 - 00000000 ____D () C:\Users\Matze\Downloads\ZD Soft Screen Recorder 6.6 Final Incl. Keys [ATOM]
2015-02-12 21:09 - 2015-02-21 02:12 - 00000000 ____D () C:\Users\Matze\AppData\Local\Eftion
2015-02-12 21:09 - 2015-02-12 21:09 - 00000000 __SHD () C:\Users\Matze\AppData\Local\EmieBrowserModeList
2015-02-12 20:54 - 2015-02-12 20:54 - 00000000 ____D () C:\Users\Matze\AppData\Local\DVDVideoSoft_Ltd
2015-02-12 20:50 - 2015-02-12 20:50 - 00000000 ____D () C:\Users\Matze\AppData\Roaming\DivX
2015-02-12 20:48 - 2015-02-12 20:48 - 03529880 _____ (DVDVideoSoft Ltd. ) C:\Users\Matze\Downloads\FreeScreenVideoRecorder.exe
2015-02-12 20:38 - 2015-02-12 20:38 - 03529352 _____ (DVDVideoSoft Ltd. ) C:\Users\Matze\Downloads\FreeVideoCallRecorder.exe
2015-02-12 17:53 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 17:53 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 17:37 - 2015-02-11 17:44 - 00000000 ____D () C:\Users\Matze\Downloads\Peter Doherty - 2009 - Grace Wastelands
2015-02-11 01:40 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 01:40 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 01:40 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-11 01:40 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-11 01:40 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 01:40 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 01:40 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 01:40 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-11 01:40 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-11 01:40 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 01:40 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 01:40 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 01:40 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 01:40 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 01:40 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 01:40 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 01:40 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 01:40 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-11 01:40 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-11 01:40 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-11 01:40 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 01:40 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-11 01:40 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-11 01:40 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-11 01:40 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-11 01:40 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-11 01:39 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-11 01:39 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 01:39 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 01:39 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 01:39 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 01:39 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 01:39 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 01:39 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 01:39 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 01:39 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 01:39 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 01:39 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 01:39 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-11 01:39 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 01:39 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-11 01:39 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 01:39 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 01:39 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 01:39 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 01:39 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 01:39 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 01:39 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-11 01:39 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-11 01:39 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-11 01:39 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 01:39 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-11 01:39 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 01:39 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 01:39 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 01:39 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 01:39 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 01:39 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 01:39 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 01:39 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 01:39 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 01:39 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 01:39 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 01:39 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 01:39 - 2014-12-09 00:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-10 23:42 - 2015-02-11 22:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-10 23:42 - 2015-02-10 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-02-10 16:46 - 2015-02-10 16:46 - 00026974 _____ () C:\Users\Matze\Downloads\Libertines - Last Post On The Bugle (Pro) (1).gp4
2015-02-09 17:00 - 2015-02-09 17:00 - 00308709 _____ () C:\Users\Matze\Downloads\mp3DC220.exe
2015-02-09 16:56 - 2015-02-09 17:46 - 00000000 ____D () C:\Users\Matze\Downloads\Babyshambles - Sequel To The Prequel (Deluxe Edition) 2013 [320 Kbps]
2015-02-09 16:56 - 2015-02-09 16:56 - 00000945 _____ () C:\Users\Matze\Downloads\Babyshambles - Sequel to the prequel (2013).cue
2015-02-03 12:36 - 2015-02-03 12:36 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-03 12:36 - 2015-02-03 12:36 - 00000000 ____D () C:\ProgramData\Licenses
2015-02-03 12:29 - 2015-02-13 00:05 - 00000000 ____D () C:\Program Files (x86)\Setup Wizard
2015-02-03 12:29 - 2015-02-03 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Setup Wizard
2015-02-03 12:29 - 2007-06-04 15:10 - 00132880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSINET.OCX
2015-02-03 12:29 - 1999-05-06 23:00 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Comdlg32.ocx
2015-01-23 13:42 - 2015-01-27 09:25 - 00001456 _____ () C:\Users\Matze\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-01-23 13:39 - 2015-01-23 13:39 - 00000132 _____ () C:\Users\Matze\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-21 03:08 - 2013-11-05 15:50 - 01893445 _____ () C:\Windows\WindowsUpdate.log
2015-02-21 03:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-21 02:56 - 2014-02-22 19:58 - 00000000 ____D () C:\Users\Matze\AppData\Local\CrashDumps
2015-02-21 02:54 - 2014-02-21 23:02 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-21 02:49 - 2014-02-21 22:35 - 00000000 ____D () C:\Users\Matze
2015-02-21 02:00 - 2014-07-29 20:56 - 00000000 ____D () C:\Users\Matze\AppData\Local\Adobe
2015-02-20 22:47 - 2014-02-21 22:47 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1635521525-480761495-2417052547-1002
2015-02-20 20:54 - 2014-02-21 23:02 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-20 18:30 - 2013-08-22 15:46 - 00034910 _____ () C:\Windows\setupact.log
2015-02-20 18:28 - 2013-11-06 00:35 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2015-02-20 18:28 - 2013-11-06 00:35 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2015-02-20 18:28 - 2013-09-05 13:31 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-20 18:26 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-20 17:17 - 2014-12-29 05:55 - 00000016 _____ () C:\Users\Matze\AppData\Roaming\msregsvv.dll
2015-02-20 17:17 - 2014-12-29 05:55 - 00000016 _____ () C:\ProgramData\autobk.inc
2015-02-20 07:24 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-20 02:17 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-20 01:17 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-19 10:59 - 2014-08-04 09:38 - 00000000 ___RD () C:\Users\Matze\Dropbox
2015-02-19 10:58 - 2014-08-04 09:37 - 00000000 ____D () C:\Users\Matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-19 10:58 - 2014-08-04 09:35 - 00000000 ____D () C:\Users\Matze\AppData\Roaming\Dropbox
2015-02-19 10:57 - 2014-02-26 01:05 - 00000000 ____D () C:\Users\Matze\AppData\Local\Deployment
2015-02-19 10:26 - 2014-02-25 15:37 - 00000000 ____D () C:\Users\Matze\AppData\Roaming\uTorrent
2015-02-18 00:55 - 2014-03-07 00:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-18 00:54 - 2014-02-25 19:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-16 06:24 - 2014-12-04 10:10 - 00000000 ____D () C:\Program Files (x86)\iExplorer
2015-02-14 22:54 - 2014-11-29 16:01 - 00000000 ____D () C:\Users\Matze\AppData\Local\AviraSpeedup
2015-02-14 22:54 - 2014-11-25 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2015-02-14 22:52 - 2014-11-25 10:41 - 00003320 _____ () C:\Windows\System32\Tasks\AviraSpeedup
2015-02-14 22:48 - 2013-09-05 13:28 - 00197812 _____ () C:\Windows\PFRO.log
2015-02-13 09:22 - 2014-06-16 15:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-12 23:55 - 2014-02-26 15:01 - 00000000 ____D () C:\Users\Matze\AppData\Roaming\Skype
2015-02-12 21:07 - 2014-04-17 03:13 - 00004548 _____ () C:\Users\Matze\AppData\Roaming\CamStudio.cfg
2015-02-12 21:07 - 2014-04-17 03:13 - 00000408 _____ () C:\Users\Matze\AppData\Roaming\CamShapes.ini
2015-02-12 21:07 - 2014-04-17 03:13 - 00000408 _____ () C:\Users\Matze\AppData\Roaming\CamLayout.ini
2015-02-12 21:07 - 2014-04-17 03:13 - 00000096 _____ () C:\Users\Matze\AppData\Roaming\Camdata.ini
2015-02-12 20:57 - 2014-06-16 15:58 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-02-12 20:57 - 2014-06-16 15:57 - 00000000 ____D () C:\Users\Matze\AppData\Roaming\DVDVideoSoft
2015-02-12 19:07 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-12 12:30 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-02-12 02:18 - 2014-04-07 23:07 - 00000000 ____D () C:\Program Files\CamStudio 2.7
2015-02-11 23:38 - 2014-04-17 00:00 - 00000096 _____ () C:\Users\Matze\AppData\Roaming\version2.xml
2015-02-11 23:32 - 2013-08-22 15:44 - 05239448 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 22:53 - 2014-02-26 15:01 - 00000000 ____D () C:\ProgramData\Skype
2015-02-11 17:39 - 2014-07-09 18:57 - 00000000 ____D () C:\Users\Matze\Documents\My CamStudio Temp Files
2015-02-11 01:56 - 2014-02-22 14:54 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 01:52 - 2014-02-22 14:54 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 01:51 - 2013-08-22 14:25 - 00000199 _____ () C:\Windows\win.ini
2015-02-09 18:13 - 2014-11-07 10:05 - 00000000 ____D () C:\Users\Matze\Documents\John Stuart Mill
2015-02-06 21:23 - 2014-11-05 13:50 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-06 21:23 - 2014-11-05 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-06 21:23 - 2014-11-05 13:50 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-06 20:49 - 2014-02-21 23:02 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 20:49 - 2014-02-21 23:02 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 20:31 - 2014-09-17 18:35 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-09-17 18:35 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 09:13 - 2014-10-12 16:29 - 00000000 ____D () C:\Users\Matze\AppData\Roaming\vlc
==================== Files in the root of some directories =======
2014-04-08 22:17 - 2014-03-04 07:37 - 0000226 _____ () C:\Program Files\update-southpark.bat
2015-01-23 13:39 - 2015-01-23 13:39 - 0000132 _____ () C:\Users\Matze\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2014-04-17 03:13 - 2015-02-12 21:07 - 0000096 _____ () C:\Users\Matze\AppData\Roaming\Camdata.ini
2014-04-17 03:13 - 2015-02-12 21:07 - 0000408 _____ () C:\Users\Matze\AppData\Roaming\CamLayout.ini
2014-04-17 03:13 - 2015-02-12 21:07 - 0000408 _____ () C:\Users\Matze\AppData\Roaming\CamShapes.ini
2014-04-17 03:13 - 2015-02-12 21:07 - 0004548 _____ () C:\Users\Matze\AppData\Roaming\CamStudio.cfg
2014-12-24 02:47 - 2014-12-24 02:47 - 0000200 _____ () C:\Users\Matze\AppData\Roaming\MRPINK.MTBF.txt
2014-12-29 05:55 - 2015-02-20 17:17 - 0000016 _____ () C:\Users\Matze\AppData\Roaming\msregsvv.dll
2014-04-17 00:00 - 2015-02-11 23:38 - 0000096 _____ () C:\Users\Matze\AppData\Roaming\version2.xml
2014-12-24 02:47 - 2014-12-24 20:24 - 0000602 _____ () C:\Users\Matze\AppData\Roaming\__AvidCloudManager.log
2014-12-24 02:47 - 2014-12-24 02:47 - 0000549 _____ () C:\Users\Matze\AppData\Roaming\__AvidCloudManagerPrevious.log
2014-05-28 19:35 - 2014-05-28 19:35 - 0000037 ___SH () C:\Users\Matze\AppData\Local\20986331705021ca58edc424.96250074
2015-01-23 13:42 - 2015-01-27 09:25 - 0001456 _____ () C:\Users\Matze\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-12-17 09:09 - 2014-12-24 02:47 - 0004608 _____ () C:\Users\Matze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-19 01:13 - 2015-01-19 01:13 - 0019408 _____ () C:\Users\Matze\AppData\Local\Temp99.PNG
2014-12-29 05:55 - 2015-02-20 17:17 - 0000016 _____ () C:\ProgramData\autobk.inc
2013-11-05 16:23 - 2013-11-05 16:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
C:\Users\Matze\AppData\Local\Temp\avgnt.exe
C:\Users\Matze\AppData\Local\Temp\AviraSetup207281.exe
C:\Users\Matze\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnfgcup.dll
C:\Users\Matze\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmps2myw6.dll
C:\Users\Matze\AppData\Local\Temp\DSETUP.dll
C:\Users\Matze\AppData\Local\Temp\dsetup32.dll
C:\Users\Matze\AppData\Local\Temp\DXSETUP.exe
C:\Users\Matze\AppData\Local\Temp\FreeScreenVideoRecorder.exe
C:\Users\Matze\AppData\Local\Temp\FreeVideoCallRecorder.exe
C:\Users\Matze\AppData\Local\Temp\mp3el2.exe
C:\Users\Matze\AppData\Local\Temp\ose00000.exe
C:\Users\Matze\AppData\Local\Temp\ose00001.exe
C:\Users\Matze\AppData\Local\Temp\ose00002.exe
C:\Users\Matze\AppData\Local\Temp\ose00003.exe
C:\Users\Matze\AppData\Local\Temp\PidGenX.dll
C:\Users\Matze\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Matze\AppData\Local\Temp\upnp.exe
C:\Users\Matze\AppData\Local\Temp\uttD0FE.tmp.exe
C:\Users\Matze\AppData\Local\Temp\uttE249.tmp.exe
C:\Users\Matze\AppData\Local\Temp\vpsetup.exe
C:\Users\Matze\AppData\Local\Temp\x264enc5.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-20 16:00
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2015 01
Ran by Matze at 2015-02-21 02:52:37
Running from C:\Users\Matze\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1635521525-480761495-2417052547-1002\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Acer Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.03.3000 - Acer Incorporated)
Acer Docs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 2.04.2005 - Acer)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated)
Acer Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.04.3002.6 - Acer Incorporated)
Acer Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.04.3003.1 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.04.3004 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8100 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8100 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.3001 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC (HKLM-x32\...\{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}) (Version: 7.0.0 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)
Album Art Downloader XUI 1.01 (HKLM-x32\...\Album Art Downloader XUI) (Version: 1.01 - hxxp://sourceforge.net/projects/album-art)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AmpliTube 3 version 3.14.0 (HKLM\...\{DA5202AC-12BF-4330-B8EA-BC77F991FA1C}_is1) (Version: 3.14.0 - IK Multimedia)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Avira System Speedup 1.6 (HKLM-x32\...\Avira System Speedup_is1) (Version: 1.6 - 2000 - 2015 Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Custom Shop version 1.5.0 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.5.0 - IK Multimedia)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Dazzle Video Capture DVC100 X64 Driver 1.06 (HKLM-x32\...\{BFF23267-1D19-444E-93E2-E5059BE805EA}) (Version: 1.06.0000 - Pinnacle)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-1635521525-480761495-2417052547-1002\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Drum Machine 1.33 BETA (HKLM-x32\...\Drum Machine) (Version: 1.33 BETA - Andrew Rudson)
EaseUS MobiSaver 3.1 (HKLM-x32\...\EaseUS MobiSaver 3.1_is1) (Version: - EaseUS)
Focusrite USB 2.0 Audio Driver 2.5.1 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5.1 - Focusrite Audio Engineering Limited.)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free Audio Converter version 5.0.46.820 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.46.820 - DVDVideoSoft Ltd.)
Free AVI Video Converter version 5.0.54.1215 (HKLM-x32\...\Free AVI Video Converter_is1) (Version: 5.0.54.1215 - DVDVideoSoft Ltd.)
