| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 7 fordert zum Neustart aufWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.11.2013, 20:59
| #1 |
| |  Windows 7 fordert zum Neustart auf Hallo Mein Windows 7 hat gestern von alleine einen Neustart ausgelöst, und zwar nach der Meldung "Windows encourred a fatal error and will restart in one minute". Heute habe ich mehrfach die Meldung bekommen, die mich auffordert einen Neustart durchzuführen, damit "diese Änderung" (?) wirksam wird. Das finde ich etwas komisch, Sophos und Malwarebytes Anti-Malware finden aber nichts. Könnte das trotzdem ein Virus oder so sein? Ich habe defogger, FRST und GMER laufen lassen. Ich hoffe, dass mein Posting regelkonform ist und bin für jeden dienlichen Hinweis dankbar!  Hier kommen die Log-Files: ----- Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:03 on 18/11/2013 (Felicitas-Admin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
Ran by Felicitas (ATTENTION: The logged in user is not administrator) on HP-PROFESSIONAL on 18-11-2013 20:08:37
Running from C:\Users\Felicitas\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(DigitalPersona, Inc.) c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Infineon Technologies AG) c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
(DigitalPersona, Inc.) c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-25] (Synaptics Incorporated)
HKLM\...\Run: [BLEServicesCtrl] - C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-19] (IDT, Inc.)
HKLM\...\Run: [MfeEpePcMonitor] - "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1436736 2011-06-15] (Microsoft Corporation)
HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2012-06-22] (Intel Corporation)
HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [334240 2012-08-29] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-08-31] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [184736 2012-08-22] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [File Sanitizer] - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe [12313720 2012-08-07] (Hewlett-Packard)
HKLM-x32\...\Run: [IFXSPMGT] - C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe [1128312 2012-04-23] (Infineon Technologies AG)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe [929272 2013-09-26] (Sophos Limited)
AppInit_DLLs: C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217672 2013-10-21] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL [275352 2013-10-21] (Sophos Limited)
Lsa: [Notification Packages] DPPassFilter scecli
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=CMNTDFJS
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=CMNTDFJS
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMNTDFJS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMNTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMNTDFJS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=CMNTDFJS
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [89592] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [132904] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Felicitas\AppData\Roaming\Mozilla\Firefox\Profiles\nz0m2tvf.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: firefox - C:\Users\Felicitas\AppData\Roaming\Mozilla\Firefox\Profiles\nz0m2tvf.default\Extensions\firefox@ghostery.com.xpi
FF Extension: noscript - C:\Users\Felicitas\AppData\Roaming\Mozilla\Firefox\Profiles\nz0m2tvf.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: leechblock - C:\Users\Felicitas\AppData\Roaming\Mozilla\Firefox\Profiles\nz0m2tvf.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi
FF Extension: Adblock Plus - C:\Users\Felicitas\AppData\Roaming\Mozilla\Firefox\Profiles\nz0m2tvf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
==================== Services (Whitelisted) =================
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [494456 2012-07-21] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477088 2012-09-04] (Hewlett-Packard Company)
R2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [523680 2012-08-29] (Hewlett-Packard Company)
R2 IFXSpMgtSrv; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1128312 2012-04-23] (Infineon Technologies AG)
R2 IFXTCS; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [984440 2012-04-23] (Infineon Technologies AG)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-19] (Intel Corporation)
R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [193536 2012-05-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2012-07-11] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-28] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-26] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-28] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134624 2012-07-17] (PDF Complete Inc)
