| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Unzählige Emails mit dem Betreff "Mail Delivery System <MAILER-DAEMON@XXX.info>" erhaltenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
17.03.2015, 10:20
| #1 |
| |  Unzählige Emails mit dem Betreff "Mail Delivery System <MAILER-DAEMON@XXX.info>" erhalten Guten Morgen, ich erhalte seit Sonntag unzählige Emails mit dem Betreff "Mail Delivery System <MAILER-DAEMON@XXX.info>. XXX steht hier für einen Server meines Providers, wo ich webspace und Email-Adressen miete. Ich habe daraufhin die Passwörter meiner Postfächer geändert, was auch umgehend zu Ruhe führte. Gleichzeitig habe ich den Anbieter angeschrieben und mit dem Problem konfrontiert. Mir wurde gesagt, dass über wordpress Schaddateien eingeschleust wurden, die daraufhin in einen neutralen Ordner verschoben wurden. Ich habe diese Dateien umgehend per FTP-Zugang gelöscht. Heute Nacht ging das Spiel dann von vorne los, ich erhielt abermals unzählige Emails mit o.g. Betreff. Ich schrieb deswegen heute Morgen wieder den Anbieter an. Ich bekam die Auskunft, dass heute Nacht per FTP Schaddateien auf meinen webspace geladen worden sind - die Dateien wurden umgehend entfernt. Gleichzeitig bekam ich neue Zugangsdaten, da davon ausgegangen wird, dass das Passwort über das FTP-Programm (FileZilla) ausgelesen wird. Ich habe daraufhin Filezilla deinstalliert - die neuen Zugangsdaten habe ich noch nicht verwendet. Ich habe die Befürchtung, dass mein PC mit irgend etwas befallen ist. Untermauert wird dies dadurch, dass ich vom Telekom Abuse-Team seit Dezember 2014 bis Februar 2015 drei Emails bekam, dass mein System mit einem Trojaner befallen sei. Ich hatte jeweils nach Erhalt der Emails meine Systeme mit Kaspersky Internet Security gescannt. Zusätzlich nutzte ich Spybot und Malwarebytes Anti Malware - letzteres Programm fand auch etwas, was bereinigt wurde. Was es genau war, weiß ich leider nicht mehr. Hier nun der FRST-Log: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Sebastian (administrator) on SEBASTIAN-PC on 17-03-2015 10:12:21
Running from E:\Downloads
Loaded Profiles: Sebastian (Available profiles: Sebastian)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\Synology\Data Replicator 3\SynoDrServicex64.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Google Inc.) C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe
(Google Inc.) C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\wmi64.exe
(Google Inc.) C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe
HKU\S-1-5-21-1544781982-3593503346-2797692446-1001\...\Run: [Google Update] => C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-22] (Google Inc.)
HKU\S-1-5-21-1544781982-3593503346-2797692446-1001\...\MountPoints2: F - F:\CDSAMPLE\AUTORUN\AUTORUN.EXE
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * OODBSsdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1544781982-3593503346-2797692446-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1544781982-3593503346-2797692446-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-09] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-12] (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-12] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-09] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-12] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-12] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
DPF: HKLM-x32 {4A85DBE0-BFB2-4119-8401-186A7C6EB653} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\772itop0.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-12] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-12] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-09] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-10-09] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-09] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1544781982-3593503346-2797692446-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-1544781982-3593503346-2797692446-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-1544781982-3593503346-2797692446-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll [2013-03-12] (Amazon.com, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-08-24]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-24]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-08-24]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-08-24]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-08-24]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.faz.net/
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?gd=&ctid=CT3314932&octid=EB_ORIGINAL_CTID&ISID=M37BB1CE2-8BD4-418B-AB2B-8E3E57D0C3AF&SearchSource=55&CUI=&UM=5&UP=SP7D0EFF40-7EA8-45F1-A390-B6BAD1FDE679&SSPV="
CHR Profile: C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]
CHR Extension: (Google Search) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]
CHR Extension: (Kaspersky Protection) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-08-24]
CHR Extension: (The Camelizer - Amazon Price Tracker) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2013-10-11]
CHR Extension: (AdBlock) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-02-17]
CHR Extension: (feedly) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2013-03-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2011-07-28]
CHR Extension: (Google Wallet) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
StartMenuInternet: Google Chrome - C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-01-03] (Creative Labs) [File not signed]
S3 Creative Dolby Digital Live Pack Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe [79360 2011-07-28] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2011-07-28] () [File not signed]
R2 MSSQL$MYMOVIES; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [2555760 2012-11-01] (O&O Software GmbH)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-24] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 SynoDrService; C:\Program Files (x86)\Synology\Data Replicator 3\SynoDrServicex64.exe [384072 2013-10-09] ()
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2014-02-25] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116096 2012-05-16] (AVM Berlin)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2013-11-22] (AVM Berlin)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-10-09] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-10-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-17 10:08 - 2015-03-17 10:08 - 00000000 _____ () C:\Users\Sebastian\Desktop\Neues Textdokument.txt
