Lasse Leibni | 24.04.2015 12:57 | Hi Schrauber,
danke, dass du dich mit meinem Problem beschäftigst!
Der Revounistaller gab beim Deinstalieren von GetTheDiscount folgende Fehlermeldung:
Uinstall fehlgeschlagen
Womöglich ungültiger Uinstall-Befehl
Beim Deinstallieren von SystemMuscle gab es folgende Fehlermeldung:
Problem beim starten von
C:\PROGRA~2\SYSTEM~1.DLL
das angegebene Modul wurde nicht gefunden
Danach gab es keine weiteren Fehlermeldungen.
MBAM: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 24.04.2015
Suchlauf-Zeit: 13:14:10
Logdatei: MBAM.txt
Administrator: Ja
Version: 2.01.6.1022
Malware Datenbank: v2015.03.09.05
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: User
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 411428
Verstrichene Zeit: 11 Min, 32 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente gefunden)
Module: 0
(Keine schädliche Elemente gefunden)
Registrierungsschlüssel: 2
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{3a37b93a}, In Quarantäne, [eb8ecd763555cf67e99d4e838083e917],
PUP.Optional.Qone8, HKU\S-1-5-21-2506720359-812389270-3054720277-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [f2874ef53c4e95a1801ed244b055e719],
Registrierungswerte: 0
(Keine schädliche Elemente gefunden)
Registrierungsdaten: 11
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1426946930&from=air&uid=ST1000LM024XHN-M101MBB_S2U5J9ED113187&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1426946930&from=air&uid=ST1000LM024XHN-M101MBB_S2U5J9ED113187&q={searchTerms}),Ersetzt,[6712360d97f354e2f81e4392778e06fa]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hppp&ts=1426946981&from=air&uid=ST1000LM024XHN-M101MBB_S2U5J9ED113187, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hppp&ts=1426946981&from=air&uid=ST1000LM024XHN-M101MBB_S2U5J9ED113187),Ersetzt,[b3c6e261d5b5e94d6bab973e6e9728d8]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.istartsurf.com/web/?type=ds&ts=1426946930&from=air&uid=ST1000LM024XHN-M101MBB_S2U5J9ED113187&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1426946930&from=air&uid=ST1000LM024XHN-M101MBB_S2U5J9ED113187&q={searchTerms}),Ersetzt,[0772e65dc8c252e42ee8dcf91de830d0]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[db9ef94a0882f6403466d80906ff55ab]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=dspp&ts=1426946981&from=air&uid=ST1000LM024XHN-M101MBB_S2U5J9ED113187&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=dspp&ts=1426946981&from=air&uid=ST1000LM024XHN-M101MBB_S2U5J9ED113187&q={searchTerms}),Ersetzt,[5d1c6ed57a10eb4bc452b81d48bd30d0]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hppp&ts=1426946981&from=air&uid=ST1000LM024XHN-M101MBB_S2U5J9ED113187, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hppp&ts=1426946981&from=air&uid=ST1000LM024XHN-M101MBB_S2U5J9ED113187),Ersetzt,[da9fe75c088238feed293a9b44c1aa56]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.istartsurf.com/web/?type=dspp&ts=1426946981&from=air&uid=ST1000LM024XHN-M101MBB_S2U5J9ED113187&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=dspp&ts=1426946981&from=air&uid=ST1000LM024XHN-M101MBB_S2U5J9ED113187&q={searchTerms}),Ersetzt,[16630c37d6b484b2bd596a6bd23360a0]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[60196fd465253ef82c6e24bd1ce959a7]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-2506720359-812389270-3054720277-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.istartsurf.com/web/?type=dspp&ts=1426946981&from=air&uid=ST1000LM024XHN-M101MBB_S2U5J9ED113187&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=dspp&ts=1426946981&from=air&uid=ST1000LM024XHN-M101MBB_S2U5J9ED113187&q={searchTerms}),Ersetzt,[86f3ce750486cc6a52c245901aeb1be5]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-2506720359-812389270-3054720277-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hppp&ts=1426946981&from=air&uid=ST1000LM024XHN-M101MBB_S2U5J9ED113187, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hppp&ts=1426946981&from=air&uid=ST1000LM024XHN-M101MBB_S2U5J9ED113187),Ersetzt,[84f56cd79cee8caaff15963f0104956b]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-2506720359-812389270-3054720277-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=dspp&ts=1426946981&from=air&uid=ST1000LM024XHN-M101MBB_S2U5J9ED113187&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=dspp&ts=1426946981&from=air&uid=ST1000LM024XHN-M101MBB_S2U5J9ED113187&q={searchTerms}),Ersetzt,[a0d94af994f6b97da96b7a5b3fc6bd43]
Ordner: 1
PUP.Optional.GetTheDiscount.A, C:\ProgramData\GetTheDiscount, In Quarantäne, [1366d370bdcd1c1ab601038e768d946c],
Dateien: 2
PUP.Optional.IStartSurf.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j1knn7av.default\searchplugins\istartsurf.xml, In Quarantäne, [5a1f0043c6c4231347357059bf4433cd],
PUP.Optional.IStartSurf.A, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j1knn7av.default\search.json, Gut: (), Schlecht: (istartsurf), Ersetzt,[d2a785be5d2d53e32966829933d32ad6]
Physische Sektoren: 0
(Keine schädliche Elemente gefunden)
(end) AdwCleaner: Code:
# AdwCleaner v4.201 - Bericht erstellt 24/04/2015 um 13:30:10
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-08.1 [Lokal]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : User - IDEA-PC
# Gestarted von : C:\Users\User\Desktop\AdwCleaner_4.201.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\55fbb5b400002c73
Ordner Gelöscht : C:\Program Files (x86)\Amazon\ABB
Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j1knn7av.default\user.js
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\43da808d-41a5-d31f-676a-5320d4ebe282
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D978AEF6-52EE-49B1-AF1E-A738659047A0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{532970A2-464B-73CB-BBC4-F209EAD3EEBE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\WebBar
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v37.0.2 (x86 de)
[j1knn7av.default\prefs.js] - Zeile Gelöscht : user_pref("avira.safe_search.installed", "[\"safesearchplus\"]");
[j1knn7av.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultenginename", "Avira SafeSearch");
[j1knn7av.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.alias", "istartsurf");
[j1knn7av.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://www.istartsurf.com/web/favicon.ico");
[j1knn7av.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.name", "istartsurf");
[j1knn7av.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://www.istartsurf.com/web/?type=dspp&ts=1426946981&from=air&uid=ST1000LM024XHN-M101MBB_S2U5J9ED113187&q={searchTerms}");
[j1knn7av.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "istartsurf");
[j1knn7av.default\prefs.js] - Zeile Gelöscht : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
[j1knn7av.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"14cd6558b8a1e2-0d6f3506a8cf438-44564336-0-14cd6558b8b3ce\"");
[j1knn7av.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.SAUTH_expires_at", "1430129874");
[j1knn7av.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.SAUTH_rndsnr", "\"ca323a0251a9b791b1f3df6ac77491bdcf1e0fe8\"");
[j1knn7av.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.SAUTH_userid", "6059093606");
[j1knn7av.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.SAUTH_utoken", "\"6362a9223535a7fdc9ecd0196873877439755e52\"");
[j1knn7av.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.install", "1429525072783");
[j1knn7av.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.xpiState", "{\"app-profile\":{\"abs@avira.com\":{\"d\":\"C:\\\\Users\\\\User\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\j1knn7av.default\\\\extensions\\\\abs@avir[...]