R2 PersonalSecureDriveService; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [212344 2012-04-23] (Infineon Technologies AG)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [290296 2013-10-21] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [206328 2013-10-21] (Sophos Limited)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-09-26] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2013-09-26] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3109880 2013-10-21] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2012152 2013-10-21] (Sophos Limited)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-26] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64832 2012-09-04] (Hewlett-Packard Company)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-05-17] (Intel Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [90736 2012-07-12] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158832 2012-07-12] (McAfee, Inc.)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2010-01-26] (Infineon Technologies AG)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2013-09-26] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2013-09-26] (Sophos Limited)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\drivers\Smb_driver_Intel.sys [43832 2012-08-25] (Synaptics Incorporated)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2013-09-26] (Sophos Plc)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1063544 2012-08-28] (Sunplus)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-18 20:08 - 2013-11-18 20:08 - 00018819 _____ C:\Users\Felicitas\Downloads\FRST.txt
2013-11-18 20:08 - 2013-11-18 20:08 - 00000000 ____D C:\FRST
2013-11-18 20:07 - 2013-11-18 20:07 - 01957964 _____ (Farbar) C:\Users\Felicitas\Downloads\FRST64.exe
2013-11-18 20:04 - 2013-11-18 20:04 - 00050477 _____ C:\Users\Felicitas\Downloads\Defogger(1).exe
2013-11-18 20:03 - 2013-11-18 20:03 - 00050477 _____ C:\Users\Felicitas\Downloads\Defogger.exe
2013-11-18 20:03 - 2013-11-18 20:03 - 00000492 _____ C:\Users\Felicitas\Downloads\defogger_disable.log
2013-11-18 20:03 - 2013-11-18 20:03 - 00000000 _____ C:\windows\setuperr.log
2013-11-18 20:03 - 2013-11-18 20:03 - 00000000 _____ C:\windows\setupact.log
2013-11-18 20:03 - 2013-11-18 20:03 - 00000000 _____ C:\Users\Felicitas-Admin\defogger_reenable
2013-11-18 18:33 - 2013-11-18 18:33 - 04379048 _____ (Piriform Ltd) C:\Users\Felicitas\Downloads\ccsetup407.exe
2013-11-18 18:29 - 2013-11-18 18:29 - 00000000 ____D C:\Users\Felicitas\AppData\Roaming\Malwarebytes
2013-11-17 13:22 - 2013-11-17 13:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-16 22:15 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\windows\system32\IEUDINIT.EXE
2013-11-16 22:13 - 2013-11-16 22:13 - 23212032 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 17142784 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 12995584 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 11220992 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 05765120 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 04240384 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-11-16 22:13 - 2013-11-16 22:13 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-11-16 22:13 - 2013-11-16 22:13 - 02332160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 02166272 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 01993728 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-11-16 22:13 - 2013-11-16 22:13 - 01926656 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-11-16 22:13 - 2013-11-16 22:13 - 01818112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 01394176 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 01156608 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2013-11-16 22:13 - 2013-11-16 22:13 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2013-11-16 22:13 - 2013-11-16 22:13 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-11-16 22:13 - 2013-11-16 22:13 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-11-16 22:13 - 2013-11-16 22:13 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2013-11-16 22:13 - 2013-11-16 22:13 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00244736 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-16 22:13 - 2013-11-16 22:13 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-11-16 22:13 - 2013-11-16 22:13 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2013-11-16 22:13 - 2013-11-16 22:13 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-11-16 22:13 - 2013-11-16 22:13 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2013-11-16 22:13 - 2013-11-16 22:13 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-11-16 22:13 - 2013-11-16 22:13 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2013-11-16 22:13 - 2013-11-16 22:13 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-11-16 22:13 - 2013-11-16 22:13 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-11-16 22:13 - 2013-11-16 22:13 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-11-16 22:13 - 2013-11-16 22:13 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-11-16 22:13 - 2013-11-16 22:13 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2013-11-16 22:13 - 2013-11-16 22:13 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-16 22:13 - 2013-11-16 22:13 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2013-11-16 22:13 - 2013-11-16 22:13 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-11-16 22:13 - 2013-11-16 22:13 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2013-11-16 22:13 - 2013-11-16 22:13 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-11-16 22:13 - 2013-11-16 22:13 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2013-11-16 22:13 - 2013-11-16 22:13 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-11-16 22:10 - 2013-11-16 22:10 - 05549504 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-11-16 22:10 - 2013-11-16 22:10 - 03969472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-11-16 22:10 - 2013-11-16 22:10 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-11-16 22:10 - 2013-11-16 22:10 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-11-16 22:10 - 2013-11-16 22:10 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-11-16 