2015-03-11 11:54 - 2015-03-11 11:54 - 06208736 _____ (Tim Kosse) C:\Users\Sebastian\Downloads\FileZilla_3.10.2_win32-setup.exe
2015-03-11 08:38 - 2015-01-29 04:23 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 08:38 - 2015-01-29 04:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 08:38 - 2015-01-29 04:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 08:38 - 2015-01-29 04:19 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 08:38 - 2015-01-29 04:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 08:38 - 2015-01-29 04:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 08:38 - 2015-01-29 04:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 08:38 - 2015-01-29 04:05 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 08:38 - 2015-01-29 04:05 - 03917752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 08:38 - 2015-01-29 04:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 08:38 - 2015-01-29 03:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 08:37 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 08:37 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 08:37 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 08:37 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 08:37 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 08:37 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 08:37 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 08:37 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 08:37 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 08:37 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 08:37 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 08:37 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 08:37 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 08:37 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 08:37 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 08:37 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 08:37 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 08:37 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 08:37 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 08:37 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 08:37 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 08:37 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 08:37 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 08:37 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 08:37 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 08:37 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 08:37 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 08:37 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 08:37 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 08:37 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 08:37 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 08:37 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 08:36 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 08:36 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 08:36 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 08:36 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 08:36 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 08:36 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 08:36 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 08:36 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 08:36 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 08:36 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 08:36 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 08:36 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 08:36 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 08:36 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 08:36 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 08:36 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 08:36 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 08:36 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 08:36 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 08:36 - 2015-01-31 04:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 08:36 - 2015-01-31 04:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 08:36 - 2015-01-31 00:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 08:36 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 08:36 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-02 16:42 - 2015-03-02 16:43 - 00000000 ____D () C:\Users\Sebastian\Desktop\DSL Annex B
2015-02-25 13:01 - 2015-02-25 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-25 13:01 - 2015-02-25 13:01 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-25 13:01 - 2015-02-25 13:01 - 00000000 ____D () C:\Program Files\iTunes
2015-02-25 13:01 - 2015-02-25 13:01 - 00000000 ____D () C:\Program Files\iPod
2015-02-25 12:54 - 2015-02-25 12:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-02-25 08:38 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 08:38 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-23 15:36 - 2015-03-17 10:12 - 00000000 ____D () C:\FRST
2015-02-17 23:06 - 2015-02-17 23:06 - 00000085 _____ () C:\Windows\wininit.ini
2015-02-17 23:02 - 2015-03-17 09:29 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-17 23:02 - 2015-02-17 23:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-02-17 23:02 - 2015-02-17 23:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-17 23:02 - 2015-02-17 23:02 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-02-17 23:02 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-17 23:02 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-17 23:02 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-17 18:59 - 2015-02-17 18:59 - 00089372 ____N () C:\Users\Sebastian\Desktop\JRT.txt
2015-02-17 18:46 - 2015-02-17 18:49 - 00000000 ____D () C:\AdwCleaner
2015-02-17 16:50 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-17 16:50 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-17 16:50 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-17 16:50 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-17 15:19 - 2015-02-17 15:19 - 01614496 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-17 10:10 - 2012-12-09 12:43 - 02906728 _____ () C:\Windows\system32\oodbs.lor
2015-03-17 10:10 - 2011-07-28 11:36 - 00146806 _____ () C:\Windows\PFRO.log
2015-03-17 10:10 - 2011-07-28 10:54 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-17 10:10 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-17 10:10 - 2009-07-14 05:51 - 00227219 _____ () C:\Windows\setupact.log
2015-03-17 10:09 - 2011-07-28 10:16 - 01842765 _____ () C:\Windows\WindowsUpdate.log