*************************
AdwCleaner[R0].txt - [5013 Bytes] - [24/04/2015 13:29:27]
AdwCleaner[S0].txt - [4354 Bytes] - [24/04/2015 13:30:10]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4413 Bytes] ########## JTR: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.2 (04.24.2015:1)
OS: Windows 8.1 x64
Ran by User on 24.04.2015 at 13:40:46,05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2506720359-812389270-3054720277-1002
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders FRST:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2015 01
Ran by User (administrator) on IDEA-PC on 24-04-2015 13:45:13
Running from C:\Users\User\Desktop\Trojanerboardtools
Loaded Profiles: User (Available profiles: UpdatusUser & User)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13260944 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6334096 2012-10-17] (Realtek semiconductor)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-27] (Synaptics)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-09-29] ()
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-02-06] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-02-06] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-27] (Synaptics Incorporated)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-13] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2506720359-812389270-3054720277-1002\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-04-03] (Spotify Ltd)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2506720359-812389270-3054720277-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2506720359-812389270-3054720277-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j1knn7av.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-11-18] (Nitro PDF)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j1knn7av.default\searchplugins\google-images.xml [2015-03-22]
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j1knn7av.default\searchplugins\google-maps.xml [2015-03-22]
FF Extension: Avira Browser Safety - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j1knn7av.default\Extensions\abs@avira.com [2015-04-13]
FF Extension: Avira SafeSearch Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j1knn7av.default\Extensions\safesearchplus@avira.com [2015-04-20]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\j1knn7av.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-21]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-13] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-13] (Avira Operations GmbH & Co. KG)
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [220288 2012-09-29] (Qualcomm Atheros Commnucations) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-11-18] (Nitro PDF Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-04-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-04-07] (Microsoft Corporation)
S2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-29] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-17] (Avira Operations GmbH & Co. KG)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8230160 2012-10-17] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-27] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-04-07] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 ysusb64; C:\Windows\system32\drivers\ysusb64.sys [132672 2014-12-16] (Yamaha Corporation)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-24 13:43 - 2015-04-24 13:43 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2506720359-812389270-3054720277-1002
2015-04-24 13:42 - 2015-04-24 13:42 - 00001558 _____ () C:\Users\User\Desktop\JRT.txt
2015-04-24 13:40 - 2015-04-24 13:40 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-IDEA-PC-Windows-8.1-(64-bit).dat
2015-04-24 13:40 - 2015-04-24 13:40 - 00000000 ____D () C:\RegBackup
2015-04-24 13:39 - 2015-04-24 13:39 - 00004501 _____ () C:\Users\User\Desktop\AdwCleaner[S0].txt
2015-04-24 13:37 - 2015-04-24 13:37 - 00722120 _____ () C:\WINDOWS\Minidump\042415-25203-01.dmp
2015-04-24 13:29 - 2015-04-24 13:30 - 00000000 ____D () C:\AdwCleaner
2015-04-24 13:28 - 2015-04-24 13:28 - 00006273 _____ () C:\Users\User\Desktop\MBAM.txt
2015-04-24 13:13 - 2015-04-24 13:13 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-24 13:13 - 2015-04-24 13:13 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-24 13:13 - 2015-04-24 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-24 13:13 - 2015-04-24 13:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-24 13:13 - 2015-04-24 13:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-24 13:13 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-04-24 13:13 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-24 13:13 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-24 13:06 - 2015-04-24 13:06 - 00001291 _____ () C:\Users\User\Desktop\Revo Uninstaller.lnk
2015-04-24 13:06 - 2015-04-24 13:06 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-24 13:02 - 2015-04-24 13:02 - 00022016 ___SH () C:\Users\User\Desktop\Thumbs.db
2015-04-24 12:58 - 2015-04-24 12:58 - 02685461 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2015-04-24 12:57 - 2015-04-24 12:57 - 02217984 _____ () C:\Users\User\Desktop\AdwCleaner_4.201.exe
2015-04-24 12:56 - 2015-04-24 12:56 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2.1.6.1022.exe
2015-04-24 12:55 - 2015-04-24 12:55 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\User\Desktop\revosetup95.exe
2015-04-24 10:24 - 2015-04-24 10:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-23 10:56 - 2015-04-24 13:37 - 00000000 ____D () C:\WINDOWS\Minidump
2015-04-23 10:56 - 2015-04-24 13:36 - 634003944 _____ () C:\WINDOWS\MEMORY.DMP
2015-04-23 10:56 - 2015-04-23 10:56 - 00357240 _____ () C:\WINDOWS\Minidump\042315-28687-01.dmp
2015-04-23 10:13 - 2015-04-24 13:45 - 00000000 ____D () C:\FRST
2015-04-23 10:11 - 2015-04-23 10:11 - 00000000 _____ () C:\Users\User\defogger_reenable
2015-04-23 10:10 - 2015-04-24 13:45 - 00000000 ____D () C:\Users\User\Desktop\Trojanerboardtools
2015-04-23 10:09 - 2015-04-23 10:09 - 00380416 _____ () C:\Users\User\Desktop\Gmer-19357.exe
2015-04-15 20:34 - 2015-03-23 00:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-15 20:34 - 2015-03-23 00:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-15 20:34 - 2015-03-23 00:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-15 20:34 - 2015-03-23 00:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-15 20:34 - 2015-03-23 00:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-15 20:34 - 2015-03-23 00:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-15 20:34 - 2015-03-23 00:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-15 19:23 - 2015-03-23 23:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-15 19:23 - 2015-03-23 23:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-15 19:23 - 2015-03-23 23:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-15 19:23 - 2015-03-23 23:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-15 19:23 - 2015-03-23 23:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-15 19:23 - 2015-03-20 06:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-15 19:23 - 2015-03-20 06:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-15 19:23 - 2015-03-20 06:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-15 19:23 - 2015-03-20 05:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-15 19:23 - 2015-03-20 04:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-15 19:23 - 2015-03-20 04:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-15 19:23 - 2015-03-20 04:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-15 19:23 - 2015-02-21 01:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-15 19:22 - 2015-03-14 10:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-15 19:22 - 2015-03-14 03:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-15 19:22 - 2015-03-14 03:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-15 19:22 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-15 19:22 - 2015-03-14 03:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-15 19:22 - 2015-03-14 03:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-15 19:22 - 2015-03-14 02:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-15 19:22 - 2015-03-14 02:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-15 19:22 - 2015-03-14 02:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-15 19:22 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-15 19:22 - 2015-03-14 02:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-15 19:22 - 2015-03-14 02:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-15 19:22 - 2015-03-14 02:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-15 19:22 - 2015-03-14 02:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-15 19:22 - 2015-03-14 02:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-15 19:22 - 2015-03-14 02:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-15 19:22 - 2015-03-14 01:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-15 19:22 - 2015-03-14 01:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-15 19:22 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-15 19:22 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-15 19:22 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-15 19:22 - 2015-03-13 05:53 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-15 19:22 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-15 19:22 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-15 19:22 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-15 19:22 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-15 19:22 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-15 19:22 - 2015-03-13 05:17 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-15 19:22 - 2015-03-13 05:16 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-15 19:22 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-15 19:22 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-15 19:22 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-15 19:22 - 2015-03-13 04:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-15 19:22 - 2015-03-13 04:50 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-15 19:22 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-15 19:22 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-15 19:22 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-15 19:22 - 2015-03-13 04:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-15 19:22 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-15 19:22 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-15 19:22 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-04-15 19:22 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-15 19:22 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-15 19:22 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-04-15 19:22 - 2015-03-04 12:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 19:22 - 2015-03-04 05:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 19:22 - 2015-03-04 04:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 19:22 - 2015-02-24 10:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-15 19:22 - 2014-10-18 08:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-04-13 18:44 - 2015-04-13 18:44 - 00000000 ____D () C:\Users\User\AppData\Local\Macromedia
2015-04-13 18:09 - 2015-04-24 11:46 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-13 18:09 - 2015-04-14 18:46 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-04-13 18:08 - 2015-04-13 18:09 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2015-04-13 15:53 - 2015-04-13 15:53 - 00000000 ____D () C:\Users\User\AppData\Local\Downloaded Installations
2015-04-13 15:53 - 2015-04-13 15:53 - 00000000 ____D () C:\Program Files (x86)\Yamaha
2015-04-13 15:49 - 2015-04-13 15:50 - 00000000 ____D () C:\Users\User\Documents\Cubase LE AI Elements Projects
2015-04-13 15:49 - 2015-04-13 15:49 - 00000000 ____D () C:\Users\User\Documents\VST3 Presets
2015-04-13 15:49 - 2015-04-13 15:49 - 00000000 ____D () C:\Users\User\Documents\Steinberg
2015-04-13 12:38 - 2015-04-13 12:40 - 00000000 ____D () C:\Users\User\AppData\Roaming\Avira
2015-04-13 12:35 - 2015-03-17 13:01 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-04-13 12:35 - 2015-03-17 13:01 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-04-13 12:35 - 2015-03-17 13:01 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-04-13 12:35 - 2015-03-17 13:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-04-13 12:34 - 2015-04-13 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-13 12:34 - 2015-04-13 12:40 - 00000000 ____D () C:\ProgramData\Avira
2015-04-13 12:34 - 2015-04-13 12:35 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-13 12:34 - 2015-04-13 12:34 - 00001234 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-04-13 12:33 - 2015-04-13 12:33 - 04625104 _____ (Avira Operations GmbH & Co. KG) C:\Users\User\Downloads\avira_de_av_552b9d4d5a7b9__ws.exe
2015-04-13 12:33 - 2015-04-13 12:33 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-12 11:28 - 2015-04-12 11:28 - 01203488 _____ () C:\Users\User\Downloads\HijackThis - CHIP-Installer.exe
2015-04-12 10:56 - 2015-04-24 13:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-12 10:56 - 2015-04-12 10:56 - 00243656 _____ () C:\Users\User\Downloads\Firefox Setup Stub 37.0.1.exe
2015-04-12 10:56 - 2015-04-12 10:56 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-12 10:56 - 2015-04-12 10:56 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-12 10:56 - 2015-04-12 10:56 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2015-04-12 10:56 - 2015-04-12 10:56 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2015-04-12 10:56 - 2015-04-12 10:56 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieBrowserModeList
2015-04-12 10:55 - 2015-04-24 10:04 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8650B893-F1D3-4DE7-B380-9253316F1061}
2015-04-11 15:28 - 2015-04-11 15:28 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-04-10 19:18 - 2015-04-10 19:18 - 00000000 ____D () C:\ProgramData\10344920038994454941
2015-04-10 09:19 - 2015-04-13 12:49 - 00000000 ____D () C:\Program Files (x86)\SystemMuscle
2015-04-09 13:47 - 2015-01-19 20:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-04-09 13:47 - 2014-12-03 01:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-04-09 11:52 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-04-09 11:52 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-04-09 11:52 - 2014-04-30 08:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2015-04-09 11:52 - 2014-04-30 08:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2015-04-09 11:51 - 2014-11-10 01:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-04-09 11:51 - 2014-11-10 01:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-04-09 11:50 - 2014-07-24 05:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2015-04-09 11:50 - 2014-07-24 05:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-04-07 21:17 - 2015-04-09 13:44 - 00000000 ___DC () C:\WINDOWS\Panther
2015-04-07 21:17 - 2015-04-07 21:17 - 00000000 __SHD () C:\Recovery