22:10 - 2013-11-16 22:10 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2013-11-16 22:10 - 2013-11-16 22:10 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2013-11-16 22:10 - 2013-11-16 22:10 - 00640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2013-11-16 22:10 - 2013-11-16 22:10 - 00619520 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2013-11-16 22:10 - 2013-11-16 22:10 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2013-11-16 22:10 - 2013-11-16 22:10 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-11-16 22:10 - 2013-11-16 22:10 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-11-16 22:10 - 2013-11-16 22:10 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2013-11-16 22:10 - 2013-11-16 22:10 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-11-16 22:10 - 2013-11-16 22:10 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2013-11-16 22:10 - 2013-11-16 22:10 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-11-16 22:10 - 2013-11-16 22:10 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-11-16 22:10 - 2013-11-16 22:10 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-11-16 22:09 - 2013-11-16 22:09 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-11-16 22:09 - 2013-11-16 22:09 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2013-11-16 22:09 - 2013-11-16 22:09 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2013-11-16 21:51 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-11-16 21:51 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-11-16 21:51 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2013-11-16 21:51 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2013-11-16 21:51 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2013-11-16 21:51 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2013-11-16 21:51 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2013-11-16 21:51 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2013-11-16 21:51 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2013-11-16 21:51 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2013-11-16 21:51 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2013-11-16 21:51 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2013-11-16 21:51 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2013-11-16 21:51 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2013-11-16 21:51 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2013-11-16 21:51 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-11-16 21:51 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-11-16 21:51 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-11-16 21:51 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2013-11-16 21:51 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2013-11-16 21:51 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2013-11-16 21:50 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2013-11-16 21:50 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2013-11-16 21:50 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2013-11-16 21:50 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2013-11-16 21:50 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2013-11-16 21:50 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2013-11-16 21:50 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2013-11-16 21:50 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-11-16 21:50 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2013-11-16 21:50 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2013-11-16 21:50 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2013-11-16 21:50 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2013-11-16 21:50 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2013-11-16 21:50 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2013-11-16 21:50 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2013-11-16 21:50 - 2013-08-01 10:19 - 00984512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2013-11-16 21:50 - 2013-08-01 10:19 - 00265152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2013-11-16 21:50 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys
2013-11-16 21:50 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
2013-11-16 21:50 - 2013-07-03 05:40 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbscan.sys
2013-11-16 21:50 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2013-11-16 21:50 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2013-11-16 21:50 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2013-11-16 21:50 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2013-11-16 21:50 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2013-11-16 21:50 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2013-11-16 21:50 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2013-11-16 21:50 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2013-11-16 21:50 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2013-11-16 21:50 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2013-11-16 21:50 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2013-11-16 21:50 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2013-11-16 21:50 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2013-11-16 21:50 - 2012-11-28 23:56 - 00054376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdfLdr.sys
2013-11-16 21:50 - 2012-11-28 23:56 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\Wdfres.dll