Free MP3 Cutter and Editor 2.6 (HKLM-x32\...\Free MP3 Cutter and Editor_is1) (Version: - musetips.com)
Free Screen Video Recorder version 2.5.40.128 (HKLM-x32\...\Free Screen Video Recorder_is1) (Version: 2.5.40.128 - DVDVideoSoft Ltd.)
Free WMA to MP3 Converter 1.16 (HKLM-x32\...\Free WMA to MP3 Converter_is1) (Version: - Jodix Technologies Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version: - Arobas Music)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
iFunbox (v2.7.2386.747), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.7.2386.747 - )
IK Multimedia Authorization Manager version 1.0.10 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.10 - IK Multimedia)
Installation Wizard (HKLM-x32\...\Installation Wizard_is1) (Version: - Installation Wizard)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3277 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
iPhone Folders (HKLM-x32\...\{53DA6CFE-7CDE-4F72-9E23-39AAC686DE17}) (Version: 1.0.32 - Redart)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
KMSpico v9.2.3 (HKLM\...\KMSpico_is1) (Version: 9.2.3 - )
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
Letasoft Sound Booster Version 1.2 (HKLM-x32\...\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1) (Version: 1.2 - Letasoft LLC)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
LoopBe1 - Internal MIDI Port (HKLM-x32\...\LoopBe1) (Version: - )
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
ME-25 Librarian (HKLM-x32\...\InstallShield_{06C89319-FE17-435D-BF51-66F5C15E6CDA}) (Version: 1.00.1000 - BOSS Corporation)
ME-25 Librarian (x32 Version: 1.00.1000 - BOSS Corporation) Hidden
Microsoft Office Language Pack 2013 - German/Deutsch (HKLM\...\Office15.OMUI.de-de) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NCH Debut Video Capture Software Pro v1.74 (HKLM-x32\...\NCH Debut Video Capture Software Pro v1.741.74) (Version: 1.74 - Friends in War)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.1.0 - Vitalwerks Internet Solutions LLC)
Norton Online Backup (HKLM-x32\...\{E625FCA0-E43E-4D3B-92FF-4851308A0366}) (Version: 2.8.0.44 - Symantec Corporation)
Norton Online Backup (x32 Version: 4.5.0.9 - Symantec Corporation) Hidden
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pokki (HKU\S-1-5-21-1635521525-480761495-2417052547-1002\...\Pokki) (Version: 0.265.14.261 - Pokki)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
PriceSparrow (HKLM-x32\...\{3F2DC1E7-A56F-49D8-B0CF-DB2300594497}) (Version: 1.4.9 - Ciuvo GmbH) <==== ATTENTION
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21238 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Road Redemption version 0.9.034 (HKLM-x32\...\Road Redemption_is1) (Version: 0.9.034 - GMT-MAX.ORG)
SearchAnonymizer (HKLM\...\SearchAnonymizer) (Version: 1.0.1 (de) - )
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0100-0407-1000-0000000FF1CE}_Office15.OMUI.de-de_{4A8F14BC-FE6D-4FC8-AA48-14D574A71843}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 9.2.0.11 - WildTangent, Inc.)
Spielkanäle (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 9.2.0.11 - WildTangent, Inc.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
Steinberg Cubase 5 (HKLM-x32\...\{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}) (Version: 5.1.0 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 1.0.0.1 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Additional Content Set 01 (HKLM-x32\...\{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}) (Version: 1.0.0.001 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Expression Set (HKLM-x32\...\{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}) (Version: 1.0.1.0 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Drum Set (HKLM-x32\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Set (HKLM-x32\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Pro Set (HKLM-x32\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Drum Set (HKLM-x32\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Set (HKLM-x32\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content (HKLM-x32\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 1.0.0.005 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 1.0.0.006 - Steinberg Media Technologies GmbH)
SUPER © v2014.build.60+Recorder (2014/02/18) Version v2014.buil (HKLM-x32\...\{8E2A18E2-96AF-8549-4DE7-5C06B75719A4}_is1) (Version: v2014.build.60+Recorder - eRightSoft)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.13 - Synaptics Incorporated)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.81 - NCH Software)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Winrar Activator Version 1.2 (HKLM-x32\...\{AE0B3F2A-EB65-4D01-A3E1-6D879C6AAF2A}_is1) (Version: 1.2 - Rarlab)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.3) (Version: 1.3.3 - Xvid Team)
Yamaha Steinberg USB Driver (HKLM-x32\...\InstallShield_{905A4D64-E752-4BC1-9D18-F7747F4C7D87}) (Version: 1.9.0 - Yamaha Corporation)
Yamaha Steinberg USB Driver (Version: 1.9.0 - Yamaha Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1635521525-480761495-2417052547-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Matze\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1635521525-480761495-2417052547-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1635521525-480761495-2417052547-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1635521525-480761495-2417052547-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1635521525-480761495-2417052547-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1635521525-480761495-2417052547-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1635521525-480761495-2417052547-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1635521525-480761495-2417052547-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1635521525-480761495-2417052547-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1635521525-480761495-2417052547-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
17-02-2015 05:16:22 Avira Free Antivirus - 17.02.2015 05:16
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0D487BB0-FCEF-4CF6-8087-4E9FE0C15708} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {388F0AB4-297A-4639-B32E-AD1DA0C331B8} - System32\Tasks\SUPERAntiSpyware Scheduled Task 5bbf76c7-a9e6-401d-b1d4-a8915562d9ec => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {423BAE11-7633-47F7-904E-1698C60B5F04} - System32\Tasks\AdobeAAMUpdater-1.0-MrPink-Matze => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {50D4FFA8-988A-4FE6-AC72-6AA76070FBC0} - System32\Tasks\{BC47D336-059B-43E3-9F41-F00EC17F47E4} => pcalua.exe -a "C:\Users\Matze\Downloads\Adobe Photoshop 7.0+Serial Keys [TeryongNoypi]\Adobe Photoshop 7.0\Setup.exe" -d "C:\Users\Matze\Downloads\Adobe Photoshop 7.0+Serial Keys [TeryongNoypi]\Adobe Photoshop 7.0"
Task: {51E2FB13-688E-4958-8213-9A4207A4162C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-02-11] (Microsoft Corporation)
Task: {54A606C1-031E-45CF-A187-41701A1368C4} - System32\Tasks\SUPERAntiSpyware Scheduled Task 30e8a3b2-67b1-4509-ad2c-9f6805d5d754 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {560CBED9-5DD7-4769-9ED9-BA9AE47B129B} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {6BD96AD8-DEE7-49E8-9FED-468E4E7AC44C} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-07-05] (Acer Incorporated)
Task: {6FB22A88-B76F-48BA-B9EE-C4FF474749D3} - System32\Tasks\pricesparrowSWU => Cscript.exe "C:\Program Files (x86)\PriceSparrow\Internet Explorer\swu.vbs"
Task: {713BA481-6D23-438D-B12A-49AD0FECBAF4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {7B2064A9-56D8-4A2D-A6CB-CE0B44628459} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-21] (Google Inc.)
Task: {85DE04FD-4AE7-47A9-806B-A479809A7653} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9AEA2655-5013-4426-A133-B52F71204056} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {ADC3A92B-E102-4139-8757-C05F0B0AA365} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-07-10] (Acer Incorporated)
Task: {B5211056-64A6-4E6B-9A4B-415E89676BEA} - System32\Tasks\Dolby Selector => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-07-08] (Dolby Laboratories Inc.)
Task: {BDEC1EA8-2BE2-438A-970B-9BFE8F301ABF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-21] (Google Inc.)
Task: {C11A9852-204D-4F0D-AEAB-72238DC75C4F} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [2015-01-30] (Avira Operations GmbH & Co. KG)
Task: {CB187100-A617-44B8-BC0B-5D9198D86BFB} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-08-03] (Acer Incorporate)
Task: {D649EBCC-E171-4692-9E0D-584D8317C889} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.5.0.9\\Ara.exe [2013-08-07] (Symantec Corporation)
Task: {F871D1F9-3D78-4612-BE3A-5C682109BD2F} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\acpanel_win.exe [2014-02-13] (Acer Incorporated)
Task: {F9A9EBAC-5FBF-4E6E-9BB7-09AAF38AFD89} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-03-02] ()
Task: {FC3B97C1-0000-40EA-A9BC-B012F3220936} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 30e8a3b2-67b1-4509-ad2c-9f6805d5d754.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 5bbf76c7-a9e6-401d-b1d4-a8915562d9ec.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
==================== Loaded Modules (whitelisted) ==============
2013-11-05 16:10 - 2013-08-30 04:03 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-10-11 02:51 - 2014-10-11 02:54 - 00040960 _____ () C:\Users\Matze\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
2013-11-05 16:52 - 2013-07-30 18:11 - 00110152 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2015-02-12 21:09 - 2015-02-12 21:09 - 02696704 _____ () C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll
2015-02-12 21:09 - 2015-02-12 21:09 - 02224640 _____ () C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
2013-09-07 01:48 - 2013-09-07 01:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 01:45 - 2013-09-07 01:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 01:52 - 2013-09-07 01:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2013-07-08 18:53 - 2013-07-08 18:53 - 00052096 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-23 13:26 - 2010-03-23 13:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2015-02-14 21:22 - 2015-02-14 21:22 - 00011776 _____ () C:\Users\Matze\AppData\Local\IQFsoft\loader_u.dll
2013-11-05 16:08 - 2013-09-04 00:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-03-11 11:01 - 2013-03-11 11:01 - 00186600 _____ () C:\Program Files (x86)\PriceSparrow\Internet Explorer\pricesparrow.dll
2013-11-05 16:52 - 2013-07-30 18:11 - 00088648 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2015-02-20 01:55 - 2015-02-17 23:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-20 01:55 - 2015-02-17 23:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-20 01:55 - 2015-02-17 23:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
2015-02-20 01:55 - 2015-02-17 23:44 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Matze\Cookies:roePOuIiL0zl2kh8muC3PWD
AlternateDataStreams: C:\Users\Matze\AppData\Local\fNsQUUj5Sk2:eKhTOMc7eYfJnV6yHIksFTZ
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1635521525-480761495-2417052547-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Matze\Pictures\anarchie.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "vpngui.exe.lnk"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-1635521525-480761495-2417052547-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-1635521525-480761495-2417052547-1002\...\StartupApproved\Run: => "Eftion"
HKU\S-1-5-21-1635521525-480761495-2417052547-1002\...\StartupApproved\Run: => "{42EC14D2-4742-864B-8E06-11BF743FF29B}"
HKU\S-1-5-21-1635521525-480761495-2417052547-1002\...\StartupApproved\Run: => "Xvid"
==================== Accounts: =============================
Administrator (S-1-5-21-1635521525-480761495-2417052547-500 - Administrator - Disabled)
Gast (S-1-5-21-1635521525-480761495-2417052547-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1635521525-480761495-2417052547-1004 - Limited - Enabled)
Matze (S-1-5-21-1635521525-480761495-2417052547-1002 - Administrator - Enabled) => C:\Users\Matze
UpdatusUser (S-1-5-21-1635521525-480761495-2417052547-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Bluetooth USB Module
Description: Bluetooth USB Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Realtek PCIe GBE Family Controller #2
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8168
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: StorLib bus (virtual storages support)
Description: StorLib bus (virtual storages support)
Class Guid: {1378e71b-ab4d-4348-af26-cba56b12969e}
Manufacturer: EldoS Corporation
Service: cbfs3
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/20/2015 05:46:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1172
Error: (02/20/2015 05:46:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1172
Error: (02/20/2015 05:46:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/20/2015 03:32:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17416, Zeitstempel: 0x5452eed9
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0d74f
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000e581f
ID des fehlerhaften Prozesses: 0x1a4
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
Error: (02/20/2015 07:28:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17416, Zeitstempel: 0x5452eed9
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0d74f
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000e581f
ID des fehlerhaften Prozesses: 0x10bc
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
Error: (02/20/2015 07:27:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: pokki.exe, Version: 0.265.14.261, Zeitstempel: 0x5202d16d
Name des fehlerhaften Moduls: libPokki.dll, Version: 23.0.1271.64, Zeitstempel: 0x5202d0ad
Ausnahmecode: 0x80000003
Fehleroffset: 0x000629c0
ID des fehlerhaften Prozesses: 0x458
Startzeit der fehlerhaften Anwendung: 0xpokki.exe0
Pfad der fehlerhaften Anwendung: pokki.exe1
Pfad des fehlerhaften Moduls: pokki.exe2
Berichtskennung: pokki.exe3
Vollständiger Name des fehlerhaften Pakets: pokki.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: pokki.exe5
Error: (02/20/2015 02:20:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: pokki.exe, Version: 0.265.14.261, Zeitstempel: 0x5202d16d
Name des fehlerhaften Moduls: libPokki.dll, Version: 23.0.1271.64, Zeitstempel: 0x5202d0ad
Ausnahmecode: 0x80000003
Fehleroffset: 0x000629c0
ID des fehlerhaften Prozesses: 0x1514
Startzeit der fehlerhaften Anwendung: 0xpokki.exe0
Pfad der fehlerhaften Anwendung: pokki.exe1
Pfad des fehlerhaften Moduls: pokki.exe2
Berichtskennung: pokki.exe3
Vollständiger Name des fehlerhaften Pakets: pokki.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: pokki.exe5
Error: (02/20/2015 02:18:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Service_KMS.exe, Version: 13.1.0.0, Zeitstempel: 0x5313ef48
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0x00000000
Fehleroffset: 0x00007ffb919c0399
ID des fehlerhaften Prozesses: 0x7dc
Startzeit der fehlerhaften Anwendung: 0xService_KMS.exe0
Pfad der fehlerhaften Anwendung: Service_KMS.exe1
Pfad des fehlerhaften Moduls: Service_KMS.exe2
Berichtskennung: Service_KMS.exe3
Vollständiger Name des fehlerhaften Pakets: Service_KMS.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Service_KMS.exe5
Error: (02/20/2015 01:17:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rundll32.exe_winethc.dll, Version: 6.3.9600.16384, Zeitstempel: 0x5215f00d
Name des fehlerhaften Moduls: USER32.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0e17a
Ausnahmecode: 0xc0000142
Fehleroffset: 0x00000000000ec4a0
ID des fehlerhaften Prozesses: 0x1964
Startzeit der fehlerhaften Anwendung: 0xrundll32.exe_winethc.dll0
Pfad der fehlerhaften Anwendung: rundll32.exe_winethc.dll1
Pfad des fehlerhaften Moduls: rundll32.exe_winethc.dll2
Berichtskennung: rundll32.exe_winethc.dll3