2015-03-17 10:08 - 2011-07-28 13:51 - 00000000 ____D () C:\Users\Sebastian\Documents\Outlook-Dateien
2015-03-17 10:04 - 2011-07-28 23:24 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Skype
2015-03-17 10:01 - 2011-07-28 10:18 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544781982-3593503346-2797692446-1001UA.job
2015-03-17 09:59 - 2014-05-16 11:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-17 09:38 - 2013-09-21 08:53 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\A33D40CB-D7EE-4111-8C05-89A9CBCBE699.aplzod
2015-03-17 08:56 - 2009-07-14 05:45 - 00025552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-17 08:56 - 2009-07-14 05:45 - 00025552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-17 08:54 - 2009-07-14 18:58 - 15937438 _____ () C:\Windows\system32\perfh007.dat
2015-03-17 08:54 - 2009-07-14 18:58 - 04953480 _____ () C:\Windows\system32\perfc007.dat
2015-03-17 08:54 - 2009-07-14 06:13 - 00006470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-16 19:47 - 2014-08-04 20:30 - 00000306 _____ () C:\Windows\Tasks\Synology Data Replicator 3-Sebastian-PC-Sebastian.job
2015-03-16 19:34 - 2011-07-28 10:16 - 00000000 ____D () C:\Users\Sebastian
2015-03-16 15:01 - 2011-07-28 10:18 - 00001084 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544781982-3593503346-2797692446-1001Core.job
2015-03-16 14:58 - 2011-09-03 23:39 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\FileZilla
2015-03-16 10:52 - 2014-09-03 09:54 - 00000600 _____ () C:\Users\Sebastian\AppData\Local\PUTTY.RND
2015-03-13 12:45 - 2013-05-16 20:16 - 00000000 ____D () C:\Windows\rescache
2015-03-13 11:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-13 11:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 15:40 - 2014-11-29 17:14 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-12 15:39 - 2011-07-28 10:46 - 00000000 ____D () C:\Program Files\Java
2015-03-12 15:37 - 2015-01-21 14:47 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-03-12 15:36 - 2013-10-19 15:13 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-12 15:35 - 2014-11-29 17:14 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-11 11:48 - 2009-07-14 05:45 - 00341872 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 09:17 - 2011-07-28 11:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 09:10 - 2013-08-14 14:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 09:04 - 2011-07-28 11:17 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 09:03 - 2009-07-14 03:34 - 00000478 _____ () C:\Windows\win.ini
2015-03-06 13:52 - 2012-02-03 17:29 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\vlc
2015-03-02 19:05 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-25 13:01 - 2014-09-06 09:04 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-02-25 13:01 - 2011-12-24 16:35 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-25 13:01 - 2011-07-28 22:56 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-24 03:17 - 2011-07-28 10:36 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-20 16:36 - 2014-09-24 12:56 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-20 16:36 - 2011-07-28 23:24 - 00000000 ____D () C:\ProgramData\Skype
2015-02-17 23:17 - 2014-05-05 16:22 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-17 23:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Vss
2015-02-17 17:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
==================== Files in the root of some directories =======
2011-12-30 09:29 - 2011-12-30 09:56 - 0001188 _____ () C:\Users\Sebastian\AppData\Local\crc32list11.txt
2012-07-08 21:01 - 2012-07-08 21:01 - 0004096 ____H () C:\Users\Sebastian\AppData\Local\keyfile3.drm
2014-09-03 09:54 - 2015-03-16 10:52 - 0000600 _____ () C:\Users\Sebastian\AppData\Local\PUTTY.RND
2011-11-03 12:06 - 2011-11-03 12:06 - 0000017 _____ () C:\Users\Sebastian\AppData\Local\resmon.resmoncfg
2011-07-28 10:55 - 2011-07-28 10:55 - 0017408 _____ () C:\Users\Sebastian\AppData\Local\WebpageIcons.db
2014-04-01 09:38 - 2014-04-01 09:38 - 0000040 ___SH () C:\ProgramData\.zreglib
2011-09-06 14:55 - 2011-09-06 15:08 - 0000360 _____ () C:\ProgramData\hpzinstall.log
Some content of TEMP:
====================
C:\Users\Sebastian\AppData\Local\Temp\AZ_1140718236679068156.exe
C:\Users\Sebastian\AppData\Local\Temp\AZ_2848461055147399262.exe
C:\Users\Sebastian\AppData\Local\Temp\AZ_4619401663501047626.exe
C:\Users\Sebastian\AppData\Local\Temp\AZ_5182792834848607432.exe
C:\Users\Sebastian\AppData\Local\Temp\AZ_5604360757481880141.exe
C:\Users\Sebastian\AppData\Local\Temp\AZ_748523700034962356.exe
C:\Users\Sebastian\AppData\Local\Temp\DivXSetup.exe
C:\Users\Sebastian\AppData\Local\Temp\drm_dyndata_7370007.dll
C:\Users\Sebastian\AppData\Local\Temp\drm_dyndata_7370010.dll
C:\Users\Sebastian\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\Sebastian\AppData\Local\Temp\jna1014091904589135351.dll
C:\Users\Sebastian\AppData\Local\Temp\jna1041362728925970266.dll
C:\Users\Sebastian\AppData\Local\Temp\jna1110531134364490410.dll
C:\Users\Sebastian\AppData\Local\Temp\jna1137242879032184808.dll
C:\Users\Sebastian\AppData\Local\Temp\jna1142309330889470670.dll
C:\Users\Sebastian\AppData\Local\Temp\jna1152311054437696758.dll
C:\Users\Sebastian\AppData\Local\Temp\jna1182104696751076401.dll
C:\Users\Sebastian\AppData\Local\Temp\jna1215798202210810518.dll
C:\Users\Sebastian\AppData\Local\Temp\jna1221253092439142209.dll
C:\Users\Sebastian\AppData\Local\Temp\jna1248224179444790014.dll
C:\Users\Sebastian\AppData\Local\Temp\jna127458028090043647.dll
C:\Users\Sebastian\AppData\Local\Temp\jna1288532973874588640.dll
C:\Users\Sebastian\AppData\Local\Temp\jna1295889154616328663.dll
C:\Users\Sebastian\AppData\Local\Temp\jna1296546557964891669.dll
C:\Users\Sebastian\AppData\Local\Temp\jna1323637214673391.dll
C:\Users\Sebastian\AppData\Local\Temp\jna1345844091801655466.dll
C:\Users\Sebastian\AppData\Local\Temp\jna1346347952115270318.dll
C:\Users\Sebastian\AppData\Local\Temp\jna1455440076662930840.dll
C:\Users\Sebastian\AppData\Local\Temp\jna1458168450025072523.dll
C:\Users\Sebastian\AppData\Local\Temp\jna1471264972418097368.dll
C:\Users\Sebastian\AppData\Local\Temp\jna1593362208927483325.dll
C:\Users\Sebastian\AppData\Local\Temp\jna1662951116951104816.dll
C:\Users\Sebastian\AppData\Local\Temp\jna1668914530730633151.dll
C:\Users\Sebastian\AppData\Local\Temp\jna1705767340224022250.dll
C:\Users\Sebastian\AppData\Local\Temp\jna1731033830820518025.dll
C:\Users\Sebastian\AppData\Local\Temp\jna173450631999388552.dll
C:\Users\Sebastian\AppData\Local\Temp\jna17791384404544835.dll
