| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Webseiten werden auf Werbung umgeleitetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
11.05.2014, 13:54
| #7 |
 |  Windows 7: Webseiten werden auf Werbung umgeleitet Hallo Matthias, sorry da war was schiefgelaufen. Ich habe die FRST und Addition neu erstellt. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2014 01
Ran by Admin-***** (administrator) on USER-PC on 11-05-2014 14:45:25
Running from C:\Users\Admin-*****\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
() C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Ericsson AB) C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPUsageTrack.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2919992 2011-01-27] (Hewlett-Packard Company)
HKLM\...\Run: [MfeEpePcMonitor] => C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2011-02-09] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [835072 2011-01-27] (IDT, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [140568 2007-12-03] (Acronis)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [299576 2011-01-29] (Hewlett-Packard Company)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-04] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-16] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12274688 2011-02-07] (Hewlett-Packard)
HKLM-x32\...\Run: [IFXSPMGT] => C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1125728 2011-01-20] (Infineon Technologies AG)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2622104 2007-12-03] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [911184 2007-12-03] (Acronis)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [182352 2014-04-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-22] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-1673328631-1222144369-1283111628-1006\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
Lsa: [Authentication Packages] msv1_0 relog_ap
Lsa: [Notification Packages] EpePcNp64 DPPassFilter scecli
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE5CDF5CA466BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_13_ch&cd=2XzuyEtN2Y1L1QzutB0CyEtCtAzztDyDyEtA0CyCzytCtDtCtN0D0Tzu0SzztCyBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyByDtB0DyCtAzytGzyzy0CyBtG0DtB0E0BtG0BzytDzztGyCtAyByEyE0F0EyByDtAyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCtD0DtB0BzztCtGyCzyzztCtG0Bzz0CyCtG0FyByByBtGyEtB0FtCtDyE0A0FyByDtA0F2Q&cr=1430135974&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_13_ch&cd=2XzuyEtN2Y1L1QzutB0CyEtCtAzztDyDyEtA0CyCzytCtDtCtN0D0Tzu0SzztCyBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAyByDtB0DyCtAzytGzyzy0CyBtG0DtB0E0BtG0BzytDzztGyCtAyByEyE0F0EyByDtAyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCtD0DtB0BzztCtGyCzyzztCtG0Bzz0CyCtG0FyByByBtGyEtB0FtCtDyE0A0FyByDtA0F2Q&cr=1430135974&ir=
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 80.69.100.206 80.69.100.182
FireFox:
========
FF ProfilePath: C:\Users\Admin-*****\AppData\Roaming\Mozilla\Firefox\Profiles\fc575g19.default
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ []
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [125008 2014-04-15] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [481104 2011-02-12] (DigitalPersona, Inc.)
S3 FLCDLOCK; C:\Windows\SysWOW64\flcdlock.exe [464480 2011-02-04] (Hewlett-Packard Company)
R3 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2011-01-12] (Hewlett-Packard Development Company, L.P)
R2 HPDayStarterService; C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [281656 2011-01-29] (Hewlett-Packard Company)
R2 IFXSpMgtSrv; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1125728 2011-01-20] (Infineon Technologies AG)
R2 IFXTCS; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [980320 2011-01-20] (Infineon Technologies AG)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1318912 2011-02-09] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4979992 2013-11-25] (INCA Internet Co., Ltd.)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 PersonalSecureDriveService; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [203104 2011-01-20] (Infineon Technologies AG)
R2 TryAndDecideService; C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [498792 2007-12-03] ()
R2 uArcCapture; C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
R2 WMCoreService; C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe [586280 2011-02-11] (Ericsson AB)
==================== Drivers (Whitelisted) ====================
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310984 2014-03-28] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-02-24] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-02-24] (Ericsson AB)
S3 h36wgps; C:\Windows\system32\drivers\h36wgps64.sys [101416 2010-12-02] (Ericsson AB)
R0 johci; C:\Windows\System32\drivers\johci.sys [26712 2011-01-18] (JMicron Technology Corp.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2014-03-28] ()
S3 Mbm3CBus; C:\Windows\system32\drivers\Mbm3CBus.sys [411208 2010-11-01] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\system32\drivers\Mbm3DevMt.sys [419912 2010-11-01] (MCCI Corporation)
S3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2010-11-01] (MCCI Corporation)
S3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [472648 2010-11-01] (MCCI Corporation)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [168008 2011-02-09] (McAfee, Inc.)