Vollständiger Name des fehlerhaften Pakets: rundll32.exe_winethc.dll4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: rundll32.exe_winethc.dll5
Error: (02/20/2015 00:36:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17416, Zeitstempel: 0x5452eed9
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17630, Zeitstempel: 0x54b0d74f
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000e581f
ID des fehlerhaften Prozesses: 0x1d14
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
System errors:
=============
Error: (02/20/2015 04:01:42 PM) (Source: DCOM) (EventID: 10010) (User: MrPink)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (02/20/2015 04:01:12 PM) (Source: DCOM) (EventID: 10010) (User: MrPink)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (02/20/2015 03:55:26 PM) (Source: DCOM) (EventID: 10010) (User: MrPink)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (02/20/2015 03:54:56 PM) (Source: DCOM) (EventID: 10010) (User: MrPink)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (02/20/2015 07:25:01 AM) (Source: DCOM) (EventID: 10016) (User: MrPink)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MrPinkMatzeS-1-5-21-1635521525-480761495-2417052547-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/20/2015 07:25:00 AM) (Source: DCOM) (EventID: 10016) (User: MrPink)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}MrPinkMatzeS-1-5-21-1635521525-480761495-2417052547-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (02/20/2015 07:24:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Service KMSELDI" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/20/2015 07:24:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AddonsHelper" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (02/20/2015 07:23:33 AM) (Source: DCOM) (EventID: 10005) (User: MrPink)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (02/20/2015 07:23:19 AM) (Source: DCOM) (EventID: 10005) (User: MrPink)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Microsoft Office Sessions:
=========================
Error: (02/20/2015 05:46:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1172
Error: (02/20/2015 05:46:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1172
Error: (02/20/2015 05:46:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (02/20/2015 03:32:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.174165452eed9ntdll.dll6.3.9600.1763054b0d74fc0000409000e581f1a401d04d1a158c0d91C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\ntdll.dll53573b86-b90d-11e4-8295-e5cd3cf6e6ef
Error: (02/20/2015 07:28:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.174165452eed9ntdll.dll6.3.9600.1763054b0d74fc0000409000e581f10bc01d04cd682508f24C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\ntdll.dllc078b003-b8c9-11e4-8295-e5cd3cf6e6ef
Error: (02/20/2015 07:27:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: pokki.exe0.265.14.2615202d16dlibPokki.dll23.0.1271.645202d0ad80000003000629c045801d04cd6454c53a0C:\Users\Matze\AppData\Local\Pokki\Engine\pokki.exeC:\Users\Matze\AppData\Local\Pokki\Engine\libPokki.dll844a409b-b8c9-11e4-8295-e5cd3cf6e6ef
Error: (02/20/2015 02:20:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: pokki.exe0.265.14.2615202d16dlibPokki.dll23.0.1271.645202d0ad80000003000629c0151401d04cab74a93bd3C:\Users\Matze\AppData\Local\Pokki\Engine\pokki.exeC:\Users\Matze\AppData\Local\Pokki\Engine\libPokki.dllb71f6523-b89e-11e4-8293-089e01f2d12b
Error: (02/20/2015 02:18:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe13.1.0.05313ef48unknown0.0.0.0000000000000000000007ffb919c03997dc01d04cab1afc8d78C:\Program Files\KMSpico\Service_KMS.exeunknown6180bc8b-b89e-11e4-8293-089e01f2d12b
Error: (02/20/2015 01:17:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_winethc.dll6.3.9600.163845215f00dUSER32.dll6.3.9600.1763054b0e17ac000014200000000000ec4a0196401d04ca2a5986ac7C:\Windows\System32\rundll32.exeUSER32.dlle34c8a68-b895-11e4-8292-089e01f2d12b
Error: (02/20/2015 00:36:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.174165452eed9ntdll.dll6.3.9600.1763054b0d74fc0000409000e581f1d1401d04c9ce4ff14e0C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\ntdll.dll22e875c6-b890-11e4-8292-089e01f2d12b
CodeIntegrity Errors:
===================================
Date: 2014-11-02 03:43:44.772
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-29 21:18:59.529
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-24 09:48:05.380
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-21 13:37:59.818
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-18 15:42:56.468
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-09-27 04:14:03.017
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-09-22 13:58:11.541
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-09-16 15:31:17.329
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-08-30 03:32:49.062
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-08-18 09:52:45.425
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 34%
Total physical RAM: 8072.27 MB
Available physical RAM: 5316.57 MB
Total Pagefile: 9352.27 MB
Available Pagefile: 6071.01 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:913.7 GB) (Free:724.23 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1BB47C17)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
21.02.2015, 08:21
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 8.1: Dauernde Trojanerfunde - Crypt.Xpack / Z.pack /.. hi,
__________________Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
21.02.2015, 15:30
| #3 |
| | Windows 8.1: Dauernde Trojanerfunde - Crypt.Xpack / Z.pack /.. Hallo schrauber,
__________________super dass das so schnell funktioniert! Hier noch die weiteren Logs: MBAM: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 21.02.2015 Suchlauf-Zeit: 14:36:15 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.02.21.04 Rootkit Datenbank: v2015.02.20.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Matze Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 388818 Verstrichene Zeit: 23 Min, 33 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 3 Malware.Trace, HKU\S-1-5-21-1635521525-480761495-2417052547-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DC3_FEXEC, Löschen bei Neustart, [69afce53395172c41508c6bd0ef6d927], PUP.Optional.Softonic.A, HKU\S-1-5-21-1635521525-480761495-2417052547-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, Löschen bei Neustart, [0711c160f496fa3ce48bdac609fa7e82], Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Installation Wizard_is1, In Quarantäne, [b46471b0f298f145087390c04ab9e917], Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 2 Stolen.Data, C:\Users\Matze\AppData\Roaming\dclogs, In Quarantäne, [02168998d4b6d75fa516ddd40ff5649c], Trojan.Agent, C:\Program Files (x86)\Setup Wizard, In Quarantäne, [b46471b0f298f145087390c04ab9e917], Dateien: 18 PUP.Optional.OpenCandy, C:\Users\Matze\AppData\Roaming\uTorrent\updates\3.4.0_30596.exe, In Quarantäne, [9a7e8b96ec9e49edf1185ed2fb0a49b7], PUP.Optional.DownloadSponsor, C:\Program Files\OCS\ocs_v71b.exe, In Quarantäne, [11076bb66327a690f60057555baa6799], PUP.Optional.SearchProtect.A, C:\Users\Matze\AppData\Local\Temp\nscDE1F.tmp, In Quarantäne, [9b7db36ec1c967cf014d4d684eb39c64], Trojan.Agent, C:\Users\Matze\AppData\Local\Temp\tmpCD40.tmp, In Quarantäne, [1efab071ef9b30068b39c8426e943cc4], Backdoor.Daromec, C:\Users\Matze\AppData\Local\Temp\upnp.exe, In Quarantäne, [997f7ca5d1b950e6f1a32f24db2ac739], PUP.Optional.SearchProtect.A, C:\Users\Matze\AppData\Local\Temp\uttD0FE.tmp.exe, In Quarantäne, [1503968b048691a5c45808a2976a2bd5], PUP.Optional.OpenCandy, C:\Users\Matze\Downloads\DTLite4481-0347.exe, In Quarantäne, [6fa95dc4e4a67abcd03a0ce47590c040], PUP.Optional.DealioTB.A, C:\Users\Matze\Downloads\avi.codec.pack.pro.v2.4.0.setup.exe, In Quarantäne, [0d0bda47246667cfbb3c77641ee739c7], PUP.Optional.OpenCandy, C:\Users\Matze\Downloads\uTorrent.exe, In Quarantäne, [c3553ee31872979f4bbe8da3cc39748c], PUP.Optional.DownloadSponsor, C:\Users\Matze\Downloads\VLC media player 64 Bit - CHIP-Installer.exe, In Quarantäne, [73a5f52c494172c4032ea57e56ac1de3], PUP.Optional.Softonic.A, C:\Users\Matze\Downloads\SoftonicDownloader_fuer_mp3directcut.exe, In Quarantäne, [71a728f9ed9d83b38507f2567889f709], Stolen.Data, C:\Users\Matze\AppData\Roaming\dclogs\2014-11-25-3.dc, In Quarantäne, [02168998d4b6d75fa516ddd40ff5649c], Stolen.Data, C:\Users\Matze\AppData\Roaming\dclogs\2014-11-26-4.dc, In Quarantäne, [02168998d4b6d75fa516ddd40ff5649c], Stolen.Data, C:\Users\Matze\AppData\Roaming\dclogs\2014-11-29-7.dc, In Quarantäne, [02168998d4b6d75fa516ddd40ff5649c], Trojan.Agent, C:\Program Files (x86)\Setup Wizard\settings.ini, In Quarantäne, [b46471b0f298f145087390c04ab9e917], Trojan.Agent, C:\Program Files (x86)\Setup Wizard\SetupWizard.exe, In Quarantäne, [b46471b0f298f145087390c04ab9e917], Trojan.Agent, C:\Program Files (x86)\Setup Wizard\unins000.dat, In Quarantäne, [b46471b0f298f145087390c04ab9e917], Trojan.Agent, C:\Program Files (x86)\Setup Wizard\unins000.exe, In Quarantäne, [b46471b0f298f145087390c04ab9e917], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.111 - Bericht erstellt 21/02/2015 um 15:11:27
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-02-18.3 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Matze - MRPINK
# Gestarted von : C:\Users\Matze\Downloads\AdwCleaner_4.111.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : AddonsHelper
Dienst Gelöscht : SearchAnonymizer
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\DNSErrorHelper
Ordner Gelöscht : C:\Program Files\OCS
Ordner Gelöscht : C:\Users\Matze\AppData\Roaming\OCS
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9B6B03F1-16CF-4491-BBBB-E872802DD717}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{721061FB-EB79-4568-A03C-3CE26D68DAE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4A162BDE-9BF2-4D63-B59E-1A9284FA51E2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{515D7A71-BD85-4661-BEA0-B94108ACDE53}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{897F39F9-9838-472C-B2DD-0E8EF5A22ADD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{90644D4E-5F15-483C-97FA-4342250FC55C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AB85A108-145B-4BE8-BF73-4D8B0F9ADBD2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DDD5EE6B-603D-41DE-AA31-83D338EA73D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Schlüssel Gelöscht : HKCU\Software\Ciuvo
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Pokki
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EaseUS MobiSaver 3.1_is1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAnonymizer
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v
-\\ Google Chrome v40.0.2214.115
*************************
AdwCleaner[R0].txt - [4037 Bytes] - [21/02/2015 15:09:18]
AdwCleaner[S0].txt - [2717 Bytes] - [21/02/2015 15:11:27]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2776 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by Matze on 21.02.2015 at 15:17:15,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1635521525-480761495-2417052547-1002\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D675CC04-44D6-5A92-58B9-C44A7515089C}
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.02.2015 at 15:19:30,09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by Matze (administrator) on MRPINK on 21-02-2015 15:21:46
Running from C:\Users\Matze\Downloads
Loaded Profiles: UpdatusUser & Matze (Available profiles: UpdatusUser & Matze)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(nerds.de) C:\Program Files (x86)\nerds.de\LoopBe1\loopBeMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778352 2013-08-28] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Ocs_SM] => C:\Users\Matze\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKU\S-1-5-21-1635521525-480761495-2417052547-1002\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-1635521525-480761495-2417052547-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1635521525-480761495-2417052547-1002\...\Run: [IQFsoft] => regsvr32.exe C:\Users\Matze\AppData\Local\IQFsoft\loader_u.dll <===== ATTENTION
HKU\S-1-5-21-1635521525-480761495-2417052547-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-22] (SUPERAntiSpyware)
HKU\S-1-5-18\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [8519984 2015-01-30] (Avira Operations GmbH & Co. KG)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-08-30] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-08-30] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LoopBe1 Monitor.lnk
ShortcutTarget: LoopBe1 Monitor.lnk -> C:\Program Files (x86)\nerds.de\LoopBe1\loopBeMon.exe (nerds.de)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1635521525-480761495-2417052547-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-1635521525-480761495-2417052547-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-1635521525-480761495-2417052547-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1635521525-480761495-2417052547-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1635521525-480761495-2417052547-1002 -> {163F8699-D6CC-4209-A301-2BFF7C752869} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\4Wj7aq9l.default
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Windows\system32\C2MP\npdivx32.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\4Wj7aq9l.default\searchplugins\bestwaytosearch.xml
FF Extension: Avira Browser Safety - C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\4Wj7aq9l.default\Extensions\abs@avira.com [2014-11-05]
Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.de/"
CHR Profile: C:\Users\Matze\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Matze\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-02-23]
CHR Extension: (Google Docs) - C:\Users\Matze\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matze\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-16]
CHR Extension: (Avira Browser Safety) - C:\Users\Matze\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-06]
CHR Extension: (AdBlock) - C:\Users\Matze\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-21]
CHR Extension: (Google Wallet) - C:\Users\Matze\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-21]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2798336 2014-02-13] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [254016 2014-11-04] (WildTangent)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-03] (Acer Incorporate)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [977088 2014-03-02] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S4 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-03-07] (Disc Soft Ltd)
S3 ffusb2audio; C:\Windows\system32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 LoopBeMidi1; C:\Windows\system32\drivers\loopbe1.sys [13824 2011-04-09] (nerds.de)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2014-03-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
S3 RDID1104; C:\Windows\system32\Drivers\rdwm1104.sys [198144 2012-10-23] (Roland Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [427736 2013-08-09] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 ysusb64; C:\Windows\system32\drivers\ysusb64.sys [132160 2014-08-19] (Yamaha Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-21 15:19 - 2015-02-21 15:19 - 00001602 _____ () C:\Users\Matze\Desktop\JRT.txt
2015-02-21 15:16 - 2015-02-21 15:16 - 01388274 _____ (Thisisu) C:\Users\Matze\Downloads\JRT.exe
2015-02-21 15:09 - 2015-02-21 15:11 - 00000000 ____D () C:\AdwCleaner
2015-02-21 15:08 - 2015-02-21 15:08 - 02126848 _____ () C:\Users\Matze\Downloads\AdwCleaner_4.111.exe
2015-02-21 15:01 - 2015-02-21 15:06 - 00004096 _____ () C:\Users\Matze\Desktop\mbam.txt