C:\Users\Sebastian\AppData\Local\Temp\jna1782707483037726906.dll
C:\Users\Sebastian\AppData\Local\Temp\jna1804331349662335954.dll
C:\Users\Sebastian\AppData\Local\Temp\jna1853445390928327028.dll
C:\Users\Sebastian\AppData\Local\Temp\jna1871557020680964271.dll
C:\Users\Sebastian\AppData\Local\Temp\jna1888331064639816766.dll
C:\Users\Sebastian\AppData\Local\Temp\jna1922481927101364428.dll
C:\Users\Sebastian\AppData\Local\Temp\jna1963896693732479126.dll
C:\Users\Sebastian\AppData\Local\Temp\jna1965968641347879053.dll
C:\Users\Sebastian\AppData\Local\Temp\jna2002525541312534140.dll
C:\Users\Sebastian\AppData\Local\Temp\jna2019083538771818186.dll
C:\Users\Sebastian\AppData\Local\Temp\jna2074376742930690966.dll
C:\Users\Sebastian\AppData\Local\Temp\jna2080757217061942514.dll
C:\Users\Sebastian\AppData\Local\Temp\jna2132642328612969189.dll
C:\Users\Sebastian\AppData\Local\Temp\jna2157657924673347748.dll
C:\Users\Sebastian\AppData\Local\Temp\jna2244338900066759197.dll
C:\Users\Sebastian\AppData\Local\Temp\jna2245895496069639663.dll
C:\Users\Sebastian\AppData\Local\Temp\jna230044156007061979.dll
C:\Users\Sebastian\AppData\Local\Temp\jna2311636334311419706.dll
C:\Users\Sebastian\AppData\Local\Temp\jna2323994938767487666.dll
C:\Users\Sebastian\AppData\Local\Temp\jna2343336267189344368.dll
C:\Users\Sebastian\AppData\Local\Temp\jna2350895639209801170.dll
C:\Users\Sebastian\AppData\Local\Temp\jna2409768792393195649.dll
C:\Users\Sebastian\AppData\Local\Temp\jna241099576601131519.dll
C:\Users\Sebastian\AppData\Local\Temp\jna2411982880679859094.dll
C:\Users\Sebastian\AppData\Local\Temp\jna2424348212443485335.dll
C:\Users\Sebastian\AppData\Local\Temp\jna2429309196968365863.dll
C:\Users\Sebastian\AppData\Local\Temp\jna243068636102388481.dll
C:\Users\Sebastian\AppData\Local\Temp\jna243493382892971639.dll
C:\Users\Sebastian\AppData\Local\Temp\jna2446113315867419289.dll
C:\Users\Sebastian\AppData\Local\Temp\jna2539672093240053944.dll
C:\Users\Sebastian\AppData\Local\Temp\jna2598111008081658526.dll
C:\Users\Sebastian\AppData\Local\Temp\jna262595470656569501.dll
C:\Users\Sebastian\AppData\Local\Temp\jna2757602724654535318.dll
C:\Users\Sebastian\AppData\Local\Temp\jna278673722463774617.dll
C:\Users\Sebastian\AppData\Local\Temp\jna278990510774604335.dll
C:\Users\Sebastian\AppData\Local\Temp\jna2813043595067874843.dll
C:\Users\Sebastian\AppData\Local\Temp\jna2860845172217059852.dll
C:\Users\Sebastian\AppData\Local\Temp\jna2876838269509964290.dll
C:\Users\Sebastian\AppData\Local\Temp\jna2895259330524274361.dll
C:\Users\Sebastian\AppData\Local\Temp\jna290513620367238403.dll
C:\Users\Sebastian\AppData\Local\Temp\jna2927476662333709263.dll
C:\Users\Sebastian\AppData\Local\Temp\jna2927545198471445573.dll
C:\Users\Sebastian\AppData\Local\Temp\jna2991136644191559560.dll
C:\Users\Sebastian\AppData\Local\Temp\jna3032973392894173127.dll
C:\Users\Sebastian\AppData\Local\Temp\jna3038614350472557080.dll
C:\Users\Sebastian\AppData\Local\Temp\jna3057108137325041433.dll
C:\Users\Sebastian\AppData\Local\Temp\jna3080148307054676256.dll
C:\Users\Sebastian\AppData\Local\Temp\jna3102148467723818265.dll
C:\Users\Sebastian\AppData\Local\Temp\jna3135988823605301481.dll
C:\Users\Sebastian\AppData\Local\Temp\jna3138093607642110026.dll
C:\Users\Sebastian\AppData\Local\Temp\jna3158683719909104981.dll
C:\Users\Sebastian\AppData\Local\Temp\jna3173222067820990095.dll
C:\Users\Sebastian\AppData\Local\Temp\jna32078121416771444.dll
C:\Users\Sebastian\AppData\Local\Temp\jna3294632825577563712.dll
C:\Users\Sebastian\AppData\Local\Temp\jna3403986897056991428.dll
C:\Users\Sebastian\AppData\Local\Temp\jna3495002400546921190.dll
C:\Users\Sebastian\AppData\Local\Temp\jna3498816050508978016.dll
C:\Users\Sebastian\AppData\Local\Temp\jna3509193678430302200.dll
C:\Users\Sebastian\AppData\Local\Temp\jna3556797191068796152.dll
C:\Users\Sebastian\AppData\Local\Temp\jna359195598211668134.dll
C:\Users\Sebastian\AppData\Local\Temp\jna3643877548839313008.dll
C:\Users\Sebastian\AppData\Local\Temp\jna3694609042563823058.dll
C:\Users\Sebastian\AppData\Local\Temp\jna3741766682682814316.dll
C:\Users\Sebastian\AppData\Local\Temp\jna3772072142128068772.dll
C:\Users\Sebastian\AppData\Local\Temp\jna3790178978098101609.dll
C:\Users\Sebastian\AppData\Local\Temp\jna3847228536670056327.dll
C:\Users\Sebastian\AppData\Local\Temp\jna3859572211101278001.dll
C:\Users\Sebastian\AppData\Local\Temp\jna3870067857374018111.dll
C:\Users\Sebastian\AppData\Local\Temp\jna3889443258451263215.dll
C:\Users\Sebastian\AppData\Local\Temp\jna390052523518075763.dll
C:\Users\Sebastian\AppData\Local\Temp\jna3913002034136368397.dll
C:\Users\Sebastian\AppData\Local\Temp\jna3931265550155805096.dll
C:\Users\Sebastian\AppData\Local\Temp\jna3950788088393836449.dll
C:\Users\Sebastian\AppData\Local\Temp\jna3953218962030830496.dll
C:\Users\Sebastian\AppData\Local\Temp\jna3964443489607685830.dll
C:\Users\Sebastian\AppData\Local\Temp\jna4004719006446576502.dll
C:\Users\Sebastian\AppData\Local\Temp\jna4058099991619438910.dll
C:\Users\Sebastian\AppData\Local\Temp\jna4063491608636514031.dll
C:\Users\Sebastian\AppData\Local\Temp\jna4100428742163720978.dll
C:\Users\Sebastian\AppData\Local\Temp\jna4142343264603385286.dll
C:\Users\Sebastian\AppData\Local\Temp\jna4175444069115243936.dll
C:\Users\Sebastian\AppData\Local\Temp\jna4290997836229974005.dll
C:\Users\Sebastian\AppData\Local\Temp\jna435380624509936957.dll
C:\Users\Sebastian\AppData\Local\Temp\jna4366258991408800062.dll
C:\Users\Sebastian\AppData\Local\Temp\jna4382158403778041674.dll
C:\Users\Sebastian\AppData\Local\Temp\jna4382460155773659715.dll
C:\Users\Sebastian\AppData\Local\Temp\jna4402644900916381337.dll
C:\Users\Sebastian\AppData\Local\Temp\jna4405153692661440434.dll
C:\Users\Sebastian\AppData\Local\Temp\jna4410878568922156247.dll
C:\Users\Sebastian\AppData\Local\Temp\jna4480428281518621216.dll
C:\Users\Sebastian\AppData\Local\Temp\jna4493461540733973672.dll
C:\Users\Sebastian\AppData\Local\Temp\jna4520555221111267529.dll
C:\Users\Sebastian\AppData\Local\Temp\jna4539517421306765024.dll
C:\Users\Sebastian\AppData\Local\Temp\jna4570341025813917848.dll
C:\Users\Sebastian\AppData\Local\Temp\jna4581121885837801388.dll
C:\Users\Sebastian\AppData\Local\Temp\jna460546724196515208.dll
C:\Users\Sebastian\AppData\Local\Temp\jna4646868682166381419.dll
C:\Users\Sebastian\AppData\Local\Temp\jna4683557038847041692.dll
C:\Users\Sebastian\AppData\Local\Temp\jna4763796946174435231.dll
C:\Users\Sebastian\AppData\Local\Temp\jna4772796682110729563.dll
C:\Users\Sebastian\AppData\Local\Temp\jna4773040304403941012.dll
C:\Users\Sebastian\AppData\Local\Temp\jna4829053557417077110.dll