2015-04-07 21:16 - 2015-04-07 21:16 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-04-07 21:16 - 2015-04-07 21:16 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-04-07 21:16 - 2015-04-07 21:16 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-04-07 21:16 - 2015-04-07 21:16 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-04-07 21:16 - 2015-04-07 21:16 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-04-07 21:16 - 2015-04-07 21:16 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-04-07 21:16 - 2015-04-07 21:16 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-04-07 21:16 - 2015-04-07 21:16 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-04-07 21:16 - 2015-04-07 21:16 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-04-07 21:14 - 2015-04-07 21:14 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-04-07 21:14 - 2015-04-07 21:14 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2015-04-07 21:14 - 2015-04-07 21:14 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-04-07 21:14 - 2015-04-07 21:14 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-04-07 21:14 - 2015-04-07 21:14 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-04-07 21:14 - 2015-04-07 21:14 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-04-07 21:14 - 2015-04-07 21:14 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-04-07 21:14 - 2015-04-07 21:14 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-04-07 21:14 - 2015-04-07 21:14 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-04-07 21:14 - 2015-04-07 21:14 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-04-07 21:14 - 2015-04-07 21:14 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-04-07 21:14 - 2015-04-07 21:14 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2015-04-07 21:14 - 2015-04-07 21:14 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-04-07 21:14 - 2015-04-07 21:14 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-04-07 21:14 - 2015-04-07 21:14 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-04-07 21:14 - 2015-04-07 21:14 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2015-04-07 21:14 - 2015-04-07 21:14 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-04-07 21:14 - 2015-04-07 21:14 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-04-07 21:06 - 2015-04-08 20:14 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-07 21:06 - 2015-04-07 21:06 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-04-07 21:06 - 2015-04-07 21:06 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-04-07 21:06 - 2015-04-07 21:06 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-04-07 21:06 - 2015-04-07 21:06 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-04-07 21:06 - 2015-04-07 21:06 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-04-07 21:06 - 2015-04-07 21:06 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-04-07 21:06 - 2015-04-07 21:06 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-04-07 21:06 - 2015-04-07 21:06 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-04-07 21:06 - 2015-04-07 21:06 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-04-07 21:06 - 2015-04-07 21:06 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-04-07 21:06 - 2015-04-07 21:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-04-07 21:06 - 2015-04-07 21:06 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-04-07 21:06 - 2015-04-07 21:06 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-04-07 21:06 - 2015-04-07 21:06 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-04-07 21:06 - 2015-04-07 21:06 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-04-07 21:06 - 2015-04-07 21:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-04-07 21:06 - 2015-04-07 21:06 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-04-07 21:06 - 2015-04-07 21:06 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-04-07 21:06 - 2015-04-07 21:06 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-04-07 21:06 - 2015-04-07 21:06 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-04-07 21:06 - 2015-04-07 21:06 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-04-07 21:06 - 2015-04-07 21:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-04-07 21:06 - 2015-04-07 21:06 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-07 21:05 - 2015-04-07 21:05 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-04-07 21:05 - 2015-04-07 21:05 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-04-07 21:05 - 2015-04-07 21:05 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-04-07 21:05 - 2015-04-07 21:05 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-04-07 21:05 - 2015-04-07 21:05 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-04-07 21:05 - 2015-04-07 21:05 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-04-07 21:05 - 2015-04-07 21:05 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-04-07 21:05 - 2015-04-07 21:05 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-04-07 21:05 - 2015-04-07 21:05 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-07 21:05 - 2015-04-07 21:05 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-04-07 21:05 - 2015-04-07 21:05 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-04-07 21:05 - 2015-04-07 21:05 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-07 21:05 - 2015-04-07 21:05 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-04-07 21:05 - 2015-04-07 21:05 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-04-07 21:05 - 2015-04-07 21:05 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-04-07 21:05 - 2015-04-07 21:05 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-04-07 21:05 - 2015-04-07 21:05 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-04-07 21:05 - 2015-04-07 21:05 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-04-07 21:05 - 2015-04-07 21:05 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-04-07 21:05 - 2015-04-07 21:05 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-04-07 21:05 - 2015-04-07 21:05 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-04-07 21:05 - 2015-04-07 21:05 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-04-07 21:05 - 2015-04-07 21:05 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-04-07 21:05 - 2015-04-07 21:05 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-04-07 21:05 - 2015-04-07 21:05 - 00167424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2015-04-07 21:05 - 2015-04-07 21:05 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-04-07 21:05 - 2015-04-07 21:05 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-04-07 21:05 - 2015-04-07 21:05 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-04-07 21:05 - 2015-04-07 21:05 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-04-07 21:05 - 2015-04-07 21:05 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-04-07 21:05 - 2015-04-07 21:05 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-04-07 21:05 - 2015-04-07 21:05 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-04-07 21:05 - 2015-04-07 21:05 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2015-04-07 21:05 - 2015-04-07 21:05 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2015-04-07 21:04 - 2015-04-07 21:04 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-04-07 21:04 - 2015-04-07 21:04 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-04-07 21:04 - 2015-04-07 21:04 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-04-07 21:04 - 2015-04-07 21:04 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-04-07 21:04 - 2015-04-07 21:04 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-04-07 21:04 - 2015-04-07 21:04 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-04-07 21:04 - 2015-04-07 21:04 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-04-07 21:04 - 2015-04-07 21:04 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-04-07 21:04 - 2015-04-07 21:04 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-04-07 21:04 - 2015-04-07 21:04 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-04-07 21:04 - 2015-04-07 21:04 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-04-07 21:04 - 2015-04-07 21:04 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-04-07 