2015-02-21 14:33 - 2015-02-21 15:05 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-21 14:33 - 2015-02-21 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-02-21 14:33 - 2015-02-21 14:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-21 14:33 - 2015-02-21 14:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-02-21 14:33 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-21 14:33 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-21 14:33 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-21 14:31 - 2015-02-21 14:32 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Matze\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-21 14:27 - 2015-02-21 14:27 - 00001284 _____ () C:\Users\Matze\Desktop\Revo Uninstaller.lnk
2015-02-21 14:27 - 2015-02-21 14:27 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-21 14:26 - 2015-02-21 14:26 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Matze\Downloads\revosetup95.exe
2015-02-21 03:29 - 2015-02-21 03:29 - 00380416 _____ () C:\Users\Matze\Downloads\Gmer-19357.exe
2015-02-21 02:52 - 2015-02-21 02:53 - 00047189 _____ () C:\Users\Matze\Downloads\Addition.txt
2015-02-21 02:51 - 2015-02-21 15:21 - 00021031 _____ () C:\Users\Matze\Downloads\FRST.txt
2015-02-21 02:51 - 2015-02-21 15:21 - 00000000 ____D () C:\FRST
2015-02-21 02:51 - 2015-02-21 02:51 - 02086912 _____ (Farbar) C:\Users\Matze\Downloads\FRST64.exe
2015-02-21 02:49 - 2015-02-21 02:49 - 00000542 _____ () C:\Users\Matze\Downloads\defogger_disable.log
2015-02-21 02:49 - 2015-02-21 02:49 - 00000168 _____ () C:\Users\Matze\defogger_reenable
2015-02-21 02:48 - 2015-02-21 02:48 - 00050477 _____ () C:\Users\Matze\Downloads\Defogger.exe
2015-02-21 02:44 - 2015-02-21 02:44 - 00024638 _____ () C:\Users\Matze\Documents\Ereignisse.txt
2015-02-20 18:26 - 2015-02-20 18:26 - 00000000 ____D () C:\Windows\LastGood.Tmp
2015-02-19 10:24 - 2015-02-19 10:24 - 00000000 ____D () C:\Users\Matze\Downloads\Blockhead
2015-02-19 09:49 - 2015-02-19 09:49 - 00000000 ____D () C:\Users\Matze\Downloads\Blockhead - The Music Scene
2015-02-19 09:22 - 2015-02-19 09:28 - 00000000 ____D () C:\Users\Matze\Downloads\Daft Punk - Discovery
2015-02-14 22:21 - 2015-02-21 14:21 - 00000524 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 30e8a3b2-67b1-4509-ad2c-9f6805d5d754.job
2015-02-14 22:21 - 2015-02-21 02:00 - 00000524 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 5bbf76c7-a9e6-401d-b1d4-a8915562d9ec.job
2015-02-14 22:21 - 2015-02-14 22:21 - 00003574 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 5bbf76c7-a9e6-401d-b1d4-a8915562d9ec
2015-02-14 22:21 - 2015-02-14 22:21 - 00003492 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 30e8a3b2-67b1-4509-ad2c-9f6805d5d754
2015-02-14 22:15 - 2015-02-21 15:13 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-14 22:15 - 2015-02-14 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-02-14 22:15 - 2015-02-14 22:15 - 00000000 ____D () C:\Users\Matze\AppData\Roaming\SUPERAntiSpyware.com
2015-02-14 22:15 - 2015-02-14 22:15 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-02-14 22:12 - 2015-02-14 22:12 - 21318368 _____ (SUPERAntiSpyware) C:\Users\Matze\Downloads\SUPERAntiSpyware.exe
2015-02-14 21:22 - 2015-02-14 21:22 - 00000000 ____D () C:\Users\Matze\AppData\Local\IQFsoft
2015-02-12 21:33 - 2015-02-12 21:40 - 00000000 ____D () C:\Users\Matze\Downloads\Camtasia Studio 8.2.1 Build 1423+Key-T.F.K
2015-02-12 21:16 - 2015-02-12 21:16 - 00000000 ____D () C:\Users\Matze\Downloads\ZD Soft Screen Recorder 6.6 Final Incl. Keys [ATOM]
2015-02-12 21:09 - 2015-02-21 02:12 - 00000000 ____D () C:\Users\Matze\AppData\Local\Eftion
2015-02-12 21:09 - 2015-02-12 21:09 - 00000000 __SHD () C:\Users\Matze\AppData\Local\EmieBrowserModeList
2015-02-12 20:54 - 2015-02-12 20:54 - 00000000 ____D () C:\Users\Matze\AppData\Local\DVDVideoSoft_Ltd
2015-02-12 20:50 - 2015-02-12 20:50 - 00000000 ____D () C:\Users\Matze\AppData\Roaming\DivX
2015-02-12 20:48 - 2015-02-12 20:48 - 03529880 _____ (DVDVideoSoft Ltd. ) C:\Users\Matze\Downloads\FreeScreenVideoRecorder.exe
2015-02-12 20:38 - 2015-02-12 20:38 - 03529352 _____ (DVDVideoSoft Ltd. ) C:\Users\Matze\Downloads\FreeVideoCallRecorder.exe
2015-02-12 17:53 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 17:53 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 17:37 - 2015-02-11 17:44 - 00000000 ____D () C:\Users\Matze\Downloads\Peter Doherty - 2009 - Grace Wastelands
2015-02-11 01:40 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 01:40 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 01:40 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-11 01:40 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-11 01:40 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 01:40 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 01:40 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 01:40 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-11 01:40 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-11 01:40 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 01:40 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 01:40 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 01:40 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 01:40 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 01:40 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 01:40 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 01:40 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 01:40 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-11 01:40 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-11 01:40 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-11 01:40 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 01:40 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-11 01:40 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-11 01:40 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-11 01:40 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-11 01:40 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-11 01:39 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-11 01:39 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 01:39 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 01:39 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 01:39 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 01:39 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 01:39 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 01:39 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 01:39 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 01:39 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 01:39 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 01:39 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 01:39 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-11 01:39 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 01:39 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-11 01:39 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 01:39 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 01:39 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 01:39 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 01:39 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 01:39 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 01:39 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-11 01:39 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-11 01:39 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-11 01:39 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 01:39 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-11 01:39 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 01:39 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 01:39 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 01:39 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 01:39 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 01:39 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 01:39 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 01:39 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 01:39 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 01:39 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 01:39 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 01:39 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 01:39 - 2014-12-09 00:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-10 23:42 - 2015-02-11 22:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-10 23:42 - 2015-02-10 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-02-10 16:46 - 2015-02-10 16:46 - 00026974 _____ () C:\Users\Matze\Downloads\Libertines - Last Post On The Bugle (Pro) (1).gp4
2015-02-09 17:00 - 2015-02-09 17:00 - 00308709 _____ () C:\Users\Matze\Downloads\mp3DC220.exe
2015-02-09 16:56 - 2015-02-09 17:46 - 00000000 ____D () C:\Users\Matze\Downloads\Babyshambles - Sequel To The Prequel (Deluxe Edition) 2013 [320 Kbps]
2015-02-09 16:56 - 2015-02-09 16:56 - 00000945 _____ () C:\Users\Matze\Downloads\Babyshambles - Sequel to the prequel (2013).cue
2015-02-03 12:36 - 2015-02-03 12:36 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-03 12:36 - 2015-02-03 12:36 - 00000000 ____D () C:\ProgramData\Licenses
2015-02-03 12:29 - 2015-02-03 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Setup Wizard
2015-02-03 12:29 - 2007-06-04 15:10 - 00132880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSINET.OCX
2015-02-03 12:29 - 1999-05-06 23:00 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Comdlg32.ocx
2015-01-23 13:42 - 2015-01-27 09:25 - 00001456 _____ () C:\Users\Matze\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-01-23 13:39 - 2015-01-23 13:39 - 00000132 _____ () C:\Users\Matze\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-21 15:14 - 2013-11-05 15:50 - 01201300 _____ () C:\Windows\WindowsUpdate.log
2015-02-21 15:13 - 2014-02-21 23:02 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-21 15:12 - 2013-09-05 13:28 - 00203294 _____ () C:\Windows\PFRO.log
2015-02-21 15:12 - 2013-08-22 15:46 - 00035142 _____ () C:\Windows\setupact.log
2015-02-21 15:12 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-21 15:09 - 2014-02-21 22:47 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1635521525-480761495-2417052547-1002
2015-02-21 15:06 - 2014-02-22 19:58 - 00000000 ____D () C:\Users\Matze\AppData\Local\CrashDumps
2015-02-21 15:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-21 14:54 - 2014-02-21 23:02 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-21 02:49 - 2014-02-21 22:35 - 00000000 ____D () C:\Users\Matze
2015-02-21 02:00 - 2014-07-29 20:56 - 00000000 ____D () C:\Users\Matze\AppData\Local\Adobe
2015-02-20 18:28 - 2013-11-06 00:35 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2015-02-20 18:28 - 2013-11-06 00:35 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2015-02-20 18:28 - 2013-09-05 13:31 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-20 18:26 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-20 17:17 - 2014-12-29 05:55 - 00000016 _____ () C:\Users\Matze\AppData\Roaming\msregsvv.dll
2015-02-20 17:17 - 2014-12-29 05:55 - 00000016 _____ () C:\ProgramData\autobk.inc
2015-02-20 02:17 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-20 01:17 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-19 10:59 - 2014-08-04 09:38 - 00000000 ___RD () C:\Users\Matze\Dropbox
2015-02-19 10:58 - 2014-08-04 09:37 - 00000000 ____D () C:\Users\Matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-19 10:58 - 2014-08-04 09:35 - 00000000 ____D () C:\Users\Matze\AppData\Roaming\Dropbox
2015-02-19 10:57 - 2014-02-26 01:05 - 00000000 ____D () C:\Users\Matze\AppData\Local\Deployment
2015-02-19 10:26 - 2014-02-25 15:37 - 00000000 ____D () C:\Users\Matze\AppData\Roaming\uTorrent
2015-02-18 00:55 - 2014-03-07 00:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-18 00:54 - 2014-02-25 19:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-16 06:24 - 2014-12-04 10:10 - 00000000 ____D () C:\Program Files (x86)\iExplorer
2015-02-14 22:54 - 2014-11-29 16:01 - 00000000 ____D () C:\Users\Matze\AppData\Local\AviraSpeedup
2015-02-14 22:54 - 2014-11-25 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2015-02-14 22:52 - 2014-11-25 10:41 - 00003320 _____ () C:\Windows\System32\Tasks\AviraSpeedup
2015-02-13 09:22 - 2014-06-16 15:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-12 23:55 - 2014-02-26 15:01 - 00000000 ____D () C:\Users\Matze\AppData\Roaming\Skype
2015-02-12 21:07 - 2014-04-17 03:13 - 00004548 _____ () C:\Users\Matze\AppData\Roaming\CamStudio.cfg
2015-02-12 21:07 - 2014-04-17 03:13 - 00000408 _____ () C:\Users\Matze\AppData\Roaming\CamShapes.ini
2015-02-12 21:07 - 2014-04-17 03:13 - 00000408 _____ () C:\Users\Matze\AppData\Roaming\CamLayout.ini
2015-02-12 21:07 - 2014-04-17 03:13 - 00000096 _____ () C:\Users\Matze\AppData\Roaming\Camdata.ini
2015-02-12 20:57 - 2014-06-16 15:58 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-02-12 20:57 - 2014-06-16 15:57 - 00000000 ____D () C:\Users\Matze\AppData\Roaming\DVDVideoSoft
2015-02-12 19:07 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-12 12:30 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-02-12 02:18 - 2014-04-07 23:07 - 00000000 ____D () C:\Program Files\CamStudio 2.7
2015-02-11 23:38 - 2014-04-17 00:00 - 00000096 _____ () C:\Users\Matze\AppData\Roaming\version2.xml
2015-02-11 23:32 - 2013-08-22 15:44 - 05239448 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 22:53 - 2014-02-26 15:01 - 00000000 ____D () C:\ProgramData\Skype
2015-02-11 17:39 - 2014-07-09 18:57 - 00000000 ____D () C:\Users\Matze\Documents\My CamStudio Temp Files
2015-02-11 01:56 - 2014-02-22 14:54 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 01:52 - 2014-02-22 14:54 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 01:51 - 2013-08-22 14:25 - 00000199 _____ () C:\Windows\win.ini
2015-02-09 18:13 - 2014-11-07 10:05 - 00000000 ____D () C:\Users\Matze\Documents\John Stuart Mill
2015-02-06 21:23 - 2014-11-05 13:50 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-06 21:23 - 2014-11-05 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-06 21:23 - 2014-11-05 13:50 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-06 20:49 - 2014-02-21 23:02 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 20:49 - 2014-02-21 23:02 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 20:31 - 2014-09-17 18:35 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-09-17 18:35 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 09:13 - 2014-10-12 16:29 - 00000000 ____D () C:\Users\Matze\AppData\Roaming\vlc
==================== Files in the root of some directories =======
2014-04-08 22:17 - 2014-03-04 07:37 - 0000226 _____ () C:\Program Files\update-southpark.bat
2015-01-23 13:39 - 2015-01-23 13:39 - 0000132 _____ () C:\Users\Matze\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2014-04-17 03:13 - 2015-02-12 21:07 - 0000096 _____ () C:\Users\Matze\AppData\Roaming\Camdata.ini
2014-04-17 03:13 - 2015-02-12 21:07 - 0000408 _____ () C:\Users\Matze\AppData\Roaming\CamLayout.ini
2014-04-17 03:13 - 2015-02-12 21:07 - 0000408 _____ () C:\Users\Matze\AppData\Roaming\CamShapes.ini
2014-04-17 03:13 - 2015-02-12 21:07 - 0004548 _____ () C:\Users\Matze\AppData\Roaming\CamStudio.cfg
2014-12-24 02:47 - 2014-12-24 02:47 - 0000200 _____ () C:\Users\Matze\AppData\Roaming\MRPINK.MTBF.txt
2014-12-29 05:55 - 2015-02-20 17:17 - 0000016 _____ () C:\Users\Matze\AppData\Roaming\msregsvv.dll
2014-04-17 00:00 - 2015-02-11 23:38 - 0000096 _____ () C:\Users\Matze\AppData\Roaming\version2.xml
2014-12-24 02:47 - 2014-12-24 20:24 - 0000602 _____ () C:\Users\Matze\AppData\Roaming\__AvidCloudManager.log
2014-12-24 02:47 - 2014-12-24 02:47 - 0000549 _____ () C:\Users\Matze\AppData\Roaming\__AvidCloudManagerPrevious.log
2014-05-28 19:35 - 2014-05-28 19:35 - 0000037 ___SH () C:\Users\Matze\AppData\Local\20986331705021ca58edc424.96250074
2015-01-23 13:42 - 2015-01-27 09:25 - 0001456 _____ () C:\Users\Matze\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-12-17 09:09 - 2014-12-24 02:47 - 0004608 _____ () C:\Users\Matze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-19 01:13 - 2015-01-19 01:13 - 0019408 _____ () C:\Users\Matze\AppData\Local\Temp99.PNG