C:\Users\Sebastian\AppData\Local\Temp\jna484163673737577416.dll
C:\Users\Sebastian\AppData\Local\Temp\jna4884083228525366655.dll
C:\Users\Sebastian\AppData\Local\Temp\jna4904523765468216546.dll
C:\Users\Sebastian\AppData\Local\Temp\jna4905458801205676972.dll
C:\Users\Sebastian\AppData\Local\Temp\jna4941673177227468287.dll
C:\Users\Sebastian\AppData\Local\Temp\jna495203010373873855.dll
C:\Users\Sebastian\AppData\Local\Temp\jna5020654731134804637.dll
C:\Users\Sebastian\AppData\Local\Temp\jna5061805516945155008.dll
C:\Users\Sebastian\AppData\Local\Temp\jna5067550176855983890.dll
C:\Users\Sebastian\AppData\Local\Temp\jna5090035711402279984.dll
C:\Users\Sebastian\AppData\Local\Temp\jna5119526574068692779.dll
C:\Users\Sebastian\AppData\Local\Temp\jna5133591216411850580.dll
C:\Users\Sebastian\AppData\Local\Temp\jna5146271402845947482.dll
C:\Users\Sebastian\AppData\Local\Temp\jna5147085351929402596.dll
C:\Users\Sebastian\AppData\Local\Temp\jna5194510547378558302.dll
C:\Users\Sebastian\AppData\Local\Temp\jna5215687703770026845.dll
C:\Users\Sebastian\AppData\Local\Temp\jna5234029051607544669.dll
C:\Users\Sebastian\AppData\Local\Temp\jna5236204993883183498.dll
C:\Users\Sebastian\AppData\Local\Temp\jna5258054440410267856.dll
C:\Users\Sebastian\AppData\Local\Temp\jna5261491456297464039.dll
C:\Users\Sebastian\AppData\Local\Temp\jna5314970365152512861.dll
C:\Users\Sebastian\AppData\Local\Temp\jna5345532678113466834.dll
C:\Users\Sebastian\AppData\Local\Temp\jna535333222526622766.dll
C:\Users\Sebastian\AppData\Local\Temp\jna5362517365865974747.dll
C:\Users\Sebastian\AppData\Local\Temp\jna5370600089148437191.dll
C:\Users\Sebastian\AppData\Local\Temp\jna5377190059722851342.dll
C:\Users\Sebastian\AppData\Local\Temp\jna5429641600997818374.dll
C:\Users\Sebastian\AppData\Local\Temp\jna5449642079989055450.dll
C:\Users\Sebastian\AppData\Local\Temp\jna5464443244354740163.dll
C:\Users\Sebastian\AppData\Local\Temp\jna5520838876719316185.dll
C:\Users\Sebastian\AppData\Local\Temp\jna5546994321031828915.dll
C:\Users\Sebastian\AppData\Local\Temp\jna5656965774068067027.dll
C:\Users\Sebastian\AppData\Local\Temp\jna5660975407348693344.dll
C:\Users\Sebastian\AppData\Local\Temp\jna5733711313370825426.dll
C:\Users\Sebastian\AppData\Local\Temp\jna580639334948273353.dll
C:\Users\Sebastian\AppData\Local\Temp\jna5820757852374330684.dll
C:\Users\Sebastian\AppData\Local\Temp\jna589325220271899638.dll
C:\Users\Sebastian\AppData\Local\Temp\jna5965567763940306326.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6068553636207140597.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6100420023313734080.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6116578915428043460.dll
C:\Users\Sebastian\AppData\Local\Temp\jna612127576608443899.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6123375287858142919.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6155261285734236298.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6180234379155332627.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6205146680222490417.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6206949991042516722.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6237595755860735103.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6287087284297897031.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6297329844277847166.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6306045427433309070.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6334907427681144237.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6345160211270099715.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6414868375309498647.dll
C:\Users\Sebastian\AppData\Local\Temp\jna642358030873747893.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6485714882526612782.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6514566952245554386.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6555269983007736704.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6606378222382047174.dll
C:\Users\Sebastian\AppData\Local\Temp\jna66434786172219068.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6699736396224086020.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6717182682127011923.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6772561864471374578.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6790768161410481368.dll
C:\Users\Sebastian\AppData\Local\Temp\jna679789294240841337.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6799936989068841535.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6805052673035990578.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6807095946355743527.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6812360163707489226.dll
C:\Users\Sebastian\AppData\Local\Temp\jna681520555803457022.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6821992400681975794.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6865765441477265464.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6874076571098454360.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6880617514038160930.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6901137847835588924.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6923686732833285036.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6936356567982347323.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6941617814764044345.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6944487907433345967.dll
C:\Users\Sebastian\AppData\Local\Temp\jna6980721469695301863.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7067216128708093947.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7068169416911999585.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7088742902071477863.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7089316958713088862.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7150509915042897460.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7168161171013080948.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7173394567912930697.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7175588448871455109.dll