2013-11-16 21:50 - 2012-11-28 23:56 - 00000003 _____ C:\windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-11-16 21:44 - 2013-11-16 21:44 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-11-16 21:44 - 2013-11-16 21:44 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-11-16 21:44 - 2013-11-16 21:44 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-11-16 21:44 - 2013-11-16 21:44 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-16 21:44 - 2013-11-16 21:44 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-16 20:54 - 2013-11-16 20:54 - 00000000 ____D C:\Users\Felicitas-Admin\AppData\Local\Sophos
2013-11-16 20:06 - 2013-11-16 20:06 - 00000000 ____D C:\Users\Felicitas\AppData\Local\Sophos
2013-11-15 08:16 - 2013-11-15 08:16 - 00000165 ____H C:\Users\Felicitas\Desktop\~$Bollen_Tagebuch.xlsx
2013-11-14 16:48 - 2013-11-14 16:48 - 00027370 _____ C:\Users\Felicitas\Downloads\2 - 4 - Background and Overview (16_38).srt
2013-11-11 18:52 - 2013-11-11 18:52 - 00000000 ____D C:\Users\Felicitas\Documents\07_IW
2013-11-07 14:31 - 2013-11-07 15:24 - 00000000 ____D C:\Users\Felicitas\Desktop\Buch
2013-10-31 10:56 - 2013-10-31 10:56 - 00000000 ____D C:\Users\Felicitas\AppData\Roaming\SumatraPDF
2013-10-24 13:19 - 2013-11-18 17:26 - 00027200 _____ C:\Users\Felicitas\Desktop\Bollen_Tagebuch.xlsx
2013-10-21 18:13 - 2013-10-21 18:12 - 00037880 _____ (Sophos Limited) C:\windows\system32\SophosBootTasks.exe
==================== One Month Modified Files and Folders =======
2013-11-18 20:08 - 2013-11-18 20:08 - 00018819 _____ C:\Users\Felicitas\Downloads\FRST.txt
2013-11-18 20:08 - 2013-11-18 20:08 - 00000000 ____D C:\FRST
2013-11-18 20:07 - 2013-11-18 20:07 - 01957964 _____ (Farbar) C:\Users\Felicitas\Downloads\FRST64.exe
2013-11-18 20:06 - 2009-07-14 06:13 - 00782638 _____ C:\windows\system32\PerfStringBackup.INI
2013-11-18 20:04 - 2013-11-18 20:04 - 00050477 _____ C:\Users\Felicitas\Downloads\Defogger(1).exe
2013-11-18 20:03 - 2013-11-18 20:03 - 00050477 _____ C:\Users\Felicitas\Downloads\Defogger.exe
2013-11-18 20:03 - 2013-11-18 20:03 - 00000492 _____ C:\Users\Felicitas\Downloads\defogger_disable.log
2013-11-18 20:03 - 2013-11-18 20:03 - 00000000 _____ C:\windows\setuperr.log
2013-11-18 20:03 - 2013-11-18 20:03 - 00000000 _____ C:\windows\setupact.log
2013-11-18 20:03 - 2013-11-18 20:03 - 00000000 _____ C:\Users\Felicitas-Admin\defogger_reenable
2013-11-18 20:03 - 2013-09-26 15:50 - 00000000 ____D C:\Users\Felicitas-Admin
2013-11-18 19:34 - 2013-03-27 10:35 - 01841011 _____ C:\windows\WindowsUpdate.log
2013-11-18 19:14 - 2013-10-05 08:29 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-11-18 18:34 - 2011-02-11 06:14 - 00000000 ____D C:\windows\Panther
2013-11-18 18:33 - 2013-11-18 18:33 - 04379048 _____ (Piriform Ltd) C:\Users\Felicitas\Downloads\ccsetup407.exe
2013-11-18 18:33 - 2013-09-26 17:14 - 00000000 ____D C:\Program Files\CCleaner
2013-11-18 18:29 - 2013-11-18 18:29 - 00000000 ____D C:\Users\Felicitas\AppData\Roaming\Malwarebytes
2013-11-18 17:26 - 2013-10-24 13:19 - 00027200 _____ C:\Users\Felicitas\Desktop\Bollen_Tagebuch.xlsx
2013-11-18 16:52 - 2013-09-26 19:35 - 00000000 ____D C:\Users\Felicitas\AppData\Local\PDFC
2013-11-18 16:32 - 2009-07-14 05:45 - 00031312 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-18 16:32 - 2009-07-14 05:45 - 00031312 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-18 12:22 - 2013-09-26 17:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-17 14:18 - 2009-07-14 04:20 - 00000000 ____D C:\windows\rescache
2013-11-17 13:22 - 2013-11-17 13:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-16 22:27 - 2013-09-26 19:34 - 00001413 _____ C:\Users\Felicitas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-16 22:27 - 2012-10-07 03:28 - 00000000 ____D C:\ProgramData\PDFC
2013-11-16 22:27 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-11-16 22:27 - 2009-07-14 05:45 - 00425000 _____ C:\windows\system32\FNTCACHE.DAT
2013-11-16 22:22 - 2009-07-14 04:20 - 00000000 ____D C:\windows\PolicyDefinitions
2013-11-16 22:18 - 2013-09-26 18:08 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-16 22:13 - 2013-11-16 22:13 - 23212032 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 17142784 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 12995584 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 11220992 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 05765120 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 04240384 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 02764288 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-11-16 22:13 - 2013-11-16 22:13 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-11-16 22:13 - 2013-11-16 22:13 - 02332160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 02166272 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 01993728 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2013-11-16 22:13 - 2013-11-16 22:13 - 01926656 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2013-11-16 22:13 - 2013-11-16 22:13 - 01818112 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 01394176 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 01228800 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 01156608 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2013-11-16 22:13 - 2013-11-16 22:13 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2013-11-16 22:13 - 2013-11-16 22:13 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2013-11-16 22:13 - 2013-11-16 22:13 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2013-11-16 