2014-12-29 05:55 - 2015-02-20 17:17 - 0000016 _____ () C:\ProgramData\autobk.inc
2013-11-05 16:23 - 2013-11-05 16:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
C:\Users\Matze\AppData\Local\Temp\avgnt.exe
C:\Users\Matze\AppData\Local\Temp\AviraSetup207281.exe
C:\Users\Matze\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnfgcup.dll
C:\Users\Matze\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmps2myw6.dll
C:\Users\Matze\AppData\Local\Temp\DSETUP.dll
C:\Users\Matze\AppData\Local\Temp\dsetup32.dll
C:\Users\Matze\AppData\Local\Temp\DXSETUP.exe
C:\Users\Matze\AppData\Local\Temp\FreeScreenVideoRecorder.exe
C:\Users\Matze\AppData\Local\Temp\FreeVideoCallRecorder.exe
C:\Users\Matze\AppData\Local\Temp\mp3el2.exe
C:\Users\Matze\AppData\Local\Temp\ose00000.exe
C:\Users\Matze\AppData\Local\Temp\ose00001.exe
C:\Users\Matze\AppData\Local\Temp\ose00002.exe
C:\Users\Matze\AppData\Local\Temp\ose00003.exe
C:\Users\Matze\AppData\Local\Temp\PidGenX.dll
C:\Users\Matze\AppData\Local\Temp\Quarantine.exe
C:\Users\Matze\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Matze\AppData\Local\Temp\sqlite3.dll
C:\Users\Matze\AppData\Local\Temp\uttE249.tmp.exe
C:\Users\Matze\AppData\Local\Temp\vpsetup.exe
C:\Users\Matze\AppData\Local\Temp\x264enc5.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-21 14:07
==================== End Of Log ============================
--- --- --- |
|
22.02.2015, 08:29
| #4 |
| /// the machine /// TB-Ausbilder | Windows 8.1: Dauernde Trojanerfunde - Crypt.Xpack / Z.pack /..ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.02.2015, 16:40
| #5 |
| | Windows 8.1: Dauernde Trojanerfunde - Crypt.Xpack / Z.pack /.. Hallo schrauber, hier die entsprechenden Logfiles: ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=18b8da619f8b5f49bb3aa2b1e5dfd470
# engine=22590
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-22 03:19:28
# local_time=2015-02-22 04:19:28 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 99 22688 10549053 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 8579132 14922687 0 0
# scanned=342861
# found=19
# cleaned=18
# scan_time=6985
sh=44487A3161ED07C1635FF55F677453ED8FDF84AD ft=1 fh=c71c00111db6962c vn="Variante von Win64/Sathurbot.A Trojaner" ac=I fn="C:\Users\All Users\Microsoft\Secure\Icons\IconsCacheHelper.dll"
sh=0E2466CFBF2A6BF3CB2E39B5B3340054EC872E56 ft=1 fh=b85d834eb1ab0668 vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\76334be22960e48fc136e160ca1d3cf4\agsetup183se_v3.0.0.67.exe.vir"
sh=B341B70EF66000ADB004FC29B08E047B4BAED163 ft=1 fh=6ef6373658cb81dd vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Portable\NCH Debut Video Capture Software Pro v1.74\debut.exe"
sh=44487A3161ED07C1635FF55F677453ED8FDF84AD ft=1 fh=c71c00111db6962c vn="Variante von Win64/Sathurbot.A Trojaner (Gesäubert durch Löschen (nach dem nächsten Neustart) - in Quarantäne kopiert)" ac=C fn="C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll"
sh=6E3F57A1584964BBC92712B6D4996FCA6A2601CF ft=1 fh=57e6d7b40ec438c2 vn="Variante von Win32/Boaxxe.CS Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Matze\AppData\Local\Eftion\loader_u.dll"
sh=F6A3458B7A6EF7C1A7F549E12DB6BFE7349E9A61 ft=1 fh=83f86846cfc1a0fa vn="Variante von Win32/Boaxxe.CS Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Matze\AppData\Local\Eftion\loader_u.dll.old"
sh=F6A3458B7A6EF7C1A7F549E12DB6BFE7349E9A61 ft=1 fh=83f86846cfc1a0fa vn="Variante von Win32/Boaxxe.CS Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Matze\AppData\Local\Eftion\loader_u.dll.temp"
sh=71C811A62ECCCBA1907CF0C05820F215A9521709 ft=1 fh=5029318f53405db6 vn="Variante von Win32/Boaxxe.CS Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Matze\AppData\Local\IQFsoft\loader_u.dll"
sh=3E49B5E2D8753E308B5B3DA08B849548B2CB5FD7 ft=1 fh=2c513749526156bc vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Matze\AppData\Local\Microsoft\Windows\INetCache\IE\3FRU26HZ\audiograbber_1.83[1].exe"
sh=1ADB4E8893319DCA1777A54BE4F540E41BF54593 ft=1 fh=0b0ee2a76fb65c8f vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Matze\AppData\Local\Microsoft\Windows\INetCache\IE\3FRU26HZ\spstub[1].exe"
sh=BE16E90B414BB068DE614C57CEE7375900EE5312 ft=1 fh=9ae5afe136a6fdbd vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Matze\AppData\Local\Microsoft\Windows\INetCache\IE\TD838VSS\SPSetup[1].exe"
sh=08131ADF7C15E801A902E72ADA9DBA8EF81AD101 ft=1 fh=0e19461b6ef503f8 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Matze\AppData\Local\Temp\DMR\dmr_72.exe"
sh=363D3F26B7FB5BE93FC2DA9DB63969290A895887 ft=1 fh=6336e3eaabfc3c09 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Matze\Downloads\Audiograbber - CHIP-Installer.exe"
sh=19876B0C21073CE7AC4725124851FC36B7EA7301 ft=1 fh=31b372839de59c7b vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Matze\Downloads\cbsidlm-cbsi188-Letasoft_Sound_Booster-ORG-75761429.exe"
sh=598F898334FF08357EBDB8D7417A02C5A3D57671 ft=1 fh=bb1f89586d030f48 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Matze\Downloads\ifunbox27_setup - CHIP-Installer.exe"
sh=A2A621BC4263312E6E9268DE177F0D69D08611DC ft=1 fh=31688d33b9a64798 vn="Win32/InstallMonetizer.AF evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Matze\Downloads\MP3CutterSetup.exe"
sh=228221BD99BE4AEC828A2CF9C60683E6F58BB40B ft=1 fh=5f5d25ac524dc347 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Matze\Downloads\MP3Gain - CHIP-Installer.exe"
sh=E552249A4169EC40B12547CAF402AAAE033E7DA2 ft=1 fh=eb5480360a37406e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Matze\Downloads\Simple Webcam Recorder - CHIP-Installer.exe"
sh=4CE21A1DF27BE6D426C4CBB5FD84D85587142C4E ft=1 fh=ef5be82539473a08 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Matze\Downloads\NCH Debut Video Capture Software Pro v1.74 (1-click run)(registered)\NCH Debut Video Capture Software Pro v1.74 (1-click run)(registered).exe"
Code:
ATTFilter UNSUPPORTED OPERATING SYSTEM! ABORTED!
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by Matze (administrator) on MRPINK on 22-02-2015 16:24:26
Running from C:\Users\Matze\Downloads
Loaded Profiles: UpdatusUser & Matze (Available profiles: UpdatusUser & Matze)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(nerds.de) C:\Program Files (x86)\nerds.de\LoopBe1\loopBeMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778352 2013-08-28] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Ocs_SM] => C:\Users\Matze\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKU\S-1-5-21-1635521525-480761495-2417052547-1002\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-1635521525-480761495-2417052547-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1635521525-480761495-2417052547-1002\...\Run: [IQFsoft] => regsvr32.exe C:\Users\Matze\AppData\Local\IQFsoft\loader_u.dll <===== ATTENTION
HKU\S-1-5-21-1635521525-480761495-2417052547-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-22] (SUPERAntiSpyware)
HKU\S-1-5-18\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [8519984 2015-01-30] (Avira Operations GmbH & Co. KG)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-08-30] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-08-30] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LoopBe1 Monitor.lnk
ShortcutTarget: LoopBe1 Monitor.lnk -> C:\Program Files (x86)\nerds.de\LoopBe1\loopBeMon.exe (nerds.de)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1635521525-480761495-2417052547-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-1635521525-480761495-2417052547-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-1635521525-480761495-2417052547-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1635521525-480761495-2417052547-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1635521525-480761495-2417052547-1002 -> {163F8699-D6CC-4209-A301-2BFF7C752869} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\4Wj7aq9l.default
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Windows\system32\C2MP\npdivx32.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\4Wj7aq9l.default\searchplugins\bestwaytosearch.xml
FF Extension: Avira Browser Safety - C:\Users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\4Wj7aq9l.default\Extensions\abs@avira.com [2014-11-05]
Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.de/"
CHR Profile: C:\Users\Matze\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Matze\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-02-23]
CHR Extension: (Google Docs) - C:\Users\Matze\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matze\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-16]
CHR Extension: (Avira Browser Safety) - C:\Users\Matze\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-06]
CHR Extension: (AdBlock) - C:\Users\Matze\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-21]
CHR Extension: (Google Wallet) - C:\Users\Matze\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-21]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-04] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe [2798336 2014-02-13] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-05] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [254016 2014-11-04] (WildTangent)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-03] (Acer Incorporate)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4278112 2013-08-01] (Symantec Corporation)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [977088 2014-03-02] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S4 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-03-07] (Disc Soft Ltd)
S3 ffusb2audio; C:\Windows\system32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 LoopBeMidi1; C:\Windows\system32\drivers\loopbe1.sys [13824 2011-04-09] (nerds.de)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2014-03-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
S3 RDID1104; C:\Windows\system32\Drivers\rdwm1104.sys [198144 2012-10-23] (Roland Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [427736 2013-08-09] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 ysusb64; C:\Windows\system32\drivers\ysusb64.sys [132160 2014-08-19] (Yamaha Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-22 16:24 - 2015-02-22 16:24 - 00022225 _____ () C:\Users\Matze\Downloads\FRST.txt
2015-02-22 16:23 - 2015-02-22 16:23 - 00000041 _____ () C:\Users\Matze\Desktop\checkup.txt
2015-02-22 16:20 - 2015-02-22 16:20 - 00852594 _____ () C:\Users\Matze\Downloads\SecurityCheck.exe
2015-02-22 14:08 - 2015-02-22 14:08 - 02347384 _____ (ESET) C:\Users\Matze\Downloads\esetsmartinstaller_deu.exe
2015-02-22 14:08 - 2015-02-22 14:08 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-21 15:19 - 2015-02-21 15:19 - 00001602 _____ () C:\Users\Matze\Desktop\JRT.txt
2015-02-21 15:16 - 2015-02-21 15:16 - 01388274 _____ (Thisisu) C:\Users\Matze\Downloads\JRT.exe
2015-02-21 15:09 - 2015-02-21 15:11 - 00000000 ____D () C:\AdwCleaner
2015-02-21 15:08 - 2015-02-21 15:08 - 02126848 _____ () C:\Users\Matze\Downloads\AdwCleaner_4.111.exe
2015-02-21 15:01 - 2015-02-21 15:06 - 00004096 _____ () C:\Users\Matze\Desktop\mbam.txt
2015-02-21 14:33 - 2015-02-21 15:05 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-21 14:33 - 2015-02-21 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-02-21 14:33 - 2015-02-21 14:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-21 14:33 - 2015-02-21 14:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-02-21 14:33 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-21 14:33 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-21 14:33 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-21 14:31 - 2015-02-21 14:32 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Matze\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-21 14:27 - 2015-02-21 14:27 - 00001284 _____ () C:\Users\Matze\Desktop\Revo Uninstaller.lnk
2015-02-21 14:27 - 2015-02-21 14:27 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-21 14:26 - 2015-02-21 14:26 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Matze\Downloads\revosetup95.exe
2015-02-21 03:29 - 2015-02-21 03:29 - 00380416 _____ () C:\Users\Matze\Downloads\Gmer-19357.exe
2015-02-21 02:51 - 2015-02-22 16:24 - 00000000 ____D () C:\FRST
2015-02-21 02:51 - 2015-02-21 02:51 - 02086912 _____ (Farbar) C:\Users\Matze\Downloads\FRST64.exe
2015-02-21 02:49 - 2015-02-21 02:49 - 00000168 _____ () C:\Users\Matze\defogger_reenable
2015-02-21 02:48 - 2015-02-21 02:48 - 00050477 _____ () C:\Users\Matze\Downloads\Defogger.exe
2015-02-21 02:44 - 2015-02-21 02:44 - 00024638 _____ () C:\Users\Matze\Documents\Ereignisse.txt
2015-02-20 18:26 - 2015-02-20 18:26 - 00000000 ____D () C:\Windows\LastGood.Tmp
2015-02-14 22:21 - 2015-02-22 14:21 - 00000524 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 30e8a3b2-67b1-4509-ad2c-9f6805d5d754.job
2015-02-14 22:21 - 2015-02-21 02:00 - 00000524 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 5bbf76c7-a9e6-401d-b1d4-a8915562d9ec.job
2015-02-14 22:21 - 2015-02-14 22:21 - 00003574 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 5bbf76c7-a9e6-401d-b1d4-a8915562d9ec
2015-02-14 22:21 - 2015-02-14 22:21 - 00003492 _____ () C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 30e8a3b2-67b1-4509-ad2c-9f6805d5d754
2015-02-14 22:15 - 2015-02-22 14:24 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-14 22:15 - 2015-02-14 22:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-02-14 22:15 - 2015-02-14 22:15 - 00000000 ____D () C:\Users\Matze\AppData\Roaming\SUPERAntiSpyware.com
2015-02-14 22:15 - 2015-02-14 22:15 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-02-14 22:12 - 2015-02-14 22:12 - 21318368 _____ (SUPERAntiSpyware) C:\Users\Matze\Downloads\SUPERAntiSpyware.exe
2015-02-14 21:22 - 2015-02-22 16:19 - 00000000 ____D () C:\Users\Matze\AppData\Local\IQFsoft
2015-02-12 21:33 - 2015-02-12 21:40 - 00000000 ____D () C:\Users\Matze\Downloads\Camtasia Studio 8.2.1 Build 1423+Key-T.F.K
2015-02-12 21:16 - 2015-02-12 21:16 - 00000000 ____D () C:\Users\Matze\Downloads\ZD Soft Screen Recorder 6.6 Final Incl. Keys [ATOM]
2015-02-12 21:09 - 2015-02-22 16:19 - 00000000 ____D () C:\Users\Matze\AppData\Local\Eftion
2015-02-12 21:09 - 2015-02-12 21:09 - 00000000 __SHD () C:\Users\Matze\AppData\Local\EmieBrowserModeList
2015-02-12 20:54 - 2015-02-12 20:54 - 00000000 ____D () C:\Users\Matze\AppData\Local\DVDVideoSoft_Ltd
2015-02-12 20:50 - 2015-02-12 20:50 - 00000000 ____D () C:\Users\Matze\AppData\Roaming\DivX
2015-02-12 20:48 - 2015-02-12 20:48 - 03529880 _____ (DVDVideoSoft Ltd. ) C:\Users\Matze\Downloads\FreeScreenVideoRecorder.exe
2015-02-12 20:38 - 2015-02-12 20:38 - 03529352 _____ (DVDVideoSoft Ltd. ) C:\Users\Matze\Downloads\FreeVideoCallRecorder.exe
2015-02-12 17:53 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 17:53 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 17:37 - 2015-02-11 17:44 - 00000000 ____D () C:\Users\Matze\Downloads\Peter Doherty - 2009 - Grace Wastelands