C:\Users\Sebastian\AppData\Local\Temp\jna718493453306513764.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7191946206937995713.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7202128180534815483.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7231853834813905296.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7267404751550553496.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7275698367320902393.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7321120315541480483.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7330880199027611387.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7369682670387268973.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7372896896860480288.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7423604226083991881.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7470177882814686526.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7476112131135390953.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7482332329573562664.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7542620909207393519.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7570920506851060488.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7594547967238012127.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7600780440356073751.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7606158869576618413.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7644772858823315115.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7659723353594666577.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7676788633694886058.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7685288884747600791.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7691663135112550474.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7705358615773384386.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7717176779866977236.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7731084036181743675.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7764968245476034950.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7814411359558835404.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7825717795818322245.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7828686367091344865.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7830205187424159759.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7859792959114130002.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7865209532905395994.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7866862561880396166.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7941532404364710021.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7947836856026334720.dll
C:\Users\Sebastian\AppData\Local\Temp\jna7972164612367546840.dll
C:\Users\Sebastian\AppData\Local\Temp\jna798100712580697482.dll
C:\Users\Sebastian\AppData\Local\Temp\jna802686610484144040.dll
C:\Users\Sebastian\AppData\Local\Temp\jna8077627064051273719.dll
C:\Users\Sebastian\AppData\Local\Temp\jna8078199077454455614.dll
C:\Users\Sebastian\AppData\Local\Temp\jna8081853399554580486.dll
C:\Users\Sebastian\AppData\Local\Temp\jna808207845941603860.dll
C:\Users\Sebastian\AppData\Local\Temp\jna8086628242850069198.dll
C:\Users\Sebastian\AppData\Local\Temp\jna8088242905402534747.dll
C:\Users\Sebastian\AppData\Local\Temp\jna8161979188039568471.dll
C:\Users\Sebastian\AppData\Local\Temp\jna8209445081219842109.dll
C:\Users\Sebastian\AppData\Local\Temp\jna8225594166148853978.dll
C:\Users\Sebastian\AppData\Local\Temp\jna8240964423538387488.dll
C:\Users\Sebastian\AppData\Local\Temp\jna8242921406463831373.dll
C:\Users\Sebastian\AppData\Local\Temp\jna8297586150196252572.dll
C:\Users\Sebastian\AppData\Local\Temp\jna8308633607356368394.dll
C:\Users\Sebastian\AppData\Local\Temp\jna8315239422309809872.dll
C:\Users\Sebastian\AppData\Local\Temp\jna8355741458277797909.dll
C:\Users\Sebastian\AppData\Local\Temp\jna8357936216000657047.dll
C:\Users\Sebastian\AppData\Local\Temp\jna8410404070590053868.dll
C:\Users\Sebastian\AppData\Local\Temp\jna8482353099727622145.dll
C:\Users\Sebastian\AppData\Local\Temp\jna8511135655880105618.dll
C:\Users\Sebastian\AppData\Local\Temp\jna8525241843395383488.dll
C:\Users\Sebastian\AppData\Local\Temp\jna8569898715642840862.dll
C:\Users\Sebastian\AppData\Local\Temp\jna8590472054202861275.dll
C:\Users\Sebastian\AppData\Local\Temp\jna8632574498706508043.dll
C:\Users\Sebastian\AppData\Local\Temp\jna866612218520970115.dll
C:\Users\Sebastian\AppData\Local\Temp\jna8667550557624448114.dll
C:\Users\Sebastian\AppData\Local\Temp\jna8671594151378461332.dll
C:\Users\Sebastian\AppData\Local\Temp\jna870536371947556517.dll
C:\Users\Sebastian\AppData\Local\Temp\jna8707771025472855475.dll
C:\Users\Sebastian\AppData\Local\Temp\jna8716701761419599910.dll
C:\Users\Sebastian\AppData\Local\Temp\jna8724907102676437277.dll
C:\Users\Sebastian\AppData\Local\Temp\jna8755198869662503982.dll
C:\Users\Sebastian\AppData\Local\Temp\jna8821294767761153366.dll
C:\Users\Sebastian\AppData\Local\Temp\jna8857336522715971998.dll
C:\Users\Sebastian\AppData\Local\Temp\jna8914916266128338817.dll
C:\Users\Sebastian\AppData\Local\Temp\jna892477106410103193.dll
C:\Users\Sebastian\AppData\Local\Temp\jna8945193989617812236.dll
C:\Users\Sebastian\AppData\Local\Temp\jna9009763705893134300.dll
C:\Users\Sebastian\AppData\Local\Temp\jna9128797393317881438.dll
C:\Users\Sebastian\AppData\Local\Temp\jna9138757509421811724.dll
C:\Users\Sebastian\AppData\Local\Temp\jna9169804243041626604.dll
C:\Users\Sebastian\AppData\Local\Temp\jna936244136852035916.dll
C:\Users\Sebastian\AppData\Local\Temp\jna959509992155076436.dll
C:\Users\Sebastian\AppData\Local\Temp\jna97394780800715547.dll
C:\Users\Sebastian\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Sebastian\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Sebastian\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\Sebastian\AppData\Local\Temp\nvStInst.exe
C:\Users\Sebastian\AppData\Local\Temp\ose00000.exe
C:\Users\Sebastian\AppData\Local\Temp\ose00001.exe
C:\Users\Sebastian\AppData\Local\Temp\ose00002.exe
C:\Users\Sebastian\AppData\Local\Temp\ose00003.exe
C:\Users\Sebastian\AppData\Local\Temp\ose00004.exe
C:\Users\Sebastian\AppData\Local\Temp\ose00005.exe
C:\Users\Sebastian\AppData\Local\Temp\ose00006.exe
C:\Users\Sebastian\AppData\Local\Temp\ose00007.exe
C:\Users\Sebastian\AppData\Local\Temp\Quarantine.exe
C:\Users\Sebastian\AppData\Local\Temp\Samsung_Magician_Setup_v44.exe
C:\Users\Sebastian\AppData\Local\Temp\Setup.exe
C:\Users\Sebastian\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Sebastian\AppData\Local\Temp\sqlite3.dll
C:\Users\Sebastian\AppData\Local\Temp\Uni000.exe
C:\Users\Sebastian\AppData\Local\Temp\vlc-2.0.1-win32.exe
C:\Users\Sebastian\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Sebastian\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Sebastian\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Sebastian\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Sebastian\AppData\Local\Temp\_isA084.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-16 10:24
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Sebastian at 2015-03-17 10:12:58