21:04 - 2015-04-07 21:04 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-04-07 21:04 - 2015-04-07 21:04 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-04-07 21:04 - 2015-04-07 21:04 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-04-07 21:04 - 2015-04-07 21:04 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-04-07 21:04 - 2015-04-07 21:04 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-04-07 21:04 - 2015-04-07 21:04 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-04-07 21:04 - 2015-04-07 21:04 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-04-07 21:04 - 2015-04-07 21:04 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-04-07 21:03 - 2015-04-07 21:03 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-04-07 21:03 - 2015-04-07 21:03 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-04-07 21:03 - 2015-04-07 21:03 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-04-07 21:03 - 2015-04-07 21:03 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-04-07 21:03 - 2015-04-07 21:03 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-04-07 21:03 - 2015-04-07 21:03 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-04-07 21:03 - 2015-04-07 21:03 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-04-07 21:03 - 2015-04-07 21:03 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-04-07 21:03 - 2015-04-07 21:03 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-04-07 21:02 - 2015-04-24 13:44 - 00000000 ___RD () C:\Users\User\OneDrive
2015-04-07 21:02 - 2015-04-07 21:02 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-04-07 21:02 - 2015-04-07 21:02 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-04-07 21:02 - 2015-04-07 21:02 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2015-04-07 21:02 - 2015-04-07 21:02 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2015-04-07 21:02 - 2015-04-07 21:02 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-04-07 21:01 - 2015-04-07 21:01 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-04-07 21:01 - 2015-04-07 21:01 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-04-07 21:01 - 2015-04-07 21:01 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-04-07 21:01 - 2015-04-07 21:01 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-04-07 21:01 - 2015-04-07 21:01 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-04-07 21:01 - 2015-04-07 21:01 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-04-07 21:01 - 2015-04-07 21:01 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2015-04-07 21:01 - 2015-04-07 21:01 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-04-07 21:01 - 2015-04-07 21:01 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-04-07 21:01 - 2015-04-07 21:01 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-04-07 21:01 - 2015-04-07 21:01 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-04-07 21:01 - 2015-04-07 21:01 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-04-07 21:01 - 2015-04-07 21:01 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-04-07 20:58 - 2015-04-07 20:58 - 00000000 ____D () C:\WINDOWS\SysWOW64\XPSViewer
2015-04-07 20:58 - 2015-04-07 20:58 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-04-07 20:58 - 2015-04-07 20:58 - 00000000 ____D () C:\Program Files\MSBuild
2015-04-07 20:58 - 2015-04-07 20:58 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-04-07 20:58 - 2015-04-07 20:58 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-04-07 20:57 - 2013-08-03 06:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-04-07 20:57 - 2013-08-03 06:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-04-07 20:57 - 2013-08-03 06:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-04-07 20:57 - 2013-08-03 06:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-04-07 20:48 - 2015-04-07 20:48 - 00000020 ___SH () C:\Users\User\ntuser.ini
2015-04-07 20:47 - 2015-04-07 20:47 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2015-04-07 20:47 - 2015-04-07 20:47 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-04-07 20:47 - 2015-04-07 20:47 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-04-07 20:47 - 2015-04-07 20:47 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2015-04-07 20:47 - 2015-04-07 20:47 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2015-04-07 20:47 - 2015-04-07 20:47 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-04-07 20:47 - 2015-04-07 20:47 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-04-07 20:47 - 2015-04-07 20:47 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-04-07 20:47 - 2015-04-07 20:47 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-07 20:47 - 2015-04-07 20:47 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-04-07 20:47 - 2015-04-07 20:47 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2015-04-07 20:47 - 2015-04-07 20:47 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2015-04-07 20:47 - 2015-04-07 20:47 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-04-07 20:47 - 2015-04-07 20:47 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-04-07 20:47 - 2015-04-07 20:47 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-07 20:47 - 2015-04-07 20:47 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-04-07 20:47 - 2015-04-07 20:47 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-04-07 20:46 - 2015-04-07 20:46 - 00022960 _____ () C:\WINDOWS\system32\emptyregdb.dat
2015-04-07 20:44 - 2015-04-07 20:44 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2015-04-07 20:34 - 2015-04-07 20:34 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-04-07 20:34 - 2015-04-07 20:34 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-04-07 20:34 - 2015-04-07 20:34 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-04-07 20:31 - 2015-04-07 20:31 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate
2015-04-07 20:30 - 2015-04-07 20:46 - 00028578 _____ () C:\WINDOWS\diagwrn.xml
2015-04-07 20:30 - 2015-04-07 20:46 - 00028578 _____ () C:\WINDOWS\diagerr.xml
2015-04-07 20:30 - 2015-04-07 20:31 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-07 20:30 - 2015-04-07 20:31 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-07 20:30 - 2015-04-07 20:30 - 00000000 _SHDL () C:\Users\User\Vorlagen
2015-04-07 20:30 - 2015-04-07 20:30 - 00000000 _SHDL () C:\Users\User\Startmenü
2015-04-07 20:30 - 2015-04-07 20:30 - 00000000 _SHDL () C:\Users\User\Netzwerkumgebung
2015-04-07 20:30 - 2015-04-07 20:30 - 00000000 _SHDL () C:\Users\User\Lokale Einstellungen
2015-04-07 20:30 - 2015-04-07 20:30 - 00000000 _SHDL () C:\Users\User\Eigene Dateien
2015-04-07 20:30 - 2015-04-07 20:30 - 00000000 _SHDL () C:\Users\User\Druckumgebung
2015-04-07 20:30 - 2015-04-07 20:30 - 00000000 _SHDL () C:\Users\User\Documents\Eigene Musik
2015-04-07 20:30 - 2015-04-07 20:30 - 00000000 _SHDL () C:\Users\User\Documents\Eigene Bilder
2015-04-07 20:30 - 2015-04-07 20:30 - 00000000 _SHDL () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-07 20:30 - 2015-04-07 20:30 - 00000000 _SHDL () C:\Users\User\AppData\Local\Verlauf
2015-04-07 20:30 - 2015-04-07 20:30 - 00000000 _SHDL () C:\Users\User\AppData\Local\Anwendungsdaten
2015-04-07 20:30 - 2015-04-07 20:30 - 00000000 _SHDL () C:\Users\User\Anwendungsdaten
2015-04-07 20:30 - 2015-04-07 20:30 - 00000000 _SHDL () C:\Users\UpdatusUser\Vorlagen
2015-04-07 20:30 - 2015-04-07 20:30 - 00000000 _SHDL () C:\Users\UpdatusUser\Startmenü
2015-04-07 20:30 - 2015-04-07 20:30 - 00000000 _SHDL () C:\Users\UpdatusUser\Netzwerkumgebung
2015-04-07 20:30 - 2015-04-07 20:30 - 00000000 _SHDL () C:\Users\UpdatusUser\Lokale Einstellungen
2015-04-07 20:30 - 2015-04-07 20:30 - 00000000 _SHDL () C:\Users\UpdatusUser\Eigene Dateien
2015-04-07 20:30 - 2015-04-07 20:30 - 00000000 _SHDL () C:\Users\UpdatusUser\Druckumgebung