2015-02-11 01:40 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 01:40 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 01:40 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-11 01:40 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-11 01:40 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 01:40 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 01:40 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 01:40 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-11 01:40 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-11 01:40 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 01:40 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 01:40 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 01:40 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 01:40 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 01:40 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 01:40 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 01:40 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 01:40 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-11 01:40 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-11 01:40 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-11 01:40 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 01:40 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-11 01:40 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-11 01:40 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-11 01:40 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-11 01:40 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-11 01:39 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-11 01:39 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 01:39 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 01:39 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 01:39 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 01:39 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 01:39 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 01:39 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 01:39 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 01:39 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 01:39 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 01:39 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 01:39 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-11 01:39 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 01:39 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-11 01:39 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 01:39 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 01:39 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 01:39 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 01:39 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 01:39 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 01:39 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-11 01:39 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-11 01:39 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-11 01:39 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 01:39 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-11 01:39 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 01:39 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 01:39 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 01:39 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 01:39 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 01:39 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 01:39 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 01:39 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 01:39 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 01:39 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 01:39 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 01:39 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 01:39 - 2014-12-09 00:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-10 23:42 - 2015-02-11 22:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-10 23:42 - 2015-02-10 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-02-10 16:46 - 2015-02-10 16:46 - 00026974 _____ () C:\Users\Matze\Downloads\Libertines - Last Post On The Bugle (Pro) (1).gp4
2015-02-09 17:00 - 2015-02-09 17:00 - 00308709 _____ () C:\Users\Matze\Downloads\mp3DC220.exe
2015-02-09 16:56 - 2015-02-09 17:46 - 00000000 ____D () C:\Users\Matze\Downloads\Babyshambles - Sequel To The Prequel (Deluxe Edition) 2013 [320 Kbps]
2015-02-09 16:56 - 2015-02-09 16:56 - 00000945 _____ () C:\Users\Matze\Downloads\Babyshambles - Sequel to the prequel (2013).cue
2015-02-03 12:36 - 2015-02-03 12:36 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-03 12:36 - 2015-02-03 12:36 - 00000000 ____D () C:\ProgramData\Licenses
2015-02-03 12:29 - 2015-02-03 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Setup Wizard
2015-02-03 12:29 - 2007-06-04 15:10 - 00132880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSINET.OCX
2015-02-03 12:29 - 1999-05-06 23:00 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Comdlg32.ocx
2015-01-23 13:42 - 2015-01-27 09:25 - 00001456 _____ () C:\Users\Matze\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-01-23 13:39 - 2015-01-23 13:39 - 00000132 _____ () C:\Users\Matze\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-22 16:19 - 2014-12-16 14:11 - 00000000 ____D () C:\Users\Matze\Downloads\NCH Debut Video Capture Software Pro v1.74 (1-click run)(registered)
2015-02-22 16:18 - 2013-11-05 15:50 - 01464955 _____ () C:\Windows\WindowsUpdate.log
2015-02-22 16:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-22 15:54 - 2014-02-21 23:02 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-22 09:15 - 2014-07-29 20:56 - 00000000 ____D () C:\Users\Matze\AppData\Local\Adobe
2015-02-21 16:06 - 2014-02-21 22:47 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1635521525-480761495-2417052547-1002
2015-02-21 15:13 - 2014-02-21 23:02 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-21 15:12 - 2013-09-05 13:28 - 00203294 _____ () C:\Windows\PFRO.log
2015-02-21 15:12 - 2013-08-22 15:46 - 00035142 _____ () C:\Windows\setupact.log
2015-02-21 15:12 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-21 15:06 - 2014-02-22 19:58 - 00000000 ____D () C:\Users\Matze\AppData\Local\CrashDumps
2015-02-21 02:49 - 2014-02-21 22:35 - 00000000 ____D () C:\Users\Matze
2015-02-20 18:28 - 2013-11-06 00:35 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2015-02-20 18:28 - 2013-11-06 00:35 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2015-02-20 18:28 - 2013-09-05 13:31 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-20 18:26 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-20 17:17 - 2014-12-29 05:55 - 00000016 _____ () C:\Users\Matze\AppData\Roaming\msregsvv.dll
2015-02-20 17:17 - 2014-12-29 05:55 - 00000016 _____ () C:\ProgramData\autobk.inc
2015-02-20 02:17 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-20 01:17 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-19 10:59 - 2014-08-04 09:38 - 00000000 ___RD () C:\Users\Matze\Dropbox
2015-02-19 10:58 - 2014-08-04 09:37 - 00000000 ____D () C:\Users\Matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-19 10:58 - 2014-08-04 09:35 - 00000000 ____D () C:\Users\Matze\AppData\Roaming\Dropbox
2015-02-19 10:57 - 2014-02-26 01:05 - 00000000 ____D () C:\Users\Matze\AppData\Local\Deployment
2015-02-19 10:26 - 2014-02-25 15:37 - 00000000 ____D () C:\Users\Matze\AppData\Roaming\uTorrent
2015-02-18 00:55 - 2014-03-07 00:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-18 00:54 - 2014-02-25 19:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-16 06:24 - 2014-12-04 10:10 - 00000000 ____D () C:\Program Files (x86)\iExplorer
2015-02-14 22:54 - 2014-11-29 16:01 - 00000000 ____D () C:\Users\Matze\AppData\Local\AviraSpeedup
2015-02-14 22:54 - 2014-11-25 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2015-02-14 22:52 - 2014-11-25 10:41 - 00003320 _____ () C:\Windows\System32\Tasks\AviraSpeedup
2015-02-13 09:22 - 2014-06-16 15:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-12 23:55 - 2014-02-26 15:01 - 00000000 ____D () C:\Users\Matze\AppData\Roaming\Skype
2015-02-12 21:07 - 2014-04-17 03:13 - 00004548 _____ () C:\Users\Matze\AppData\Roaming\CamStudio.cfg
2015-02-12 21:07 - 2014-04-17 03:13 - 00000408 _____ () C:\Users\Matze\AppData\Roaming\CamShapes.ini
2015-02-12 21:07 - 2014-04-17 03:13 - 00000408 _____ () C:\Users\Matze\AppData\Roaming\CamLayout.ini
2015-02-12 21:07 - 2014-04-17 03:13 - 00000096 _____ () C:\Users\Matze\AppData\Roaming\Camdata.ini
2015-02-12 20:57 - 2014-06-16 15:58 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-02-12 20:57 - 2014-06-16 15:57 - 00000000 ____D () C:\Users\Matze\AppData\Roaming\DVDVideoSoft
2015-02-12 19:07 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-12 12:30 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-02-12 02:18 - 2014-04-07 23:07 - 00000000 ____D () C:\Program Files\CamStudio 2.7
2015-02-11 23:38 - 2014-04-17 00:00 - 00000096 _____ () C:\Users\Matze\AppData\Roaming\version2.xml
2015-02-11 23:32 - 2013-08-22 15:44 - 05239448 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 22:53 - 2014-02-26 15:01 - 00000000 ____D () C:\ProgramData\Skype
2015-02-11 17:39 - 2014-07-09 18:57 - 00000000 ____D () C:\Users\Matze\Documents\My CamStudio Temp Files
2015-02-11 01:56 - 2014-02-22 14:54 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 01:52 - 2014-02-22 14:54 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 01:51 - 2013-08-22 14:25 - 00000199 _____ () C:\Windows\win.ini
2015-02-09 18:13 - 2014-11-07 10:05 - 00000000 ____D () C:\Users\Matze\Documents\John Stuart Mill
2015-02-06 21:23 - 2014-11-05 13:50 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-06 21:23 - 2014-11-05 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-06 21:23 - 2014-11-05 13:50 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-06 20:49 - 2014-02-21 23:02 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 20:49 - 2014-02-21 23:02 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 20:31 - 2014-09-17 18:35 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-09-17 18:35 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 09:13 - 2014-10-12 16:29 - 00000000 ____D () C:\Users\Matze\AppData\Roaming\vlc
==================== Files in the root of some directories =======
2014-04-08 22:17 - 2014-03-04 07:37 - 0000226 _____ () C:\Program Files\update-southpark.bat
2015-01-23 13:39 - 2015-01-23 13:39 - 0000132 _____ () C:\Users\Matze\AppData\Roaming\Adobe IllExport Filter CS6 Prefs
2014-04-17 03:13 - 2015-02-12 21:07 - 0000096 _____ () C:\Users\Matze\AppData\Roaming\Camdata.ini
2014-04-17 03:13 - 2015-02-12 21:07 - 0000408 _____ () C:\Users\Matze\AppData\Roaming\CamLayout.ini
2014-04-17 03:13 - 2015-02-12 21:07 - 0000408 _____ () C:\Users\Matze\AppData\Roaming\CamShapes.ini
2014-04-17 03:13 - 2015-02-12 21:07 - 0004548 _____ () C:\Users\Matze\AppData\Roaming\CamStudio.cfg
2014-12-24 02:47 - 2014-12-24 02:47 - 0000200 _____ () C:\Users\Matze\AppData\Roaming\MRPINK.MTBF.txt
2014-12-29 05:55 - 2015-02-20 17:17 - 0000016 _____ () C:\Users\Matze\AppData\Roaming\msregsvv.dll
2014-04-17 00:00 - 2015-02-11 23:38 - 0000096 _____ () C:\Users\Matze\AppData\Roaming\version2.xml
2014-12-24 02:47 - 2014-12-24 20:24 - 0000602 _____ () C:\Users\Matze\AppData\Roaming\__AvidCloudManager.log
2014-12-24 02:47 - 2014-12-24 02:47 - 0000549 _____ () C:\Users\Matze\AppData\Roaming\__AvidCloudManagerPrevious.log
2014-05-28 19:35 - 2014-05-28 19:35 - 0000037 ___SH () C:\Users\Matze\AppData\Local\20986331705021ca58edc424.96250074
2015-01-23 13:42 - 2015-01-27 09:25 - 0001456 _____ () C:\Users\Matze\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-12-17 09:09 - 2014-12-24 02:47 - 0004608 _____ () C:\Users\Matze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-19 01:13 - 2015-01-19 01:13 - 0019408 _____ () C:\Users\Matze\AppData\Local\Temp99.PNG
2014-12-29 05:55 - 2015-02-20 17:17 - 0000016 _____ () C:\ProgramData\autobk.inc
2013-11-05 16:23 - 2013-11-05 16:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
C:\Users\Matze\AppData\Local\Temp\avgnt.exe
C:\Users\Matze\AppData\Local\Temp\AviraSetup207281.exe
C:\Users\Matze\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnfgcup.dll
C:\Users\Matze\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmps2myw6.dll
C:\Users\Matze\AppData\Local\Temp\DSETUP.dll
C:\Users\Matze\AppData\Local\Temp\dsetup32.dll
C:\Users\Matze\AppData\Local\Temp\DXSETUP.exe
C:\Users\Matze\AppData\Local\Temp\FreeScreenVideoRecorder.exe
C:\Users\Matze\AppData\Local\Temp\FreeVideoCallRecorder.exe
C:\Users\Matze\AppData\Local\Temp\mp3el2.exe
C:\Users\Matze\AppData\Local\Temp\ose00000.exe
C:\Users\Matze\AppData\Local\Temp\ose00001.exe
C:\Users\Matze\AppData\Local\Temp\ose00002.exe
C:\Users\Matze\AppData\Local\Temp\ose00003.exe
C:\Users\Matze\AppData\Local\Temp\PidGenX.dll
C:\Users\Matze\AppData\Local\Temp\Quarantine.exe
C:\Users\Matze\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Matze\AppData\Local\Temp\sqlite3.dll
C:\Users\Matze\AppData\Local\Temp\uttE249.tmp.exe
C:\Users\Matze\AppData\Local\Temp\vpsetup.exe
C:\Users\Matze\AppData\Local\Temp\x264enc5.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-21 14:07
==================== End Of Log ============================
Schönen Gruß! |
|
23.02.2015, 07:29
| #6 |
| /// the machine /// TB-Ausbilder | Windows 8.1: Dauernde Trojanerfunde - Crypt.Xpack / Z.pack /.. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\All Users\Microsoft\Secure\Icons\IconsCacheHelper.dll
C:\AdwCleaner\Quarantine\C\Program Files\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\76334be22960e48fc136e160ca1d3cf4\agsetup183se_v3.0.0.67.exe.vir
C:\Program Files (x86)\Portable\NCH Debut Video Capture Software Pro v1.74\debut.exe
C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
C:\Users\Matze\AppData\Local\Eftion\loader_u.dll
C:\Users\Matze\AppData\Local\Eftion\loader_u.dll.old
C:\Users\Matze\AppData\Local\Eftion\loader_u.dll.temp
C:\Users\Matze\AppData\Local\IQFsoft\loader_u.dll
C:\Users\Matze\AppData\Local\Microsoft\Windows\INetCache\IE\3FRU26HZ\audiograbber_1.83[1].exe
C:\Users\Matze\AppData\Local\Microsoft\Windows\INetCache\IE\3FRU26HZ\spstub[1].exe
C:\Users\Matze\AppData\Local\Microsoft\Windows\INetCache\IE\TD838VSS\SPSetup[1].exe
C:\Users\Matze\AppData\Local\Temp\DMR\dmr_72.exe
C:\Users\Matze\Downloads\Audiograbber - CHIP-Installer.exe
C:\Users\Matze\Downloads\cbsidlm-cbsi188-Letasoft_Sound_Booster-ORG-75761429.exe
C:\Users\Matze\Downloads\ifunbox27_setup - CHIP-Installer.exe
C:\Users\Matze\Downloads\MP3CutterSetup.exe
C:\Users\Matze\Downloads\MP3Gain - CHIP-Installer.exe
C:\Users\Matze\Downloads\Simple Webcam Recorder - CHIP-Installer.exe
C:\Users\Matze\Downloads\NCH Debut Video Capture Software Pro v1.74 (1-click run)(registered)\NCH Debut Video Capture Software Pro v1.74 (1-click run)(registered).exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ --> Windows 8.1: Dauernde Trojanerfunde - Crypt.Xpack / Z.pack /.. |
|
23.02.2015, 14:58
| #7 |
| | Windows 8.1: Dauernde Trojanerfunde - Crypt.Xpack / Z.pack /.. Hallo schrauber, ich poste jetzt hier schon mal das Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-02-2015
Ran by Matze at 2015-02-23 14:47:53 Run:1
Running from C:\Users\Matze\Downloads
Loaded Profiles: UpdatusUser & Matze (Available profiles: UpdatusUser & Matze)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\All Users\Microsoft\Secure\Icons\IconsCacheHelper.dll
C:\AdwCleaner\Quarantine\C\Program Files\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\76334be22960e48fc136e160ca1d3cf4\agsetup183se_v3.0.0.67.exe.vir
C:\Program Files (x86)\Portable\NCH Debut Video Capture Software Pro v1.74\debut.exe
C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
C:\Users\Matze\AppData\Local\Eftion\loader_u.dll
C:\Users\Matze\AppData\Local\Eftion\loader_u.dll.old
C:\Users\Matze\AppData\Local\Eftion\loader_u.dll.temp
C:\Users\Matze\AppData\Local\IQFsoft\loader_u.dll
C:\Users\Matze\AppData\Local\Microsoft\Windows\INetCache\IE\3FRU26HZ\audiograbber_1.83[1].exe
C:\Users\Matze\AppData\Local\Microsoft\Windows\INetCache\IE\3FRU26HZ\spstub[1].exe
C:\Users\Matze\AppData\Local\Microsoft\Windows\INetCache\IE\TD838VSS\SPSetup[1].exe
C:\Users\Matze\AppData\Local\Temp\DMR\dmr_72.exe
C:\Users\Matze\Downloads\Audiograbber - CHIP-Installer.exe
C:\Users\Matze\Downloads\cbsidlm-cbsi188-Letasoft_Sound_Booster-ORG-75761429.exe
C:\Users\Matze\Downloads\ifunbox27_setup - CHIP-Installer.exe
C:\Users\Matze\Downloads\MP3CutterSetup.exe
C:\Users\Matze\Downloads\MP3Gain - CHIP-Installer.exe
C:\Users\Matze\Downloads\Simple Webcam Recorder - CHIP-Installer.exe
C:\Users\Matze\Downloads\NCH Debut Video Capture Software Pro v1.74 (1-click run)(registered)\NCH Debut Video Capture Software Pro v1.74 (1-click run)(registered).exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
Emptytemp:
*****************
"C:\Users\All Users\Microsoft\Secure\Icons\IconsCacheHelper.dll" => File/Directory not found.