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2010-01-26] (Infineon Technologies AG)
S3 SL4Usb; C:\Windows\System32\Drivers\SL4Usb.sys [49144 2013-07-09] (Cristalink Ltd)
S3 SL4UsbNoSSL; C:\Windows\System32\Drivers\SL4UsbNoSSL.sys [49144 2013-07-09] (Cristalink Ltd)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()
S3 strmdrvk; C:\Windows\System32\Drivers\strmdrvk.sys [35912 2011-05-30] (Rane Corporation)
S3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [276520 2011-02-08] (Ericsson AB)
S3 SzCCID; system32\DRIVERS\SzCCID.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-11 14:45 - 2014-05-11 14:45 - 00019138 _____ () C:\Users\Admin-*****\Desktop\FRST.txt
2014-05-11 14:44 - 2014-05-09 17:26 - 02064384 _____ (Farbar) C:\Users\Admin-*****\Desktop\FRST64.exe
2014-05-11 13:14 - 2014-05-11 13:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-11 13:08 - 2014-05-11 13:08 - 53986158 _____ () C:\Windows\repository.backup
2014-05-11 13:08 - 2014-05-11 12:58 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-11 12:59 - 2014-05-11 13:09 - 00043212 _____ () C:\zoek-results.log
2014-05-11 12:58 - 2014-05-11 13:09 - 00000000 ____D () C:\zoek_backup
2014-05-11 12:27 - 2014-05-11 12:27 - 00000000 ____D () C:\Windows\ERUNT
2014-05-11 12:17 - 2014-05-11 12:19 - 00000000 ____D () C:\AdwCleaner
2014-05-09 18:03 - 2014-05-09 18:03 - 541496818 _____ () C:\Windows\MEMORY.DMP
2014-05-09 18:03 - 2014-05-09 18:03 - 00457144 _____ () C:\Windows\Minidump\050914-6614-01.dmp
2014-05-09 17:26 - 2014-05-11 14:45 - 00000000 ____D () C:\FRST
2014-05-09 17:23 - 2014-05-09 17:23 - 00000000 _____ () C:\Users\Admin-*****\defogger_reenable
2014-05-09 16:54 - 2014-05-09 16:54 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\Hewlett-Packard_Developme
2014-05-09 07:37 - 2014-04-29 18:00 - 23133184 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-09 07:37 - 2014-04-29 17:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-09 07:37 - 2014-04-29 16:47 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-09 07:37 - 2014-04-29 16:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-09 06:59 - 2014-05-09 06:59 - 00003144 _____ () C:\Windows\System32\Tasks\{4958827E-B60F-4C00-852B-75509BCB7158}
2014-05-09 06:59 - 2014-05-09 06:59 - 00003140 _____ () C:\Windows\System32\Tasks\{B497F898-4C90-4039-9B47-4CEB2970DBA9}
2014-05-09 06:58 - 2014-05-09 06:58 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Hewlett-Packard
2014-05-09 06:58 - 2014-05-09 06:58 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\Hewlett-Packard
2014-05-09 06:58 - 2014-05-09 06:58 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-05-09 06:57 - 2014-05-09 06:57 - 00003154 _____ () C:\Windows\System32\Tasks\{E34B49F4-1CA8-43F0-8875-63915DD163F4}
2014-05-09 06:52 - 2014-05-11 12:38 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-09 06:52 - 2014-05-09 06:52 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-09 06:52 - 2014-05-09 06:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-09 06:52 - 2014-05-09 06:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-09 06:52 - 2014-05-09 06:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-09 06:52 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-09 06:52 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-09 06:52 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 06:51 - 2014-05-09 06:51 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Admin-*****\Downloads\mbam-setup-2.0.1.1004(1).exe
2014-05-09 06:50 - 2014-05-09 06:50 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Admin-*****\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-01 11:49 - 2014-05-01 11:50 - 00000000 ____D () C:\Users\User\Desktop\Scratch Live 2.5.0
2014-04-26 17:30 - 2014-04-26 17:30 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-04-26 17:28 - 2014-04-26 17:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_strmdrvk_01007.Wdf
2014-04-26 17:27 - 2014-04-26 17:27 - 00000000 ____D () C:\Program Files\Rane
2014-04-26 17:27 - 2013-07-09 12:28 - 00049144 _____ (Cristalink Ltd) C:\Windows\system32\Drivers\SL4Usb.sys
2014-04-26 17:27 - 2011-05-30 11:13 - 00611400 _____ () C:\Windows\system32\RaneAsioSL4.dll
2014-04-26 17:27 - 2011-05-30 11:12 - 00035912 _____ (Rane Corporation) C:\Windows\system32\Drivers\strmdrvk.sys
2014-04-26 17:27 - 2011-05-30 11:09 - 00540672 _____ () C:\Windows\SysWOW64\RaneAsioSL4.dll
2014-04-26 17:26 - 2013-07-09 12:28 - 00049144 _____ (Cristalink Ltd) C:\Windows\system32\Drivers\SL4UsbNoSSL.sys
2014-04-25 07:34 - 2014-04-25 07:34 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2014-04-25 07:34 - 2014-04-25 07:34 - 00000000 ____D () C:\Users\User\AppData\Local\Mozilla
2014-04-25 07:29 - 2014-04-26 17:26 - 00002158 _____ () C:\Users\Admin-*****\Desktop\Scratch Live.lnk
2014-04-25 07:29 - 2014-04-25 07:29 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serato
2014-04-25 07:29 - 2014-04-25 07:29 - 00000000 ____D () C:\Program Files (x86)\Serato
2014-04-25 07:19 - 2014-04-25 07:19 - 00000000 ____D () C:\Users\User\AppData\Roaming\Avira
2014-04-25 04:33 - 2014-04-25 04:33 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-04-24 07:47 - 2014-04-24 07:47 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-04-24 07:29 - 2014-04-24 07:29 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Avira