2015-04-07 20:30 - 2015-04-07 20:30 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Musik
2015-04-07 20:30 - 2015-04-07 20:30 - 00000000 _SHDL () C:\Users\UpdatusUser\Documents\Eigene Bilder
2015-04-07 20:30 - 2015-04-07 20:30 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-04-07 20:30 - 2015-04-07 20:30 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Verlauf
2015-04-07 20:30 - 2015-04-07 20:30 - 00000000 _SHDL () C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2015-04-07 20:30 - 2015-04-07 20:30 - 00000000 _SHDL () C:\Users\UpdatusUser\Anwendungsdaten
2015-04-07 20:30 - 2014-11-21 12:52 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-07 20:30 - 2014-11-21 12:52 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-07 20:30 - 2014-11-21 12:52 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-07 20:30 - 2014-11-21 12:52 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-07 20:30 - 2014-11-21 05:42 - 00000369 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-04-07 20:30 - 2014-11-21 05:42 - 00000369 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-04-07 20:30 - 2014-11-21 05:42 - 00000369 _____ () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-04-07 20:30 - 2014-11-21 05:42 - 00000369 _____ () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-04-07 20:30 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-07 20:30 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-07 20:22 - 2015-04-07 20:32 - 00000000 ____D () C:\Program Files\Intel
2015-04-07 20:22 - 2015-04-07 20:22 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
2015-04-07 20:22 - 2015-04-07 20:22 - 00000000 ____D () C:\Program Files\Realtek
2015-04-07 20:22 - 2013-08-23 06:07 - 00064000 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-04-07 20:22 - 2013-08-23 06:07 - 00060416 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-04-07 20:21 - 2015-04-24 13:04 - 01959961 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-07 20:21 - 2015-04-07 20:32 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-07 20:21 - 2015-04-07 20:32 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-07 20:21 - 2015-04-07 20:21 - 00000264 _____ () C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job
2015-04-07 20:21 - 2015-04-07 20:21 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2015-04-07 20:21 - 2015-04-07 20:21 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
2015-04-07 20:21 - 2015-04-07 20:21 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-04-07 20:21 - 2015-04-07 20:21 - 00000000 ____D () C:\Program Files\Synaptics
2015-04-06 18:52 - 2015-04-07 20:46 - 00008179 _____ () C:\WINDOWS\comsetup.log
2015-04-06 17:26 - 2015-04-06 17:26 - 00000000 ____D () C:\ProgramData\Steinberg
2015-04-06 17:26 - 2015-04-06 17:26 - 00000000 ____D () C:\Program Files\Common Files\Steinberg
2015-04-06 17:23 - 2015-04-06 17:23 - 00002284 _____ () C:\Users\User\Desktop\Cubase LE AI Elements 7 64bit.lnk
2015-04-06 17:23 - 2015-04-06 17:23 - 00000000 ____D () C:\Users\User\AppData\Local\eLicenser
2015-04-06 17:23 - 2015-04-06 17:23 - 00000000 ____D () C:\Program Files\Common Files\Propellerhead Software
2015-04-06 17:22 - 2015-04-13 15:49 - 00000000 ____D () C:\Users\User\AppData\Roaming\Steinberg
2015-04-06 17:22 - 2015-04-07 20:35 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase LE AI Elements 7 64bit
2015-04-06 17:22 - 2015-04-06 17:23 - 00000000 ____D () C:\Program Files\Steinberg
2015-04-06 17:22 - 2015-04-06 17:22 - 00002892 _____ () C:\WINDOWS\SysWOW64\audcon.sys
2015-04-06 17:22 - 2015-04-06 17:22 - 00000000 ____D () C:\ProgramData\Syncrosoft
2015-04-06 17:21 - 2015-04-07 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLicenser
2015-04-06 17:21 - 2015-04-06 17:23 - 00000000 ____D () C:\ProgramData\eLicenser
2015-04-06 17:21 - 2015-04-06 17:22 - 00000000 ____D () C:\Program Files (x86)\eLicenser
2015-04-06 17:21 - 2015-04-06 17:21 - 00000051 _____ () C:\WINDOWS\SysWOW64\SYNSOPOS.exe.cfg
2015-04-06 17:21 - 2015-04-06 17:21 - 00000000 ____D () C:\Program Files\eLicenser
2015-04-06 17:21 - 2015-04-06 17:21 - 00000000 ____D () C:\Program Files (x86)\Syncrosoft
2015-04-06 17:21 - 2012-12-07 16:48 - 01714176 _____ (Steinberg Media Technologies GmbH) C:\WINDOWS\system32\synsoacc.dll
2015-04-06 17:21 - 2012-12-07 16:48 - 01277952 _____ (Steinberg Media Technologies GmbH) C:\WINDOWS\SysWOW64\SYNSOACC.dll
2015-04-06 17:21 - 2011-12-14 20:21 - 00086016 _____ () C:\WINDOWS\SysWOW64\SYNSOPOS.exe
2015-04-06 17:16 - 2015-04-24 13:38 - 00000000 ____D () C:\Users\User\AppData\Roaming\Nitro PDF
2015-04-06 10:38 - 2015-04-06 10:51 - 43988422 _____ () C:\Users\User\Downloads\Telefonschleife 24 bit.wav
2015-04-04 12:59 - 2015-04-04 12:59 - 00001055 _____ () C:\Users\User\Downloads\Dokumente - Verknüpfung.lnk
2015-04-03 15:33 - 2015-04-04 15:28 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-04-01 22:38 - 2015-04-16 21:30 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-01 22:37 - 2015-04-10 09:16 - 00000000 ____D () C:\WINDOWS\system32\AutoUpdateLicense
2015-04-01 22:10 - 2015-04-16 20:24 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-01 22:10 - 2015-04-16 20:23 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-01 11:38 - 2015-03-04 09:26 - 00011105 ____N () C:\WINDOWS\system32\AutoconfigV2.cab
2015-03-31 17:17 - 2013-05-04 06:51 - 00014848 ____N (Microsoft) C:\WINDOWS\system32\rars.rs
2015-03-31 17:17 - 2013-05-04 06:10 - 00014848 ____N (Microsoft) C:\WINDOWS\SysWOW64\rars.rs
2015-03-31 17:02 - 2015-03-03 15:17 - 00295552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-24 13:37 - 2013-08-22 16:46 - 00334650 _____ () C:\WINDOWS\setupact.log
2015-04-24 13:37 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-24 13:36 - 2014-11-20 20:24 - 00435904 _____ () C:\WINDOWS\PFRO.log
2015-04-24 13:31 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-24 13:30 - 2013-02-06 03:27 - 00000000 ____D () C:\Program Files (x86)\Amazon
2015-04-24 13:02 - 2014-11-21 05:35 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-24 13:02 - 2014-11-21 04:45 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-04-24 13:02 - 2014-11-21 04:45 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-04-24 12:54 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-23 12:37 - 2015-03-22 18:28 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2015-04-23 12:05 - 2015-03-22 18:21 - 00000000 ____D () C:\Users\User\AppData\Local\Spotify
2015-04-23 12:05 - 2015-03-22 18:13 - 00000000 ____D () C:\Users\User\AppData\Roaming\Spotify
2015-04-23 09:27 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-04-19 14:41 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-17 18:12 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-16 21:30 - 2014-11-21 12:51 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-16 20:23 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-04-16 20:23 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-14 01:24 - 2014-11-21 13:01 - 00792056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-14 01:24 - 2014-11-21 13:01 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-13 15:54 - 2013-02-06 03:01 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-13 12:44 - 2013-02-06 03:28 - 00000000 ____D () C:\ProgramData\McAfee
2015-04-13 12:42 - 2012-07-26 10:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-04-13 12:40 - 2012-07-26 07:37 - 00000000 ____D () C:\Users\Default.migrated
2015-04-12 18:28 - 2015-03-13 10:38 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2015-04-11 14:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-04-09 12:39 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2015-04-09 12:39 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2015-04-09 12:33 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\restore