22:13 - 2013-11-16 22:13 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2013-11-16 22:13 - 2013-11-16 22:13 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00263376 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00244736 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00238288 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-11-16 22:13 - 2013-11-16 22:13 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2013-11-16 22:13 - 2013-11-16 22:13 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2013-11-16 22:13 - 2013-11-16 22:13 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2013-11-16 22:13 - 2013-11-16 22:13 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2013-11-16 22:13 - 2013-11-16 22:13 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2013-11-16 22:13 - 2013-11-16 22:13 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2013-11-16 22:13 - 2013-11-16 22:13 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2013-11-16 22:13 - 2013-11-16 22:13 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2013-11-16 22:13 - 2013-11-16 22:13 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-11-16 22:13 - 2013-11-16 22:13 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2013-11-16 22:13 - 2013-11-16 22:13 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2013-11-16 22:13 - 2013-11-16 22:13 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-16 22:13 - 2013-11-16 22:13 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2013-11-16 22:13 - 2013-11-16 22:13 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2013-11-16 22:13 - 2013-11-16 22:13 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2013-11-16 22:13 - 2013-11-16 22:13 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2013-11-16 22:13 - 2013-11-16 22:13 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2013-11-16 22:13 - 2013-11-16 22:13 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2013-11-16 22:13 - 2013-11-16 22:13 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2013-11-16 22:10 - 2013-11-16 22:10 - 05549504 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-11-16 22:10 - 2013-11-16 22:10 - 03969472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2013-11-16 22:10 - 2013-11-16 22:10 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2013-11-16 22:10 - 2013-11-16 22:10 - 01732032 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-11-16 22:10 - 2013-11-16 22:10 - 01292192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-11-16 22:10 - 2013-11-16 22:10 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2013-11-16 22:10 - 2013-11-16 22:10 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2013-11-16 22:10 - 2013-11-16 22:10 - 00640512 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2013-11-16 22:10 - 2013-11-16 22:10 - 00619520 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2013-11-16 22:10 - 2013-11-16 22:10 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2013-11-16 22:10 - 2013-11-16 22:10 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2013-11-16 22:10 - 2013-11-16 22:10 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2013-11-16 22:10 - 2013-11-16 22:10 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2013-11-16 22:10 - 2013-11-16 22:10 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2013-11-16 22:10 - 2013-11-16 22:10 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2013-11-16 22:10 - 2013-11-16 22:10 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2013-11-16 22:10 - 2013-11-16 22:10 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2013-11-16 22:10 - 2013-11-16 22:10 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2013-11-16 22:09 - 2013-11-16 22:09 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-11-16 22:09 - 2013-11-16 22:09 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2013-11-16 22:09 - 2013-11-16 22:09 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2013-11-16 22:03 - 2012-10-07 03:15 - 00768550 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2013-11-16 21:57 - 2013-09-26 16:47 - 00000000 ____D C:\windows\system32\MRT
2013-11-16 21:44 - 2013-11-16 21:44 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-11-16 21:44 - 2013-11-16 21:44 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-11-16 21:44 - 2013-11-16 21:44 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-11-16 21:44 - 2013-11-16 21:44 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-16 21:44 - 2013-11-16 21:44 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-16 21:42 - 2012-10-07 03:42 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-11-16 21:42 - 2012-10-07 03:42 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-16 20:54 - 2013-11-16 20:54 - 00000000 ____D C:\Users\Felicitas-Admin\AppData\Local\Sophos
2013-11-16 20:06 - 2013-11-16 20:06 - 00000000 ____D C:\Users\Felicitas\AppData\Local\Sophos
2013-11-15 18:32 - 2013-09-27 10:17 - 00000000 ____D C:\Users\Felicitas\AppData\Roaming\vlc
2013-11-15 08:16 - 2013-11-15 08:16 - 00000165 ____H C:\Users\Felicitas\Desktop\~$Bollen_Tagebuch.xlsx
2013-11-15 07:45 - 2009-07-14 04:20 - 00000000 ____D C:\windows\system32\NDF
2013-11-14 18:46 - 2013-09-26 19:32 - 00000072 _____ C:\Users\Public\LMDebug.log
2013-11-14 17:59 - 2013-09-26 17:38 - 00000000 ____D C:\Users\Felicitas\Documents\00_Admin
2013-11-14 16:48 - 2013-11-14 16:48 - 00027370 _____ C:\Users\Felicitas\Downloads\2 - 4 - Background and Overview (16_38).srt