2014-04-24 07:28 - 2014-05-11 13:08 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\CrashDumps
2014-04-24 07:20 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-04-24 07:20 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-04-24 07:20 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-04-24 07:19 - 2014-04-24 07:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-04-24 07:19 - 2014-04-24 07:20 - 00000000 ____D () C:\ProgramData\Avira
2014-04-24 07:19 - 2014-04-24 07:20 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-24 07:19 - 2014-04-24 07:19 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-24 07:16 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-24 07:16 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-24 07:11 - 2014-04-24 07:17 - 00004128 _____ () C:\Windows\IE11_main.log
2014-04-24 07:11 - 2014-04-24 07:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-24 07:11 - 2014-04-24 07:11 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2014-04-24 07:11 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-04-24 07:11 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-24 07:11 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-24 07:11 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-04-24 07:11 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-04-24 07:11 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-04-24 07:11 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-04-24 07:11 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-04-24 07:11 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-04-24 07:11 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-04-24 07:11 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-04-24 07:11 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-04-24 07:11 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-04-24 07:11 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-04-24 07:11 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-04-24 07:11 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-04-24 07:10 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-24 07:10 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-24 07:10 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-04-24 07:10 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-04-24 06:53 - 2014-05-11 13:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-24 06:53 - 2014-04-24 06:53 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-24 06:53 - 2014-04-24 06:53 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-24 06:53 - 2014-04-24 06:53 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Mozilla
2014-04-24 06:53 - 2014-04-24 06:53 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\Mozilla
2014-04-24 06:53 - 2014-04-24 06:53 - 00000000 ____D () C:\ProgramData\Mozilla
2014-04-24 06:50 - 2014-04-24 06:50 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Macromedia
2014-04-24 06:43 - 2014-04-24 06:43 - 00000677 _____ () C:\Users\Admin-*****\Desktop\000_INSTALL - Verknüpfung.lnk
2014-04-24 06:35 - 2014-05-09 17:23 - 00000000 ____D () C:\Users\Admin-*****
2014-04-24 06:35 - 2014-04-24 06:35 - 00058408 _____ () C:\Users\Admin-*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-24 06:35 - 2014-04-24 06:35 - 00001425 _____ () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-24 06:35 - 2014-04-24 06:35 - 00000020 ___SH () C:\Users\Admin-*****\ntuser.ini
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Vorlagen
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Startmenü
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Netzwerkumgebung
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Lokale Einstellungen
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Eigene Dateien
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Druckumgebung
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Documents\Eigene Musik
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Documents\Eigene Bilder
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\AppData\Local\Verlauf
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\AppData\Local\Anwendungsdaten
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Anwendungsdaten
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ___RD () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ___RD () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Synaptics
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Intel Corporation
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Infineon
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\hpqLog
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\DigitalPersona
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Adobe
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\VirtualStore
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\PDFC
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\DigitalPersona
2014-04-24 06:35 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-24 06:35 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-04-22 22:53 - 2014-04-22 22:53 - 00000000 ____D () C:\Users\User\AppData\Local\Hewlett-Packard_Developme
2014-04-22 22:08 - 2014-04-25 06:08 - 00000000 ____D () C:\ProgramData\Acronis