Running from E:\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4954 - CDBurnerXP)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 2.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: - )
DDL und DTS Connect-Lizenzaktivierung (HKLM-x32\...\AcMgrDDL) (Version: - )
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.84 - DivX, LLC)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: - )
Dropbox (HKU\S-1-5-21-1544781982-3593503346-2797692446-1001\...\Dropbox) (Version: 1.4.17 - Dropbox, Inc.)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: - )
Google Chrome (HKU\S-1-5-21-1544781982-3593503346-2797692446-1001\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
HP Photosmart Wireless B110 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{014E482A-0C27-47E3-BA82-307E9DCA2F47}) (Version: 14.0 - HP)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Movies Collection Management (HKLM-x32\...\{B5FB1DFF-0631-4BD7-8C02-B6E388FAF963}) (Version: 4.0.5.106 - Binnerup Consult)
Network64 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
O&O Defrag Professional (HKLM\...\{B0DB2914-726E-45D0-BA71-A39C10B6515F}) (Version: 16.0.183 - O&O Software GmbH)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.2.2829 - Electronic Arts, Inc.)
Photo Station Uploader (remove only) (HKLM-x32\...\Photo Station Uploader) (Version: - Synology)
PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)
PS_AIO_07_B110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Scan (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: 1.5.3.23260 - Blizzard Entertainment)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: - )
Synology Data Replicator 3 (HKLM-x32\...\{8E310838-457C-4269-B177-3EFB300CBDDC}) (Version: 1.0.0.0 - Synology Inc.)
Toolbox (x32 Version: 140.0.424.000 - Hewlett-Packard) Hidden
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1544781982-3593503346-2797692446-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1544781982-3593503346-2797692446-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1544781982-3593503346-2797692446-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1544781982-3593503346-2797692446-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1544781982-3593503346-2797692446-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1544781982-3593503346-2797692446-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1544781982-3593503346-2797692446-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1544781982-3593503346-2797692446-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1544781982-3593503346-2797692446-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1544781982-3593503346-2797692446-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1544781982-3593503346-2797692446-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1544781982-3593503346-2797692446-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Sebastian\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-02-04 16:50 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {311EF194-0348-4FAB-9B11-C3DFA42B3F11} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1544781982-3593503346-2797692446-1001UA => C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {9AFF665C-92A0-4F76-BEB9-BDAEBE4B8007} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {B064AC69-E783-4119-BA68-591C61B0D0EA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {BD9BEE6B-409E-45C6-8F0F-97C3603EB8FF} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E6A69B0A-718D-4534-8046-C798B362C997} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1544781982-3593503346-2797692446-1001Core => C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {F8CF83B1-7D52-4F2C-ACAC-2C0612544FE3} - System32\Tasks\Synology Data Replicator 3-Sebastian-PC-Sebastian => C:\Program Files (x86)\Synology\Data Replicator 3\Backup.exe [2013-10-09] (Synology Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544781982-3593503346-2797692446-1001Core.job => C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544781982-3593503346-2797692446-1001UA.job => C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Synology Data Replicator 3-Sebastian-PC-Sebastian.job => C:\Program Files (x86)\Synology\Data Replicator 3\Backup.exe
==================== Loaded Modules (whitelisted) ==============
2015-01-16 19:14 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-10-09 09:52 - 2013-10-09 09:52 - 00384072 _____ () C:\Program Files (x86)\Synology\Data Replicator 3\SynoDrServicex64.exe
2014-02-25 02:28 - 2014-02-25 02:28 - 00248736 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2014-03-06 14:00 - 2014-03-06 14:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2015-03-11 20:07 - 2015-03-07 07:12 - 01174856 _____ () C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
2015-03-11 20:07 - 2015-03-07 07:12 - 00080200 _____ () C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\41.0.2272.89\libegl.dll
2015-03-11 20:07 - 2015-03-07 07:13 - 09279304 _____ () C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\41.0.2272.89\pdf.dll
2015-03-11 20:07 - 2015-03-07 07:13 - 14974280 _____ () C:\Users\Sebastian\AppData\Local\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1544781982-3593503346-2797692446-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk => C:\Windows\pss\vpngui.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk => C:\Windows\pss\WISO Mein Steuer-Sparbuch heute.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CTxfiHlp => CTXFIHLP.EXE
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Google Update => "C:\Users\Sebastian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: My Movies Tray => "C:\Program Files (x86)\Binnerup Consult\My Movies Collection Management\My Movies Tray.exe"
MSCONFIG\startupreg: OODefragTray => C:\Program Files\OO Software\Defrag\oodtray.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==================== Accounts: =============================
Administrator (S-1-5-21-1544781982-3593503346-2797692446-500 - Administrator - Disabled)
Gast (S-1-5-21-1544781982-3593503346-2797692446-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1544781982-3593503346-2797692446-1002 - Limited - Enabled)
Sebastian (S-1-5-21-1544781982-3593503346-2797692446-1001 - Administrator - Enabled) => C:\Users\Sebastian
==================== Faulty Device Manager Devices =============
Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/17/2015 10:10:17 AM) (Source: MSSQL$MYMOVIES) (EventID: 3409) (User: )
Description: Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions.