2013-11-14 16:43 - 2013-09-26 17:39 - 00000000 ____D C:\Users\Felicitas\Documents\03_Statistik
2013-11-11 18:52 - 2013-11-11 18:52 - 00000000 ____D C:\Users\Felicitas\Documents\07_IW
2013-11-09 13:40 - 2013-09-26 17:40 - 00000000 ____D C:\Users\Felicitas\Documents\Outlook-Dateien
2013-11-07 16:00 - 2013-09-26 16:47 - 82896128 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-11-07 15:24 - 2013-11-07 14:31 - 00000000 ____D C:\Users\Felicitas\Desktop\Buch
2013-10-31 10:56 - 2013-10-31 10:56 - 00000000 ____D C:\Users\Felicitas\AppData\Roaming\SumatraPDF
2013-10-29 12:49 - 2009-07-14 06:08 - 00009646 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-10-21 18:14 - 2013-09-26 17:27 - 00000000 ____D C:\ProgramData\Sophos
2013-10-21 18:12 - 2013-10-21 18:13 - 00037880 _____ (Sophos Limited) C:\windows\system32\SophosBootTasks.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-11-2013
Ran by Felicitas at 2013-11-18 20:09:13
Running from C:\Users\Felicitas\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Sophos Anti-Virus (Enabled - Up to date) {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
AV: Microsoft Security Essentials (Disabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Disabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Sophos Anti-Virus (Enabled - Up to date) {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
==================== Installed Programs ======================
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.152)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.152)
Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.31.0)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 4.07)
CDBurnerXP (x32 Version: 4.5.2.4291)
CyberLink Media Suite 10 (x32 Version: 10.0.1.2001)
CyberLink PhotoDirector (x32 Version: 2.0.1.3223)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.2006)
CyberLink PowerDVD (x32 Version: 10.0.6.4507)
CyberLink YouCam (x32 Version: 4.1.1.3231)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Defraggler (Version: 2.15)
Device Access Manager for HP ProtectTools (Version: 7.1.1.0)
Drive Encryption For HP ProtectTools (Version: 7.0.39.32378)
Embedded Security for HP ProtectTools (Version: 7.0.100.3001)
Energy Star Digital Logo (x32 Version: 1.0.1)
Face Recognition for HP ProtectTools (Version: 7.2.1.4548)
File Sanitizer For HP ProtectTools (x32 Version: 7.0.2.2)
FileHippo.com Update Checker (x32)
Hewlett-Packard ACLM.NET v1.2.1.0 (x32 Version: 1.00.0000)
HP 3D DriveGuard (Version: 5.1.7.1)
HP Auto (Version: 1.0.12935.3667)
HP Backlit Keyboard Controls (Version: 1.5.6.1)
HP Connection Manager (x32 Version: 4.4.9.1)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8)
HP Documentation (x32 Version: 1.1.0.0)
HP ESU for Microsoft Windows 7 (x32 Version: 2.0.7.1)
HP HD Webcam Driver (x32 Version: 3.4.8.14)
HP Hotkey Support (x32 Version: 4.6.10.1)
HP Postscript Converter (Version: 3.1.3591)
HP ProtectTools Security Manager (Version: 7.0.2.1213)
HP Setup (x32 Version: 9.1.15453.4066)
HP SoftPaq Download Manager (x32 Version: 3.4.6.0)
HP Software Framework (x32 Version: 4.6.10.1)
HP Software Setup (x32 Version: 8.5.4.1)
HP Support Assistant (x32 Version: 7.0.35.34)
HP System Default Settings (x32 Version: 2.4.2.1)
IDT Audio (x32 Version: 1.0.6425.0)
Intel PROSet Wireless
Intel(R) Management Engine Components (x32 Version: 8.1.0.1281)
Intel(R) Network Connections Drivers (Version: 17.2)
Intel(R) OpenCL CPU Runtime (x32)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2778)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.2.0.0284)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 2.1.1.0153)
Intel(R) Rapid Start Technology (x32 Version: 1.0.0.1031)
Intel(R) Rapid Storage Technology (x32 Version: 11.2.0.1006)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.5.235)
Intel® PROSet/Wireless WiFi Software (Version: 15.02.0000.1258)
Intel® Trusted Connect Service Client (Version: 1.24.738.1)
IrfanView (remove only) (x32 Version: 4.36)
JabRef 2.9.2 (x32 Version: 2.9.2)
Java 7 Update 45 (x32 Version: 7.0.450)
JMicron Flash Media Controller Driver (x32 Version: 1.0.72.4)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Antimalware Service Multi-Language Pack (Version: 3.0.8402.2)
Microsoft Office (x32 Version: 14.0.6120.5004)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Client MUI Language Pack (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
MiKTeX 2.9 (x32 Version: 2.9)
Mozilla Firefox 25.0.1 (x86 en-US) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
opensource (x32 Version: 1.0.14960.3876)
PDF Complete Corporate Edition (x32 Version: 4.1.8)
Privacy Manager for HP ProtectTools (Version: 7.0.1.892)
Python 3.3.2 (64-bit) (Version: 3.3.2150)
R for Windows 3.0.1 (Version: 3.0.1)
RStudio (x32 Version: 0.97.551)
Samsung Universal Print Driver 2 (x32 Version: 2.50.02.00)
Secunia PSI (3.0.0.7011) (x32 Version: 3.0.0.7011)
Skype™ 6.7 (x32 Version: 6.7.102)
Sophos Anti-Virus (x32 Version: 10.3.1)
Sophos AutoUpdate (x32 Version: 2.9.0.344)
SumatraPDF (x32 Version: 2.2.1)
Synaptics Pointing Device Driver (Version: 16.2.10.12)
Theft Recovery for HP ProtectTools (x32 Version: 7.0.0.10)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
Validity Fingerprint Sensor Driver (Version: 4.4.228.0)
VIP Access SDK (1.1.0.7) (x32 Version: 1.1.0.7)
VirtualCloneDrive (x32)
VLC media player 2.1.0 (x32 Version: 2.1.0)
WinEdt 8 (Version: 8.0)
==================== Restore Points =========================
Could not list Restore Points. Check WMI.