2014-04-22 22:08 - 2014-04-22 22:08 - 00711712 _____ (Acronis) C:\Windows\system32\Drivers\timntr.sys
2014-04-22 22:08 - 2014-04-22 22:08 - 00081952 _____ (Acronis) C:\Windows\system32\Drivers\tifsfilt.sys
2014-04-22 22:08 - 2007-02-16 16:40 - 00011264 _____ (Acronis) C:\Windows\system32\relog_ap.dll
2014-04-22 22:07 - 2014-04-22 22:07 - 00593952 _____ (Acronis) C:\Windows\system32\Drivers\tdrpman.sys
2014-04-22 22:07 - 2014-04-22 22:07 - 00229408 _____ (Acronis) C:\Windows\system32\Drivers\snapman.sys
2014-04-22 22:07 - 2014-04-22 22:07 - 00001099 _____ () C:\Users\Public\Desktop\Acronis*True*Image*Home 11.0.lnk
2014-04-22 22:07 - 2014-04-22 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2014-04-22 22:07 - 2014-04-22 22:07 - 00000000 ____D () C:\Program Files (x86)\Acronis
2014-04-22 21:56 - 2014-04-22 21:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\ATI
2014-04-22 21:56 - 2014-04-22 21:56 - 00000000 ____D () C:\Users\User\AppData\Local\ATI
2014-04-17 11:14 - 2014-04-26 15:35 - 00000000 ____D () C:\Users\User\AppData\Local\PDFC
2014-04-17 11:14 - 2014-04-17 11:14 - 00058408 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-17 11:14 - 2014-04-17 11:14 - 00001425 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-17 11:14 - 2014-04-17 11:14 - 00000020 ___SH () C:\Users\User\ntuser.ini
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Vorlagen
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Startmenü
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Netzwerkumgebung
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Lokale Einstellungen
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Eigene Dateien
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Druckumgebung
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Documents\Eigene Musik
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Documents\Eigene Bilder
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\AppData\Local\Verlauf
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\AppData\Local\Anwendungsdaten
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Anwendungsdaten
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Synaptics
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Intel Corporation
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Infineon
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\hpqLog
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\DigitalPersona
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Adobe
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Local\DigitalPersona
2014-04-17 11:14 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-17 11:14 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
==================== One Month Modified Files and Folders =======
2014-05-11 14:45 - 2014-05-11 14:45 - 00019138 _____ () C:\Users\Admin-*****\Desktop\FRST.txt
2014-05-11 14:45 - 2014-05-09 17:26 - 00000000 ____D () C:\FRST
2014-05-11 14:44 - 2014-04-05 10:11 - 00000290 _____ () C:\Windows\Tasks\FF Watcher {38FBA89E-61D5-4589-A908-197C6FA7DAE6}.job
2014-05-11 14:44 - 2014-04-03 22:49 - 00733084 _____ () C:\Windows\WindowsUpdate.log
2014-05-11 14:34 - 2014-04-03 20:38 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-11 13:52 - 2009-07-14 06:45 - 00009712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-11 13:52 - 2009-07-14 06:45 - 00009712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-11 13:48 - 2009-08-30 07:25 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-05-11 13:48 - 2009-08-30 07:25 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-05-11 13:48 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-11 13:45 - 2012-05-02 15:37 - 00000000 ____D () C:\ProgramData\PDFC
2014-05-11 13:45 - 2012-05-02 15:37 - 00000000 ____D () C:\ProgramData\HPQLOG
2014-05-11 13:44 - 2014-04-24 06:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-11 13:44 - 2014-04-04 06:58 - 00006220 _____ () C:\Windows\setupact.log
2014-05-11 13:44 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-11 13:14 - 2014-05-11 13:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-11 13:09 - 2014-05-11 12:59 - 00043212 _____ () C:\zoek-results.log
2014-05-11 13:09 - 2014-05-11 12:58 - 00000000 ____D () C:\zoek_backup
2014-05-11 13:09 - 2014-04-04 18:45 - 00422128 _____ () C:\Windows\PFRO.log
2014-05-11 13:08 - 2014-05-11 13:08 - 53986158 _____ () C:\Windows\repository.backup
2014-05-11 13:08 - 2014-04-24 07:28 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\CrashDumps
2014-05-11 12:58 - 2014-05-11 13:08 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-11 12:38 - 2014-05-09 06:52 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-11 12:27 - 2014-05-11 12:27 - 00000000 ____D () C:\Windows\ERUNT
2014-05-11 12:19 - 2014-05-11 12:17 - 00000000 ____D () C:\AdwCleaner
2014-05-09 18:03 - 2014-05-09 18:03 - 541496818 _____ () C:\Windows\MEMORY.DMP
2014-05-09 18:03 - 2014-05-09 18:03 - 00457144 _____ () C:\Windows\Minidump\050914-6614-01.dmp
2014-05-09 18:03 - 2012-05-02 15:07 - 00000000 ____D () C:\Windows\Minidump
2014-05-09 17:26 - 2014-05-11 14:44 - 02064384 _____ (Farbar) C:\Users\Admin-*****\Desktop\FRST64.exe
2014-05-09 17:23 - 2014-05-09 17:23 - 00000000 _____ () C:\Users\Admin-*****\defogger_reenable
2014-05-09 17:23 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****