2015-04-07 21:16 - 2013-08-22 17:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2015-04-07 21:14 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-04-07 21:14 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-04-07 21:13 - 2014-11-21 05:13 - 00000000 ____D () C:\Program Files\Windows Journal
2015-04-07 21:13 - 2014-11-21 04:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\winrm
2015-04-07 21:13 - 2014-11-21 04:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\slmgr
2015-04-07 21:13 - 2014-11-21 04:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2015-04-07 21:13 - 2014-11-21 04:45 - 00000000 ____D () C:\WINDOWS\system32\winrm
2015-04-07 21:13 - 2014-11-21 04:45 - 00000000 ____D () C:\WINDOWS\system32\slmgr
2015-04-07 21:13 - 2014-11-21 04:45 - 00000000 ____D () C:\WINDOWS\system32\Printing_Admin_Scripts
2015-04-07 21:13 - 2013-08-22 17:36 - 00000000 ___SD () C:\WINDOWS\system32\dsc
2015-04-07 21:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform
2015-04-07 21:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2015-04-07 21:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-04-07 21:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-07 21:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-04-07 21:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-04-07 21:13 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\servicing
2015-04-07 21:06 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-07 21:06 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-07 21:04 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-07 21:03 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-04-07 21:01 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-04-07 20:52 - 2015-03-13 10:38 - 00000000 ____D () C:\Users\User\AppData\Local\Packages
2015-04-07 20:47 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Registration
2015-04-07 20:47 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows NT
2015-04-07 20:47 - 2013-08-22 15:36 - 00000000 __RHD () C:\Users\Default
2015-04-07 20:44 - 2013-08-22 17:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-04-07 20:44 - 2013-08-22 17:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-04-07 20:39 - 2013-02-06 02:59 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-04-07 20:39 - 2013-02-06 02:59 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-04-07 20:36 - 2013-08-22 16:44 - 00338016 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-07 20:35 - 2015-03-22 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-04-07 20:35 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-04-07 20:35 - 2013-02-06 03:31 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneKey Recovery
2015-04-07 20:35 - 2013-02-06 03:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel AppUp(SM) center
2015-04-07 20:35 - 2013-02-06 03:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intelligent Touchpad 2.0
2015-04-07 20:35 - 2013-02-06 03:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-04-07 20:35 - 2013-02-06 03:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Photos
2015-04-07 20:35 - 2013-02-06 03:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2015-04-07 20:35 - 2013-02-06 02:56 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-04-07 20:34 - 2014-11-21 04:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN
2015-04-07 20:34 - 2014-11-21 04:45 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep
2015-04-07 20:34 - 2014-11-21 04:45 - 00000000 ____D () C:\WINDOWS\system32\WCN
2015-04-07 20:34 - 2013-08-22 17:37 - 00005217 _____ () C:\WINDOWS\DtcInstall.log
2015-04-07 20:34 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI
2015-04-07 20:34 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2015-04-07 20:34 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME
2015-04-07 20:34 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2015-04-07 20:34 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\spool
2015-04-07 20:34 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\MUI
2015-04-07 20:34 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\IME
2015-04-07 20:34 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI
2015-04-07 20:34 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2015-04-07 20:34 - 2013-02-06 03:03 - 00000000 ____D () C:\WINDOWS\SysWOW64\sda
2015-04-07 20:33 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Help
2015-04-07 20:32 - 2013-08-22 17:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker
2015-04-07 20:32 - 2013-08-22 17:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar
2015-04-07 20:32 - 2013-08-22 17:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar
2015-04-07 20:32 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-04-07 20:32 - 2012-10-10 01:10 - 00000000 ____D () C:\ProgramData\PRICache
2015-04-07 20:31 - 2015-03-13 10:38 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-04-07 20:31 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2015-04-07 20:31 - 2013-02-06 03:26 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-04-07 20:22 - 2013-08-22 16:46 - 00000084 _____ () C:\WINDOWS\setuperr.log
2015-04-07 19:49 - 2013-02-06 03:34 - 01658185 _____ () C:\WINDOWS\WindowsUpdate (1).log
2015-04-07 19:49 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2015-04-06 17:22 - 2013-02-06 02:50 - 00021192 _____ () C:\WINDOWS\DPINST.LOG
2015-04-03 13:08 - 2015-03-22 18:20 - 00001773 _____ () C:\Users\User\Desktop\Spotify.lnk
2015-04-03 13:08 - 2015-03-22 18:20 - 00001759 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
==================== Files in the root of some directories =======
2015-03-13 11:55 - 2015-03-13 11:55 - 0000036 _____ () C:\Program Files\smaple.txt
2013-02-06 03:27 - 2013-02-06 03:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\mccspuninstall.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-23 11:35
==================== End Of Log ============================ --- --- ---
ADDITION: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2015 01
Ran by User at 2015-04-24 13:45:50
Running from C:\Users\User\Desktop\Trojanerboardtools
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
Benutzerhandbuch (x32 Version: 1.0.0.9 - Lenovo) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: - Steinberg Media Technologies GmbH)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3277 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intelligent Touchpad (HKLM-x32\...\{DD7D6D84-93AB-48CA-A759-94324E341CBA}) (Version: 2.00.0012.0723 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10192 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
Nitro Pro 8 (HKLM\...\{FEB91DE4-3B51-4CB2-9CC4-E14577A85976}) (Version: 8.0.7.3 - Nitro)
NVIDIA Grafiktreiber 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.0 - Lenovo)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.210 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6788 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39029 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spotify (HKU\S-1-5-21-2506720359-812389270-3054720277-1002\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
Steinberg Cubase LE AI Elements 7 64bit (HKLM\...\{67E7C608-D0EA-4273-B374-50ABE42FBE08}) (Version: 7.0.4 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 2.0.0.0 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Vintage Beatboxes (HKLM-x32\...\{DBF4BC99-53F1-4C97-84C3-7557D103E182}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE 64bit (HKLM\...\{B99C316B-C135-43B5-8E77-2BC5E241F964}) (Version: 1.6.3 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE Content for Cubase LE AI Elements (HKLM-x32\...\{CF45002F-2205-4116-BB51-2D015F436CAC}) (Version: 1.6.3 - Steinberg Media Technologies GmbH)