Error: (03/17/2015 10:10:17 AM) (Source: MSSQL$MYMOVIES) (EventID: 8313) (User: )
Description: Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled.
Error: (03/17/2015 08:54:14 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (03/17/2015 08:54:14 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (03/17/2015 08:54:14 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (03/17/2015 08:53:54 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80070422).
Error: (03/17/2015 08:48:40 AM) (Source: MSSQL$MYMOVIES) (EventID: 3409) (User: )
Description: Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions.
Error: (03/17/2015 08:48:40 AM) (Source: MSSQL$MYMOVIES) (EventID: 8313) (User: )
Description: Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled.
Error: (03/16/2015 08:16:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (03/16/2015 08:16:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
System errors:
=============
Error: (03/13/2015 00:01:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80004005 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB3033929)
Error: (03/13/2015 10:36:16 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80004005 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB3033929)
Error: (03/12/2015 11:57:26 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80004005 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB3033929)
Error: (03/11/2015 07:29:29 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80004005 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB3033929)
Error: (03/11/2015 02:04:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80004005 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB3033929)
Error: (03/11/2015 11:52:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80004005 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB3033929)
Error: (03/11/2015 11:48:49 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Server" wurde mit folgendem Fehler beendet:
%%13
Error: (03/11/2015 11:48:49 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:
%%1115
Error: (03/11/2015 11:48:49 AM) (Source: BROWSER) (EventID: 8017) (User: )
Description: Der Suchdienst konnte nicht starten, da der abhängige Dienst "LanmanWorkstation" den ungültigen Status "4294967295" aufwies.
Status Bedeutung
1 Angehalten
2 Warten begonnen
3 Warten beendet
4 Wird ausgeführt
5 Warten fortgesetzt
6 Warten unterbrochen
7 Unterbrochen
Error: (03/03/2015 05:04:11 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Microsoft Office Sessions:
=========================
Error: (03/17/2015 10:10:17 AM) (Source: MSSQL$MYMOVIES) (EventID: 3409) (User: )
Description: -1
Error: (03/17/2015 10:10:17 AM) (Source: MSSQL$MYMOVIES) (EventID: 8313) (User: )
Description:
Error: (03/17/2015 08:54:14 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (03/17/2015 08:54:14 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (03/17/2015 08:54:14 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (03/17/2015 08:53:54 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422
Error: (03/17/2015 08:48:40 AM) (Source: MSSQL$MYMOVIES) (EventID: 3409) (User: )
Description: -1
Error: (03/17/2015 08:48:40 AM) (Source: MSSQL$MYMOVIES) (EventID: 8313) (User: )
Description:
Error: (03/16/2015 08:16:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (03/16/2015 08:16:17 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
CodeIntegrity Errors:
===================================
Date: 2015-02-18 10:24:58.562
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-18 10:24:58.562
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-18 10:24:58.562
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-18 09:36:11.668
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-18 09:36:11.668
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-18 09:36:11.658
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-17 23:25:46.802
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-17 23:25:46.802
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-17 23:25:46.802
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-12 08:55:36.306
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz
Percentage of memory in use: 45%
Total physical RAM: 4094.48 MB
Available physical RAM: 2228.54 MB
Total Pagefile: 8187.16 MB
Available Pagefile: 5953.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (SSD) (Fixed) (Total:232.78 GB) (Free:156.3 GB) NTFS
Drive d: (Zeug) (Fixed) (Total:232.88 GB) (Free:187.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Zeug) (Fixed) (Total:232.88 GB) (Free:55.25 GB) NTFS
Drive h: (Data) (Fixed) (Total:0.1 GB) (Free:0 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: D669199D)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 232.9 GB) (Disk ID: 78488018)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 08D408D4)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Im Netzwerk hängen noch ein NAS von Synology, zwei Iphones und ein Laptop. Den Laptop hatte ich ebenfalls mit o.g. Programmen gescannt. Der Log oben stammt von meinem Desktop-PC, von welchem aus ich über FTP auf meinen webspace zugriff. Den Laptop nutze ich dafür nicht. Über Hilfe bin ich sehr dankbar! |
| Themen zu Unzählige Emails mit dem Betreff "Mail Delivery System <MAILER-DAEMON@XXX.info>" erhalten |
| bonjour, browser, desktop, ebanking, failed, fehler, flash player, google, helper, homepage, hängen, internet, kaspersky, mozilla, problem, prozess, registry, security, server, software, starten, svchost.exe, synology, system, tracker, trojaner, windows, wiso |
Baum-Darstellung