2014-05-09 17:03 - 2014-03-31 21:20 - 00000000 ____D () C:\Program Files (x86)\HQVid8.1
2014-05-09 16:54 - 2014-05-09 16:54 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\Hewlett-Packard_Developme
2014-05-09 07:00 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-09 06:59 - 2014-05-09 06:59 - 00003144 _____ () C:\Windows\System32\Tasks\{4958827E-B60F-4C00-852B-75509BCB7158}
2014-05-09 06:59 - 2014-05-09 06:59 - 00003140 _____ () C:\Windows\System32\Tasks\{B497F898-4C90-4039-9B47-4CEB2970DBA9}
2014-05-09 06:59 - 2014-04-04 11:33 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-05-09 06:58 - 2014-05-09 06:58 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Hewlett-Packard
2014-05-09 06:58 - 2014-05-09 06:58 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\Hewlett-Packard
2014-05-09 06:58 - 2014-05-09 06:58 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-05-09 06:57 - 2014-05-09 06:57 - 00003154 _____ () C:\Windows\System32\Tasks\{E34B49F4-1CA8-43F0-8875-63915DD163F4}
2014-05-09 06:52 - 2014-05-09 06:52 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-09 06:52 - 2014-05-09 06:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-09 06:52 - 2014-05-09 06:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-09 06:52 - 2014-05-09 06:52 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-09 06:51 - 2014-05-09 06:51 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Admin-*****\Downloads\mbam-setup-2.0.1.1004(1).exe
2014-05-09 06:50 - 2014-05-09 06:50 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Admin-*****\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-01 11:50 - 2014-05-01 11:49 - 00000000 ____D () C:\Users\User\Desktop\Scratch Live 2.5.0
2014-04-29 18:00 - 2014-05-09 07:37 - 23133184 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 17:24 - 2014-05-09 07:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 16:47 - 2014-05-09 07:37 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 16:14 - 2014-05-09 07:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-26 17:30 - 2014-04-26 17:30 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-04-26 17:28 - 2014-04-26 17:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_strmdrvk_01007.Wdf
2014-04-26 17:27 - 2014-04-26 17:27 - 00000000 ____D () C:\Program Files\Rane
2014-04-26 17:26 - 2014-04-25 07:29 - 00002158 _____ () C:\Users\Admin-*****\Desktop\Scratch Live.lnk
2014-04-26 15:35 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Local\PDFC
2014-04-25 07:34 - 2014-04-25 07:34 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2014-04-25 07:34 - 2014-04-25 07:34 - 00000000 ____D () C:\Users\User\AppData\Local\Mozilla
2014-04-25 07:29 - 2014-04-25 07:29 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Serato
2014-04-25 07:29 - 2014-04-25 07:29 - 00000000 ____D () C:\Program Files (x86)\Serato
2014-04-25 07:19 - 2014-04-25 07:19 - 00000000 ____D () C:\Users\User\AppData\Roaming\Avira
2014-04-25 06:08 - 2014-04-22 22:08 - 00000000 ____D () C:\ProgramData\Acronis
2014-04-25 04:33 - 2014-04-25 04:33 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-04-25 04:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-24 07:47 - 2014-04-24 07:47 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-04-24 07:29 - 2014-04-24 07:29 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Avira
2014-04-24 07:26 - 2014-03-26 21:57 - 00000000 ____D () C:\ProgramData\Norton
2014-04-24 07:20 - 2014-04-24 07:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-04-24 07:20 - 2014-04-24 07:19 - 00000000 ____D () C:\ProgramData\Avira
2014-04-24 07:20 - 2014-04-24 07:19 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-04-24 07:19 - 2014-04-24 07:19 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-04-24 07:17 - 2014-04-24 07:11 - 00004128 _____ () C:\Windows\IE11_main.log
2014-04-24 07:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA
2014-04-24 07:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-04-24 07:11 - 2014-04-24 07:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-24 07:11 - 2014-04-24 07:11 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2014-04-24 07:11 - 2012-05-02 15:02 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-24 06:54 - 2014-03-26 21:45 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-24 06:53 - 2014-04-24 06:53 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-24 06:53 - 2014-04-24 06:53 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-24 06:53 - 2014-04-24 06:53 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Mozilla
2014-04-24 06:53 - 2014-04-24 06:53 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\Mozilla
2014-04-24 06:53 - 2014-04-24 06:53 - 00000000 ____D () C:\ProgramData\Mozilla
2014-04-24 06:50 - 2014-04-24 06:50 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Macromedia
2014-04-24 06:44 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-04-24 06:43 - 2014-04-24 06:43 - 00000677 _____ () C:\Users\Admin-*****\Desktop\000_INSTALL - Verknüpfung.lnk
2014-04-24 06:35 - 2014-04-24 06:35 - 00058408 _____ () C:\Users\Admin-*****\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-24 06:35 - 2014-04-24 06:35 - 00001425 _____ () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-24 06:35 - 2014-04-24 06:35 - 00000020 ___SH () C:\Users\Admin-*****\ntuser.ini