Steinberg Midi Loop Library (HKLM-x32\...\{89DE2651-6DD9-4C15-AC94-8348362D456C}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 2.0.1.000 - Steinberg Media Technologies GmbH)
Steinberg Upload Manager (HKLM-x32\...\{88BBBD8F-4C19-4809-B84B-7A8F8238B48D}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
Steinberg VST Amp Rack Content 01 (HKLM-x32\...\{8CBA7E47-48DA-47DC-8E98-6984BA830295}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.13 - Synaptics Incorporated)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Yamaha Steinberg USB Driver (HKLM-x32\...\InstallShield_{08D120AF-A2AF-4E3A-934C-7A48BA97DEEE}) (Version: 1.9.2 - Yamaha Corporation)
Yamaha Steinberg USB Driver (Version: 1.9.2 - Yamaha Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
17-04-2015 18:14:56 Geplanter Prüfpunkt
24-04-2015 13:08:06 Revo Uninstaller's restore point - GetTheDiscount
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2A2675DB-08DC-40D4-A845-4DB8C152761A} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {33BEAB3C-EDC8-4327-BEDF-BEC62620835F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-04-07] (Microsoft Corporation)
Task: {4A17F7E3-C72D-4753-8C2B-A6F7C8AD0125} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-04-07] (Microsoft Corporation)
Task: {518CF081-2C5F-446F-8D63-0D2C31D9E6CF} - System32\Tasks\{1FC522A3-064B-47DB-975D-23C09852F1A8} => pcalua.exe -a C:\Users\User\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=air
Task: {64F3E58B-96A4-4AD8-AF42-D73EB51DA272} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {850298AA-D193-44A2-9BF4-5A47DEF45130} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {8FD8C010-EEE2-45D2-A881-E716C89FCD71} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-16] (Microsoft Corporation)
Task: {BEC731E5-BBC0-4771-BA7E-6C854D305FA0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-04-07] (Microsoft Corporation)
Task: {DD12F5C7-1F26-4893-9A00-81068AFB22A2} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {E13D0165-CD4C-4CAF-806D-070C9A28675E} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-04-07] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (whitelisted) ==============
2013-12-26 19:42 - 2013-12-26 19:42 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\User\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2506720359-812389270-3054720277-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\meine eigene.jpg
DNS Servers: Media is not connected to internet.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "BtPreLoad"
HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "mcui_exe"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "YouCam Mirage"
==================== Accounts: =============================
Administrator (S-1-5-21-2506720359-812389270-3054720277-500 - Administrator - Disabled)
Gast (S-1-5-21-2506720359-812389270-3054720277-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2506720359-812389270-3054720277-1004 - Limited - Enabled)
UpdatusUser (S-1-5-21-2506720359-812389270-3054720277-1001 - Limited - Enabled) => C:\Users\UpdatusUser
User (S-1-5-21-2506720359-812389270-3054720277-1002 - Administrator - Enabled) => C:\Users\User
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/24/2015 01:01:47 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database
Error: (04/24/2015 10:54:06 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (04/21/2015 07:50:57 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (04/20/2015 00:24:59 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (04/18/2015 10:15:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: Bei der Aktivierung der App „Microsoft.SkypeApp_kzf8qxf38zg5c!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (04/18/2015 01:18:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.2.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: libqt4_plugin.dll, Version: 2.2.0.0, Zeitstempel: 0xa2d0a2c0
Ausnahmecode: 0x40000015
Fehleroffset: 0x00000000007627eb
ID des fehlerhaften Prozesses: 0x2ac0
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3
Vollständiger Name des fehlerhaften Pakets: vlc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: vlc.exe5
Error: (04/17/2015 00:29:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm avscan.exe, Version 15.0.9.504 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1440
Startzeit: 01d078e9501e58fc
Endzeit: 14021
Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
Berichts-ID: 8bb0c975-e4ec-11e4-be84-2016d83f4a79
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (04/17/2015 11:07:33 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (04/16/2015 11:47:33 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (04/15/2015 07:15:36 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
System errors:
=============
Error: (04/24/2015 01:41:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/24/2015 01:41:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/24/2015 01:41:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/24/2015 01:41:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Integrated Clock Controller Service - Intel(R) ICCS" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/24/2015 01:41:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/24/2015 01:41:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ZAtheros Bt and Wlan Coex Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/24/2015 01:41:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/24/2015 01:41:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/24/2015 01:41:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AtherosSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/24/2015 01:41:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (04/24/2015 01:01:47 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: -2147024883
Error: (04/24/2015 10:54:06 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (04/21/2015 07:50:57 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (04/20/2015 00:24:59 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (04/18/2015 10:15:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141
Error: (04/18/2015 01:18:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.2.0.000000000libqt4_plugin.dll2.2.0.0a2d0a2c04000001500000000007627eb2ac001d079c9624839cfC:\Program Files\VideoLAN\VLC\vlc.exeC:\Program Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dllaa928dab-e5bc-11e4-be84-2016d83f4a79
Error: (04/17/2015 00:29:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: avscan.exe15.0.9.504144001d078e9501e58fc14021C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe8bb0c975-e4ec-11e4-be84-2016d83f4a79
Error: (04/17/2015 11:07:33 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (04/16/2015 11:47:33 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
Error: (04/15/2015 07:15:36 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
CodeIntegrity Errors:
===================================
Date: 2015-04-06 18:27:54.604
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-03-13 10:56:08.469
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-03-13 10:54:10.527
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-03-13 10:53:36.826
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3632QM CPU @ 2.20GHz
Percentage of memory in use: 15%
Total physical RAM: 8047.52 MB
Available physical RAM: 6760.53 MB
Total Pagefile: 16239.52 MB
Available Pagefile: 14959.59 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:882.96 GB) (Free:742.52 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.88 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1F0AB941)
Partition: GPT Partition Type.
==================== End Of Log ============================ |