"C:\AdwCleaner\Quarantine\C\Program Files\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\76334be22960e48fc136e160ca1d3cf4\agsetup183se_v3.0.0.67.exe.vir" => File/Directory not found.
"C:\Program Files (x86)\Portable\NCH Debut Video Capture Software Pro v1.74\debut.exe" => File/Directory not found.
"C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll" => File/Directory not found.
"C:\Users\Matze\AppData\Local\Eftion\loader_u.dll" => File/Directory not found.
"C:\Users\Matze\AppData\Local\Eftion\loader_u.dll.old" => File/Directory not found.
"C:\Users\Matze\AppData\Local\Eftion\loader_u.dll.temp" => File/Directory not found.
"C:\Users\Matze\AppData\Local\IQFsoft\loader_u.dll" => File/Directory not found.
"C:\Users\Matze\AppData\Local\Microsoft\Windows\INetCache\IE\3FRU26HZ\audiograbber_1.83[1].exe" => File/Directory not found.
"C:\Users\Matze\AppData\Local\Microsoft\Windows\INetCache\IE\3FRU26HZ\spstub[1].exe" => File/Directory not found.
"C:\Users\Matze\AppData\Local\Microsoft\Windows\INetCache\IE\TD838VSS\SPSetup[1].exe" => File/Directory not found.
"C:\Users\Matze\AppData\Local\Temp\DMR\dmr_72.exe" => File/Directory not found.
"C:\Users\Matze\Downloads\Audiograbber - CHIP-Installer.exe" => File/Directory not found.
"C:\Users\Matze\Downloads\cbsidlm-cbsi188-Letasoft_Sound_Booster-ORG-75761429.exe" => File/Directory not found.
"C:\Users\Matze\Downloads\ifunbox27_setup - CHIP-Installer.exe" => File/Directory not found.
"C:\Users\Matze\Downloads\MP3CutterSetup.exe" => File/Directory not found.
"C:\Users\Matze\Downloads\MP3Gain - CHIP-Installer.exe" => File/Directory not found.
"C:\Users\Matze\Downloads\Simple Webcam Recorder - CHIP-Installer.exe" => File/Directory not found.
"C:\Users\Matze\Downloads\NCH Debut Video Capture Software Pro v1.74 (1-click run)(registered)\NCH Debut Video Capture Software Pro v1.74 (1-click run)(registered).exe" => File/Directory not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk => Moved successfully.
C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe => Moved successfully.
EmptyTemp: => Removed 4.3 GB temporary data.
The system needed a reboot.
==== End of Fixlog 14:48:46 ====
Gestern hat der PC zweimal Signal gegeben wie bei einem Avira-Fund, jedoch ohne Bericht über einen Fund - nach dem Fix und dem Neustart gerade, hat er jetzt aber doch wieder was gefunden. Ich schicke hier nochmal den Log dazu mit: Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 23. Februar 2015 14:51
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 8.1
Windowsversion : (plain) [6.2.9200]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : MRPINK
Versionsinformationen:
BUILD.DAT : 14.0.7.468 91859 Bytes 24.11.2014 10:23:00
AVSCAN.EXE : 14.0.7.462 1015544 Bytes 04.12.2014 08:46:00
AVSCANRC.DLL : 14.0.7.308 64304 Bytes 23.10.2014 13:02:09
LUKE.DLL : 14.0.7.462 60664 Bytes 04.12.2014 08:46:34
AVSCPLR.DLL : 14.0.7.440 93488 Bytes 04.12.2014 08:46:00
REPAIR.DLL : 14.0.7.412 366328 Bytes 04.12.2014 08:45:57
REPAIR.RDF : 1.0.5.24 751911 Bytes 23.02.2015 10:00:54
AVREG.DLL : 14.0.7.310 264952 Bytes 23.10.2014 13:02:05
AVLODE.DLL : 14.0.7.440 561456 Bytes 04.12.2014 08:45:57
AVLODE.RDF : 14.0.4.54 78895 Bytes 06.12.2014 07:17:22
XBV00015.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00016.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00017.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00018.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00019.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00020.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00021.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00022.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00023.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00024.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00025.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00026.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00027.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00028.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 13:02:30
XBV00192.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:48
XBV00193.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:48
XBV00194.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:49
XBV00195.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:49
XBV00196.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:49
XBV00197.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:49
XBV00198.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:49
XBV00199.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:49
XBV00200.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:49
XBV00201.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:49
XBV00202.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:49
XBV00203.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:49
XBV00204.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:49
XBV00205.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:49
XBV00206.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:49
XBV00207.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:50
XBV00208.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:50
XBV00209.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:50
XBV00210.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:50
XBV00211.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:50
XBV00212.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:50
XBV00213.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:50
XBV00214.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:50
XBV00215.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:50
XBV00216.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:50
XBV00217.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:51
XBV00218.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:51
XBV00219.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:51
XBV00220.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:51
XBV00221.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:51
XBV00222.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:51
XBV00223.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:51
XBV00224.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:51
XBV00225.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:52
XBV00226.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:52
XBV00227.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:52
XBV00228.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:52
XBV00229.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:53
XBV00230.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:53
XBV00231.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:53
XBV00232.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:54
XBV00233.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:54
XBV00234.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:55
XBV00235.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:55
XBV00236.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:55
XBV00237.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:56
XBV00238.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:56
XBV00239.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:56
XBV00240.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:57
XBV00241.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:57
XBV00242.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:57
XBV00243.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:58
XBV00244.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:58
XBV00245.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:58
XBV00246.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:59
XBV00247.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:53:59
XBV00248.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:54:00
XBV00249.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:54:01
XBV00250.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:54:02
XBV00251.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:54:02
XBV00252.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:54:03
XBV00253.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:54:03
XBV00254.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:54:03
XBV00255.VDF : 8.11.206.252 2048 Bytes 04.02.2015 14:54:04
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 13:02:30
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 13:02:30
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 13:02:30
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 13:02:30
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 13:02:30
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 13:02:30
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 13:02:30
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 13:02:30
XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 13:02:30
XBV00009.VDF : 8.11.172.30 2094080 Bytes 15.09.2014 13:02:30
XBV00010.VDF : 8.11.178.32 1581056 Bytes 14.10.2014 13:02:30
XBV00011.VDF : 8.11.184.50 2178560 Bytes 11.11.2014 15:41:49
XBV00012.VDF : 8.11.190.32 1876992 Bytes 03.12.2014 14:13:55
XBV00013.VDF : 8.11.201.28 2973696 Bytes 14.01.2015 14:26:57
XBV00014.VDF : 8.11.206.252 2695680 Bytes 04.02.2015 14:53:30
XBV00042.VDF : 8.11.207.24 43520 Bytes 04.02.2015 01:31:04
XBV00043.VDF : 8.11.207.50 2048 Bytes 04.02.2015 01:31:04
XBV00044.VDF : 8.11.207.52 2048 Bytes 04.02.2015 01:31:05
XBV00045.VDF : 8.11.207.78 20480 Bytes 04.02.2015 01:31:05
XBV00046.VDF : 8.11.207.104 5632 Bytes 04.02.2015 13:31:36
XBV00047.VDF : 8.11.207.106 2048 Bytes 05.02.2015 13:31:37
XBV00048.VDF : 8.11.207.108 23040 Bytes 05.02.2015 13:31:37
XBV00049.VDF : 8.11.207.110 34304 Bytes 05.02.2015 13:31:38
XBV00050.VDF : 8.11.207.112 2048 Bytes 05.02.2015 13:31:38
XBV00051.VDF : 8.11.207.134 15360 Bytes 05.02.2015 13:31:39
XBV00052.VDF : 8.11.207.154 9728 Bytes 05.02.2015 02:56:04
XBV00053.VDF : 8.11.207.178 39936 Bytes 05.02.2015 02:56:04
XBV00054.VDF : 8.11.207.200 32256 Bytes 05.02.2015 00:23:51
XBV00055.VDF : 8.11.207.204 2560 Bytes 05.02.2015 00:23:51
XBV00056.VDF : 8.11.207.208 57856 Bytes 06.02.2015 00:23:51
XBV00057.VDF : 8.11.207.210 2048 Bytes 06.02.2015 00:23:51
XBV00058.VDF : 8.11.207.212 5120 Bytes 06.02.2015 00:23:51
XBV00059.VDF : 8.11.207.232 18944 Bytes 06.02.2015 00:23:51
XBV00060.VDF : 8.11.207.252 24576 Bytes 06.02.2015 00:23:51
XBV00061.VDF : 8.11.208.16 9216 Bytes 06.02.2015 00:23:51
XBV00062.VDF : 8.11.208.18 4096 Bytes 06.02.2015 00:23:51
XBV00063.VDF : 8.11.208.20 2560 Bytes 06.02.2015 00:23:51
XBV00064.VDF : 8.11.208.42 54272 Bytes 06.02.2015 00:23:51
XBV00065.VDF : 8.11.208.62 2048 Bytes 06.02.2015 00:23:51
XBV00066.VDF : 8.11.208.84 28160 Bytes 06.02.2015 04:32:33
XBV00067.VDF : 8.11.208.86 2048 Bytes 06.02.2015 04:32:33
XBV00068.VDF : 8.11.208.88 2048 Bytes 07.02.2015 04:32:33
XBV00069.VDF : 8.11.208.92 61440 Bytes 07.02.2015 04:32:33
XBV00070.VDF : 8.11.208.112 2048 Bytes 07.02.2015 04:32:33
XBV00071.VDF : 8.11.208.130 40448 Bytes 07.02.2015 04:32:33
XBV00072.VDF : 8.11.208.148 2048 Bytes 07.02.2015 04:32:33
XBV00073.VDF : 8.11.208.166 62976 Bytes 08.02.2015 17:31:44
XBV00074.VDF : 8.11.208.184 2048 Bytes 08.02.2015 17:31:45
XBV00075.VDF : 8.11.208.204 32768 Bytes 08.02.2015 17:31:45
XBV00076.VDF : 8.11.208.206 49664 Bytes 09.02.2015 12:05:35
XBV00077.VDF : 8.11.208.224 5120 Bytes 09.02.2015 12:05:36
XBV00078.VDF : 8.11.208.242 5120 Bytes 09.02.2015 12:05:37
XBV00079.VDF : 8.11.209.4 17920 Bytes 09.02.2015 12:05:38
XBV00080.VDF : 8.11.209.22 7680 Bytes 09.02.2015 18:05:47
XBV00081.VDF : 8.11.209.28 30720 Bytes 09.02.2015 18:05:47
XBV00082.VDF : 8.11.209.34 24064 Bytes 09.02.2015 03:18:08
XBV00083.VDF : 8.11.209.36 2048 Bytes 09.02.2015 03:18:08
XBV00084.VDF : 8.11.209.38 12800 Bytes 09.02.2015 03:18:08
XBV00085.VDF : 8.11.209.42 36352 Bytes 10.02.2015 09:37:20
XBV00086.VDF : 8.11.209.44 3584 Bytes 10.02.2015 09:37:20
XBV00087.VDF : 8.11.209.46 16384 Bytes 10.02.2015 09:37:20
XBV00088.VDF : 8.11.209.48 33280 Bytes 10.02.2015 16:07:42
XBV00089.VDF : 8.11.209.70 38400 Bytes 10.02.2015 01:03:24
XBV00090.VDF : 8.11.209.90 18944 Bytes 10.02.2015 01:03:25
XBV00091.VDF : 8.11.209.106 10752 Bytes 10.02.2015 01:03:25
XBV00092.VDF : 8.11.209.122 10752 Bytes 10.02.2015 01:03:25
XBV00093.VDF : 8.11.209.126 25088 Bytes 11.02.2015 07:03:24
XBV00094.VDF : 8.11.209.128 13312 Bytes 11.02.2015 13:03:37
XBV00095.VDF : 8.11.209.130 2048 Bytes 11.02.2015 13:03:38
XBV00096.VDF : 8.11.209.132 32256 Bytes 11.02.2015 13:03:38
XBV00097.VDF : 8.11.209.134 23552 Bytes 11.02.2015 22:06:50
XBV00098.VDF : 8.11.209.140 20480 Bytes 11.02.2015 22:06:50
XBV00099.VDF : 8.11.209.156 7680 Bytes 11.02.2015 22:06:50
XBV00100.VDF : 8.11.209.174 12800 Bytes 11.02.2015 22:06:50
XBV00101.VDF : 8.11.209.190 8192 Bytes 11.02.2015 04:06:58
XBV00102.VDF : 8.11.209.206 5120 Bytes 11.02.2015 04:06:59
XBV00103.VDF : 8.11.209.210 30720 Bytes 12.02.2015 10:06:52