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Vorlagen
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Startmenü
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Netzwerkumgebung
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Lokale Einstellungen
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Eigene Dateien
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Druckumgebung
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Documents\Eigene Musik
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Documents\Eigene Bilder
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\AppData\Local\Verlauf
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\AppData\Local\Anwendungsdaten
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 _SHDL () C:\Users\Admin-*****\Anwendungsdaten
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ___RD () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ___RD () C:\Users\Admin-*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Synaptics
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Intel Corporation
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Infineon
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\hpqLog
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\DigitalPersona
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Roaming\Adobe
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\VirtualStore
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\PDFC
2014-04-24 06:35 - 2014-04-24 06:35 - 00000000 ____D () C:\Users\Admin-*****\AppData\Local\DigitalPersona
2014-04-23 05:34 - 2014-04-10 14:14 - 00001425 _____ () C:\Users\Hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-22 22:53 - 2014-04-22 22:53 - 00000000 ____D () C:\Users\User\AppData\Local\Hewlett-Packard_Developme
2014-04-22 22:08 - 2014-04-22 22:08 - 00711712 _____ (Acronis) C:\Windows\system32\Drivers\timntr.sys
2014-04-22 22:08 - 2014-04-22 22:08 - 00081952 _____ (Acronis) C:\Windows\system32\Drivers\tifsfilt.sys
2014-04-22 22:07 - 2014-04-22 22:07 - 00593952 _____ (Acronis) C:\Windows\system32\Drivers\tdrpman.sys
2014-04-22 22:07 - 2014-04-22 22:07 - 00229408 _____ (Acronis) C:\Windows\system32\Drivers\snapman.sys
2014-04-22 22:07 - 2014-04-22 22:07 - 00001099 _____ () C:\Users\Public\Desktop\Acronis*True*Image*Home 11.0.lnk
2014-04-22 22:07 - 2014-04-22 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2014-04-22 22:07 - 2014-04-22 22:07 - 00000000 ____D () C:\Program Files (x86)\Acronis
2014-04-22 21:56 - 2014-04-22 21:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\ATI
2014-04-22 21:56 - 2014-04-22 21:56 - 00000000 ____D () C:\Users\User\AppData\Local\ATI
2014-04-17 11:15 - 2014-03-30 16:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-17 11:14 - 2014-04-17 11:14 - 00058408 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-17 11:14 - 2014-04-17 11:14 - 00001425 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-17 11:14 - 2014-04-17 11:14 - 00000020 ___SH () C:\Users\User\ntuser.ini
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Vorlagen
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Startmenü
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Netzwerkumgebung
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Lokale Einstellungen
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Eigene Dateien
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Druckumgebung
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Documents\Eigene Musik
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Documents\Eigene Bilder
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\AppData\Local\Verlauf
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\AppData\Local\Anwendungsdaten
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 _SHDL () C:\Users\User\Anwendungsdaten
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Synaptics
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Intel Corporation
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Infineon
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\hpqLog
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\DigitalPersona
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Adobe
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2014-04-17 11:14 - 2014-04-17 11:14 - 00000000 ____D () C:\Users\User\AppData\Local\DigitalPersona
2014-04-17 11:14 - 2012-12-10 11:33 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-14 04:24 - 2014-04-24 07:10 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-04-24 07:10 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
Some content of TEMP:
====================
C:\Users\Admin-*****\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-09 08:04
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2014 01
Ran by Admin-***** at 2014-05-11 14:45:41
Running from C:\Users\Admin-*****\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Acronis*True*Image*Home (HKLM-x32\...\{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}) (Version: 11.0.8064 - Acronis)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\{41042E28-CCA1-4147-869F-9E928B38F04C}) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.16.0 - Alcor Micro Corp.)
Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.16.0 - Alcor Micro Corp.) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.30 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{D5526B83-25C4-88A8-A984-98F871DA1415}) (Version: 3.0.812.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{f470942e-6237-4c78-ba45-7e9b17a95709}) (Version: 1.1.11.32360 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.11.32360 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0206.1335.24298 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0206.1335.24298 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0206.1335.24298 - ATI) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2011.0206.1335.24298 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help English (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help French (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help German (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0206.1334.24298 - ATI) Hidden
ccc-core-static (x32 Version: 2011.0206.1335.24298 - ATI) Hidden
ccc-utility64 (Version: 2011.0206.1335.24298 - ATI) Hidden
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 6.0.0.9 - Hewlett-Packard Company)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Drive Encryption For HP ProtectTools (HKLM\...\{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}) (Version: 6.0.33.24411 - Hewlett-Packard Company)
Embedded Security for HP ProtectTools (HKLM\...\{87821717-5688-4AE6-887A-6B11571D0CD7}) (Version: 6.0.100.2572 - Hewlett-Packard Company)
Face Recognition for HP ProtectTools (HKLM\...\{D3A775F2-2674-4452-8D80-1FC1446052EE}) (Version: 6.00.4303 - Hewlett-Packard Company)
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 6.0.0.8 - Hewlett-Packard Company)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{83DA38AB-1014-41C2-A3CD-E2B93832A71A}) (Version: 4.1.4.1 - Hewlett-Packard Company)
HP Client Automation Agent Preload (HKLM-x32\...\{52B18ABC-AD5F-4C3C-B391-04F57B380449}) (Version: 7.5 - Hewlett-Packard)
HP Connection Manager (HKLM-x32\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)
HP DayStarter (HKLM\...\{483D5A49-A26B-4CB8-AA2D-0D1811322061}) (Version: 2.0.0.12 - Hewlett-Packard Company)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{CFC1988A-F492-4BC5-B6F7-683A95718AE9}) (Version: 1.1.11.1 - Hewlett-Packard Company)
HP HotKey Support (HKLM\...\{7D1C63D1-6520-49DA-B738-958133526E80}) (Version: 4.0.10.1 - Hewlett-Packard Company)
HP Mobile Broadband Drivers (HKLM-x32\...\{646E8C34-C88B-42F9-9F41-985A801219E1}) (Version: 6.3.3.3 - Ericsson AB)
HP Power Assistant (HKLM\...\{3D8EDF72-13CC-4E51-AAB6-32A20524D2E0}) (Version: 2.0.2.0 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 6.00.888 - Hewlett-Packard Company)
HP ProtectTools Security Manager (Version: 6.00.888 - Hewlett-Packard Company) Hidden
HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}) (Version: 2.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 2.00 - Hewlett-Packard Company)
HP Web Camera (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.25.0 - Roxio)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50058.0 - Sonix)
HQVid8.1 (HKLM-x32\...\HQVid8.1) (Version: 1.34.3.28 - High-QualityV9) <==== ATTENTION
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6325.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.20.00 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.56.1 - JMicron Technology Corp.)
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.57 - PDF Complete, Inc)
Privacy Manager for HP ProtectTools (HKLM\...\{ACA53F68-B003-4D0E-9C3D-0C4EE09D08A8}) (Version: 6.00.831 - Hewlett-Packard Company)
Rane SL 4 (ver. 1.0.1f4) (HKLM\...\RaneAsioSL4_is1) (Version: - Rane Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Scratch Live 2.5.0 (11) (HKLM-x32\...\{EA21EB55-073F-4CF5-A964-0412E755955A}) (Version: 2.5.0 - Serato Inc LP)
SDK (x32 Version: 2.24.025 - Portrait Displays, Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.30 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 6.0.0.30 - Hewlett-Packard Company) Hidden
Validity Fingerprint Sensor Driver (HKLM\...\{FFC3E41D-2C2B-45B7-9AD9-5EA19572DD26}) (Version: 4.3.117.0 - Validity Sensors, Inc.)