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => ?
==================== Loaded Modules (whitelisted) =============
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-09-02 18:10 - 2012-09-02 18:10 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
==================== Faulty Device Manager Devices =============
Name: Intel(R) Centrino(R) Wireless Bluetooth(R) 4.0 + High Speed Adapter
Description: Intel(R) Centrino(R) Wireless Bluetooth(R) 4.0 + High Speed Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/18/2013 07:23:21 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "x64" of attribute "processorArchitecture" in element "assemblyIdentity" is invalid.
Error: (11/18/2013 07:23:21 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.
The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.
Error: (11/18/2013 04:17:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3010897
Error: (11/18/2013 04:17:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3010897
Error: (11/18/2013 04:17:39 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/18/2013 04:17:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3007995
Error: (11/18/2013 04:17:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3007995
Error: (11/18/2013 04:17:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/18/2013 10:15:15 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 809880
Error: (11/18/2013 10:15:15 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 809880
System errors:
=============
Error: (11/18/2013 10:15:10 AM) (Source: DCOM) (User: )
Description: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}
Error: (11/17/2013 05:07:48 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
Error: (11/17/2013 05:07:48 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
Error: (11/17/2013 11:47:36 AM) (Source: Service Control Manager) (User: )
Description: The TPM Base Services service terminated unexpectedly. It has done this 1 time(s).
Error: (11/17/2013 11:47:36 AM) (Source: Service Control Manager) (User: )
Description: The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
Error: (11/17/2013 11:47:36 AM) (Source: Service Control Manager) (User: )
Description: The Smart Card service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (11/17/2013 11:47:36 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (11/16/2013 10:30:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 for x64-based Systems (KB2888505).
Error: (11/16/2013 07:41:40 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 19:39:55 on 16.11.2013 was unexpected.
Error: (11/15/2013 07:25:40 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 19:18:57 on 15.11.2013 was unexpected.
Microsoft Office Sessions:
=========================
Error: (11/18/2013 07:23:21 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityprocessorArchitecturex64c:\program files\R\r-3.0.1\Tcl\bin64\tk85.dllc:\program files\R\r-3.0.1\Tcl\bin64\tk85.dll9
Error: (11/18/2013 07:23:21 PM) (Source: SideBySide)(User: )
Description: imagingurn:schemas-microsoft-com:asm.v1^assemblyc:\program files\microsoft security client\MSESysprep.dllc:\program files\microsoft security client\MSESysprep.dll10
Error: (11/18/2013 04:17:39 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3010897
Error: (11/18/2013 04:17:39 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3010897
Error: (11/18/2013 04:17:39 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/18/2013 04:17:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3007995
Error: (11/18/2013 04:17:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3007995
Error: (11/18/2013 04:17:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/18/2013 10:15:15 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 809880
Error: (11/18/2013 10:15:15 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 809880
==================== Memory info ===========================
Percentage of memory in use: 38%
Total physical RAM: 8055.54 MB
Available physical RAM: 4935.91 MB
Total Pagefile: 16109.27 MB
Available Pagefile: 12446.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:214.45 GB) (Free:104.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.98 GB) FAT32
Drive f: (HP_RECOVERY) (Fixed) (Total:17.73 GB) (Free:2.69 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
==================== End Of Log ============================
GMER: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-11-18 20:36:39
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 MTFDDAK2 rev.04TH 238.47GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\FELICI~1\AppData\Local\Temp\kwnyafog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002df3000 45 bytes [01, 10, 10, 13, A0, F8, FF, ...]