XBV00104.VDF : 8.11.209.212 23040 Bytes 12.02.2015 16:06:59
XBV00105.VDF : 8.11.209.214 2048 Bytes 12.02.2015 16:06:59
XBV00106.VDF : 8.11.209.218 2048 Bytes 12.02.2015 16:07:00
XBV00107.VDF : 8.11.209.222 19968 Bytes 12.02.2015 22:45:45
XBV00108.VDF : 8.11.209.226 23552 Bytes 12.02.2015 04:45:21
XBV00109.VDF : 8.11.209.228 8704 Bytes 12.02.2015 04:45:21
XBV00110.VDF : 8.11.209.232 24576 Bytes 13.02.2015 10:45:31
XBV00111.VDF : 8.11.209.248 5120 Bytes 13.02.2015 10:45:31
XBV00112.VDF : 8.11.210.6 3584 Bytes 13.02.2015 10:45:31
XBV00113.VDF : 8.11.210.20 20992 Bytes 13.02.2015 10:45:31
XBV00114.VDF : 8.11.210.34 2560 Bytes 13.02.2015 23:29:14
XBV00115.VDF : 8.11.210.36 7680 Bytes 13.02.2015 23:29:14
XBV00116.VDF : 8.11.210.38 28160 Bytes 13.02.2015 23:29:14
XBV00117.VDF : 8.11.210.40 5632 Bytes 13.02.2015 23:29:14
XBV00118.VDF : 8.11.210.42 2048 Bytes 13.02.2015 23:29:14
XBV00119.VDF : 8.11.210.46 17920 Bytes 13.02.2015 23:29:14
XBV00120.VDF : 8.11.210.48 6656 Bytes 14.02.2015 18:28:42
XBV00121.VDF : 8.11.210.52 22528 Bytes 14.02.2015 18:28:42
XBV00122.VDF : 8.11.210.54 8704 Bytes 14.02.2015 18:28:42
XBV00123.VDF : 8.11.210.56 8704 Bytes 14.02.2015 18:28:42
XBV00124.VDF : 8.11.210.58 2048 Bytes 14.02.2015 00:28:44
XBV00125.VDF : 8.11.210.60 57344 Bytes 15.02.2015 21:21:23
XBV00126.VDF : 8.11.210.74 7168 Bytes 15.02.2015 21:21:23
XBV00127.VDF : 8.11.210.88 11776 Bytes 15.02.2015 21:21:23
XBV00128.VDF : 8.11.210.104 43008 Bytes 16.02.2015 09:21:25
XBV00129.VDF : 8.11.210.118 4096 Bytes 16.02.2015 09:21:26
XBV00130.VDF : 8.11.210.124 12800 Bytes 16.02.2015 21:04:00
XBV00131.VDF : 8.11.210.126 60416 Bytes 16.02.2015 21:04:00
XBV00132.VDF : 8.11.210.134 2048 Bytes 16.02.2015 21:04:00
XBV00133.VDF : 8.11.210.138 23552 Bytes 16.02.2015 21:04:01
XBV00134.VDF : 8.11.210.142 19968 Bytes 16.02.2015 03:04:04
XBV00135.VDF : 8.11.210.156 6656 Bytes 16.02.2015 03:04:04
XBV00136.VDF : 8.11.210.170 17408 Bytes 17.02.2015 02:16:15
XBV00137.VDF : 8.11.210.172 2048 Bytes 17.02.2015 02:16:15
XBV00138.VDF : 8.11.210.184 6144 Bytes 17.02.2015 02:16:15
XBV00139.VDF : 8.11.210.196 5120 Bytes 17.02.2015 02:16:15
XBV00140.VDF : 8.11.210.198 4608 Bytes 17.02.2015 02:16:15
XBV00141.VDF : 8.11.210.200 2048 Bytes 17.02.2015 02:16:15
XBV00142.VDF : 8.11.210.206 29696 Bytes 17.02.2015 02:16:15
XBV00143.VDF : 8.11.210.208 2048 Bytes 17.02.2015 02:16:15
XBV00144.VDF : 8.11.210.212 20480 Bytes 17.02.2015 02:16:15
XBV00145.VDF : 8.11.210.216 8704 Bytes 17.02.2015 02:16:15
XBV00146.VDF : 8.11.210.218 12800 Bytes 17.02.2015 08:16:18
XBV00147.VDF : 8.11.210.222 31744 Bytes 18.02.2015 08:16:18
XBV00148.VDF : 8.11.210.224 38912 Bytes 18.02.2015 14:16:17
XBV00149.VDF : 8.11.210.236 184832 Bytes 18.02.2015 04:52:12
XBV00150.VDF : 8.11.210.248 2048 Bytes 18.02.2015 04:52:12
XBV00151.VDF : 8.11.211.4 36352 Bytes 18.02.2015 04:52:12
XBV00152.VDF : 8.11.211.10 2048 Bytes 18.02.2015 04:52:12
XBV00153.VDF : 8.11.211.22 2048 Bytes 18.02.2015 04:52:12
XBV00154.VDF : 8.11.211.34 24576 Bytes 18.02.2015 04:52:12
XBV00155.VDF : 8.11.211.46 2048 Bytes 18.02.2015 04:52:12
XBV00156.VDF : 8.11.211.60 27136 Bytes 18.02.2015 04:52:12
XBV00157.VDF : 8.11.211.72 6656 Bytes 18.02.2015 04:52:12
XBV00158.VDF : 8.11.211.76 56832 Bytes 19.02.2015 10:52:09
XBV00159.VDF : 8.11.211.78 8704 Bytes 19.02.2015 10:52:09
XBV00160.VDF : 8.11.211.92 52224 Bytes 19.02.2015 22:28:37
XBV00161.VDF : 8.11.211.102 2048 Bytes 19.02.2015 22:28:37
XBV00162.VDF : 8.11.211.104 2048 Bytes 19.02.2015 22:28:37
XBV00163.VDF : 8.11.211.114 2048 Bytes 19.02.2015 22:28:37
XBV00164.VDF : 8.11.211.124 2048 Bytes 19.02.2015 22:28:38
XBV00165.VDF : 8.11.211.134 2048 Bytes 19.02.2015 22:28:38
XBV00166.VDF : 8.11.211.144 26624 Bytes 19.02.2015 22:28:38
XBV00167.VDF : 8.11.211.154 2048 Bytes 19.02.2015 22:28:39
XBV00168.VDF : 8.11.211.166 16896 Bytes 19.02.2015 22:28:39
XBV00169.VDF : 8.11.211.168 9216 Bytes 19.02.2015 06:29:14
XBV00170.VDF : 8.11.211.172 47616 Bytes 20.02.2015 12:29:09
XBV00171.VDF : 8.11.211.174 2048 Bytes 20.02.2015 12:29:09
XBV00172.VDF : 8.11.211.176 22528 Bytes 20.02.2015 19:09:07
XBV00173.VDF : 8.11.211.178 31232 Bytes 20.02.2015 19:09:07
XBV00174.VDF : 8.11.211.180 2048 Bytes 20.02.2015 19:09:07
XBV00175.VDF : 8.11.211.182 24064 Bytes 20.02.2015 01:09:10
XBV00176.VDF : 8.11.211.192 26624 Bytes 20.02.2015 01:09:10
XBV00177.VDF : 8.11.211.202 2048 Bytes 20.02.2015 01:09:10
XBV00178.VDF : 8.11.211.222 17408 Bytes 20.02.2015 01:09:10
XBV00179.VDF : 8.11.211.234 61440 Bytes 21.02.2015 13:09:09
XBV00180.VDF : 8.11.211.244 19968 Bytes 21.02.2015 13:09:09
XBV00181.VDF : 8.11.211.246 2048 Bytes 21.02.2015 13:09:09
XBV00182.VDF : 8.11.211.248 31744 Bytes 21.02.2015 10:00:51
XBV00183.VDF : 8.11.211.250 35840 Bytes 22.02.2015 16:00:55
XBV00184.VDF : 8.11.211.252 2048 Bytes 22.02.2015 16:00:55
XBV00185.VDF : 8.11.212.6 19456 Bytes 22.02.2015 16:00:55
XBV00186.VDF : 8.11.212.14 43520 Bytes 22.02.2015 16:00:55
XBV00187.VDF : 8.11.212.16 2048 Bytes 22.02.2015 16:00:55
XBV00188.VDF : 8.11.212.24 17920 Bytes 22.02.2015 16:00:55
XBV00189.VDF : 8.11.212.32 66560 Bytes 23.02.2015 10:00:52
XBV00190.VDF : 8.11.212.34 6656 Bytes 23.02.2015 10:00:53
XBV00191.VDF : 8.11.212.36 6656 Bytes 23.02.2015 10:00:53
LOCAL000.VDF : 8.11.212.36 122360832 Bytes 23.02.2015 10:01:15
Engineversion : 8.3.28.26
AEVDF.DLL : 8.3.1.6 133992 Bytes 23.10.2014 13:01:55
AESCRIPT.DLL : 8.2.2.56 554920 Bytes 13.02.2015 10:45:30
AESCN.DLL : 8.3.2.2 139456 Bytes 23.10.2014 13:01:55
AESBX.DLL : 8.2.20.24 1409224 Bytes 23.10.2014 13:01:55
AERDL.DLL : 8.2.1.20 731040 Bytes 11.02.2015 22:06:49
AEPACK.DLL : 8.4.0.62 793456 Bytes 20.02.2015 19:09:07
AEOFFICE.DLL : 8.3.1.12 350120 Bytes 19.02.2015 22:28:35
AEMOBILE.DLL : 8.1.2.0 277360 Bytes 16.12.2014 17:44:50
AEHEUR.DLL : 8.1.4.1550 8158064 Bytes 19.02.2015 22:28:34
AEHELP.DLL : 8.3.1.0 278728 Bytes 23.10.2014 13:01:55
AEGEN.DLL : 8.1.7.40 456608 Bytes 19.12.2014 14:04:41
AEEXP.DLL : 8.4.2.70 255904 Bytes 07.02.2015 00:23:51
AEEMU.DLL : 8.1.3.4 399264 Bytes 23.10.2014 13:01:55
AEDROID.DLL : 8.4.3.6 850800 Bytes 16.12.2014 17:44:49
AECORE.DLL : 8.3.4.0 243624 Bytes 16.12.2014 17:44:48
AEBB.DLL : 8.1.2.0 60448 Bytes 23.10.2014 13:01:55
AVWINLL.DLL : 14.0.7.308 25904 Bytes 23.10.2014 13:02:19
AVPREF.DLL : 14.0.7.308 52016 Bytes 23.10.2014 13:02:05
AVREP.DLL : 14.0.7.308 220976 Bytes 23.10.2014 13:02:05
AVARKT.DLL : 14.0.7.308 227632 Bytes 23.10.2014 13:01:55
AVEVTLOG.DLL : 14.0.7.440 184112 Bytes 04.12.2014 08:45:55
SQLITE3.DLL : 14.0.7.308 453936 Bytes 23.10.2014 13:02:29
AVSMTP.DLL : 14.0.7.308 79096 Bytes 23.10.2014 13:02:12
NETNT.DLL : 14.0.7.308 15152 Bytes 23.10.2014 13:02:27
RCIMAGE.DLL : 14.0.7.308 4865328 Bytes 23.10.2014 13:02:27
RCTEXT.DLL : 14.0.7.318 77048 Bytes 23.10.2014 13:02:28
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_54eb300d\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: Reparieren
Sekundäre Aktion......................: Quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: Vollständig
Beginn des Suchlaufs: Montag, 23. Februar 2015 14:51
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'dwm.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '180' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '115' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'SASCORE64.EXE' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '131' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'adminservice.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCDMonitorService.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'cvpnd.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'dashost.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'HeciServer.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMSvc.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'mfevtps.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'Service_KMS.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'Updater.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'mfefire.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhostex.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '185' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMEvent.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMTray.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'avira_system_speedup.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'ddp.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'WerFault.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'SppExtComObj.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'BtvStack.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'ActivateDesktop.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVCpl64.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVBg64.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerTray.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'SYNTPHELPER.EXE' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'SUPERAntiSpyware.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'loopBeMon.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'RuntimeBroker.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerSvc.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxext.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerEvent.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'TiWorker.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '63' Modul(e) wurden durchsucht
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Users\Matze\AppData\Local\Eftion\tmp8A58.exe'
Der Registrierungseintrag <HKEY_USERS\S-1-5-21-1635521525-480761495-2417052547-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Eftion> wurde erfolgreich entfernt.
C:\Users\Matze\AppData\Local\Eftion\tmp8A58.exe
[FUND] Ist das Trojanische Pferd TR/Dropper.VB.21776
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50f7a552.qua' verschoben!
[HINWEIS] Der Registrierungseintrag <HKEY_USERS\S-1-5-21-1635521525-480761495-2417052547-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Eftion> wurde erfolgreich repariert.
Ende des Suchlaufs: Montag, 23. Februar 2015 14:52
Benötigte Zeit: 01:06 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
873 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
872 Dateien ohne Befall
2 Archive wurden durchsucht
0 Warnungen
1 Hinweise
|
|
23.02.2015, 18:31
| #8 |
| /// the machine /// TB-Ausbilder | Windows 8.1: Dauernde Trojanerfunde - Crypt.Xpack / Z.pack /.. lass die beiden angemeckerten Dateien bitte mal online prüfen: Dateien online auf Viren prüfen - so geht's - Anleitungen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.02.2015, 18:55
| #9 |
| | Windows 8.1: Dauernde Trojanerfunde - Crypt.Xpack / Z.pack /.. Habe ich gemacht, dazu scheint es noch keine Bewertungen zu geben. Soll ich den Analyselink nochmal posten? |
|
24.02.2015, 07:04
| #10 |
| /// the machine /// TB-Ausbilder | Windows 8.1: Dauernde Trojanerfunde - Crypt.Xpack / Z.pack /.. Ja bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.02.2015, 07:18
| #11 |
| | Windows 8.1: Dauernde Trojanerfunde - Crypt.Xpack / Z.pack /.. Hier der Link: https://www.virustotal.com/de/file/694d116a9a3bb7cf5cc8c32e05f8f232ad97b3159880cd5820ba57388b6c87d8/analysis/ |
|
24.02.2015, 16:57
| #12 |
| /// the machine /// TB-Ausbilder | Windows 8.1: Dauernde Trojanerfunde - Crypt.Xpack / Z.pack /.. Keine Bewertung stimmt ja nit Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Matze\AppData\Local\Eftion
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.02.2015, 19:54
| #13 |
| | Windows 8.1: Dauernde Trojanerfunde - Crypt.Xpack / Z.pack /.. Erledigt und hier der entsprechende Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-02-2015
Ran by Matze at 2015-02-24 19:52:11 Run:2
Running from C:\Users\Matze\Downloads
Loaded Profiles: UpdatusUser & Matze (Available profiles: UpdatusUser & Matze)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\Matze\AppData\Local\Eftion
*****************
C:\Users\Matze\AppData\Local\Eftion => Moved successfully.
==== End of Fixlog 19:52:11 ====
 ) |
|
25.02.2015, 07:18
| #14 |
| /// the machine /// TB-Ausbilder | Windows 8.1: Dauernde Trojanerfunde - Crypt.Xpack / Z.pack /.. Ich bin ja nit da geboren fertig
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.02.2015, 03:59
| #15 |
| | Windows 8.1: Dauernde Trojanerfunde - Crypt.Xpack / Z.pack /.. Alles klar! Ja perfekt, vielen vielen Dank! Ich schreib dir dann gleich noch die Bewertung - keep up the good work! |
|
| Themen zu Windows 8.1: Dauernde Trojanerfunde - Crypt.Xpack / Z.pack /.. |
| antivir, antivirus, avira, bonjour, browser, converter, cubase, desktop, device driver, downloader, dringend, dvdvideosoft ltd., failed, google, home, kmspico, launch, malware, problem, programm, realtek, security, software, super, svchost.exe, symantec, tr/crypt.xpack.gen, trojaner, updates, virus, windows, wma |
dann auf 
und dann auf 
. 