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff80002df302f 16 bytes [00, 01, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe[8632] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077151465 2 bytes [15, 77]
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe[8632] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771514bb 2 bytes [15, 77]
.text ... * 2
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe[2016] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077151465 2 bytes [15, 77]
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe[2016] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771514bb 2 bytes [15, 77]
.text ... * 2
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe[9936] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077151465 2 bytes [15, 77]
.text C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe[9936] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771514bb 2 bytes [15, 77]
.text ... * 2
.text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[8256] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077151465 2 bytes [15, 77]
.text c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe[8256] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771514bb 2 bytes [15, 77]
.text ... * 2
.text C:\windows\Explorer.EXE[2520] C:\windows\system32\kernel32.dll!CopyFileExW 00000000778523d0 5 bytes JMP 000000016fff00d8
.text C:\windows\Explorer.EXE[2520] C:\windows\system32\kernel32.dll!MoveFileWithProgressW 00000000778cf6c0 8 bytes JMP 000000016fff0110
.text C:\windows\Explorer.EXE[2520] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefe437490 11 bytes JMP 000007fffe4000d8
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5328] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077151465 2 bytes [15, 77]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5328] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771514bb 2 bytes [15, 77]
.text ... * 2
.text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[6856] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077151465 2 bytes [15, 77]
.text C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe[6856] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771514bb 2 bytes [15, 77]
.text ... * 2
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[5476] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077151465 2 bytes [15, 77]
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[5476] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771514bb 2 bytes [15, 77]
.text ... * 2
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1176] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077151465 2 bytes [15, 77]
.text C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe[1176] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771514bb 2 bytes [15, 77]
.text ... * 2
.text C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe[5404] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077151465 2 bytes [15, 77]
.text C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe[5404] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771514bb 2 bytes [15, 77]
.text ... * 2
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[6328] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077151465 2 bytes [15, 77]
.text C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe[6328] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771514bb 2 bytes [15, 77]
.text ... * 2
.text c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe[8692] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077151465 2 bytes [15, 77]
.text c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe[8692] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771514bb 2 bytes [15, 77]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1668] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077151465 2 bytes [15, 77]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[1668] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771514bb 2 bytes [15, 77]
.text ... * 2
.text C:\Users\Felicitas\Downloads\gmer_2.1.19163.exe[7692] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077151465 2 bytes [15, 77]
.text C:\Users\Felicitas\Downloads\gmer_2.1.19163.exe[7692] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771514bb 2 bytes [15, 77]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread [756:844] 000000007797aef0
Thread [756:976] 000000007797fbf0
Thread [756:984] 000000007797fbf0
Thread [756:992] 000000007797fbf0
Thread [756:996] 000000007797fbf0
Thread [756:1000] 000000007797fbf0
Thread [756:648] 000000007797fbf0
Thread [756:616] 000000007797fbf0
Thread [756:6040] 000000007797fbf0
Thread C:\windows\system32\svchost.exe [856:9956] 000007fef8302154
Thread [1748:1768] 000007fefe76a808
Thread [1748:1792] 000007feffba6e60
Thread [1748:4156] 000000007797aef0
Thread [1748:2240] 000000007797fbf0
Thread C:\Windows\system32\WUDFHost.exe [1848:1928] 000007fef87f6998
Thread C:\windows\SysWOW64\ntdll.dll [2988:2992] 0000000000fbd7f1
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c8f733e92eb4
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c8f733e92eb4 (not active ControlSet)
---- EOF - GMER 2.1 ----
|
|
19.11.2013, 07:52
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7 fordert zum Neustart auf Kommt die Meldung immer noch, selbst nach Neustart? Logs sind unauffällig.
__________________
__________________ |
|
20.11.2013, 20:05
| #3 |
| | Windows 7 fordert zum Neustart auf Hallo Schrauber
__________________Danke fürs Drüberschauen!  Habe gestern Abend noch den Neustart durchgeführt und bis jetzt noch keine weitere Meldung bekommen. War vielleicht nur nur ein Windows-Problem (?). Jedenfalls scheint jetzt alles gut zu laufen. :-) |
|
21.11.2013, 12:41
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7 fordert zum Neustart auf Beobachte mal weiter
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.11.2013, 21:13
| #5 |
| | Windows 7 fordert zum Neustart auf mach ich  |
|
22.11.2013, 16:28
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7 fordert zum Neustart auf ok
__________________ --> Windows 7 fordert zum Neustart auf |
|
| Themen zu Windows 7 fordert zum Neustart auf |
| adblock, adobe, browser, ccsetup, computer, converter, defender, desktop, device driver, error, excel, failed, farbar recovery scan tool, fatal error, firefox, firefox 25.0.1, flash player, helper, installation, internet explorer 10, mozilla, plug-in, registry, rundll, secunia psi, security, services.exe, software, svchost.exe, system, temp, usb, virus, windows, windows e |
Linear-Darstellung