==================== Restore Points =========================
11-05-2014 10:59:20 zoek.exe restore point
==================== Hosts content: ==========================
2009-07-14 04:34 - 2014-05-11 12:59 - 00000840 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {1BC22A45-F2A8-4EC0-AC70-2C35A54E4CD4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {1D4FE741-660B-4181-A426-46ED0AA15869} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2013-01-09] (Hewlett-Packard)
Task: {22A065E0-AF10-4381-AC16-3C282751EBDE} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {28F1AAE3-F8EE-4535-A31D-AB053F5F4160} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-04-22] (Microsoft)
Task: {351B6D0A-1F23-45F3-B67D-DA31D5B2A5F7} - \Freemium1ClickMaint No Task File <==== ATTENTION
Task: {461B3278-D291-4145-AC48-736CBC027E5A} - \pricemetertask No Task File <==== ATTENTION
Task: {4FA62DF8-9D65-4D8E-A714-2CCE6D3F3A95} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {50CCEF51-92A2-4ADC-AEA4-5525FD59A58A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {59822E90-B4D5-4FB3-951B-F6C986C7B3B2} - System32\Tasks\FF Watcher {38FBA89E-61D5-4589-A908-197C6FA7DAE6} => C:\Program Files\V-bates\PrefHelper.exe
Task: {5FBFA157-E3E2-47B8-BCB0-8D5077B9974A} - \pricemeterwatcher No Task File <==== ATTENTION
Task: {7882B8C7-28A6-4837-83C3-BC1F6826A8DA} - \MySearchDial No Task File <==== ATTENTION
Task: {798496F1-23F1-4B3E-9353-4B32AD0C79A8} - \AppCloudUpdater No Task File <==== ATTENTION
Task: {860AE3E8-F2DB-4589-B7A4-FCB0EB171FBB} - \Software Updater No Task File <==== ATTENTION
Task: {9DC2B816-2301-4175-BE94-3B85A2E8A195} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {B1815EC6-14FB-4624-87D8-5A350CAA44F0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-03] (Adobe Systems Incorporated)
Task: {D9C29D9B-34AF-4FE0-AB52-17B8FF42999E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {E118032A-D576-4A50-A416-D76DED81F3D4} - \Software Updater Ui No Task File <==== ATTENTION
Task: {E285CBD6-5A6D-4E9B-80FE-4F161265D318} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {F5154549-3FBE-40C3-A9A3-021B6EE81AEC} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {FCDAFE7E-38F2-44E9-BEBD-EFC0CAB5E099} - \pricemeterdownloader No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FF Watcher {38FBA89E-61D5-4589-A908-197C6FA7DAE6}.job => C:\Program Files\V-bates\PrefHelper.exe
==================== Loaded Modules (whitelisted) =============
2011-01-31 20:54 - 2011-01-31 20:54 - 00107008 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2011-02-09 13:04 - 2011-02-09 13:04 - 02905600 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2010-12-07 07:17 - 2010-12-07 07:17 - 00204112 _____ () C:\Windows\system32\PassThroughOTP.dll
2010-09-06 22:18 - 2010-09-06 22:18 - 01412608 _____ () C:\Windows\system32\LIBEAY32.dll
2011-02-09 12:28 - 2011-02-09 12:28 - 01318912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2007-12-03 11:26 - 2007-12-03 11:26 - 00498792 _____ () C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
2012-05-02 15:35 - 2011-01-27 02:34 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2011-01-27 03:14 - 2011-01-27 03:14 - 00036408 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Remote.dll
2011-01-27 03:10 - 2011-01-27 03:10 - 00013880 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe
2011-02-09 12:51 - 2011-02-09 12:51 - 00200704 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
2010-06-24 11:21 - 2010-06-24 11:21 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2014-04-24 07:20 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-02-09 12:48 - 2011-02-09 12:48 - 02637824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2011-02-09 12:27 - 2011-02-09 12:27 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2011-02-09 12:51 - 2011-02-09 12:51 - 02650112 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2011-02-09 12:29 - 2011-02-09 12:29 - 02035712 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2011-02-09 12:30 - 2011-02-09 12:30 - 01929216 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2012-05-02 15:10 - 2010-02-17 20:20 - 00065576 ____R () C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\MBMDebug.dll
2014-04-15 19:00 - 2014-04-15 19:00 - 00138320 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-04-15 18:59 - 2014-04-15 18:59 - 00064592 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2010-06-24 11:19 - 2010-06-24 11:19 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2014-04-04 18:38 - 2014-04-04 18:38 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3e27ac2000641918e7215d97c63e957d\IsdiInterop.ni.dll
2012-05-02 15:08 - 2011-01-13 03:56 - 00058880 ____R () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2010-05-19 11:05 - 2010-05-19 11:05 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-05-19 11:05 - 2010-05-19 11:05 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-05-19 11:05 - 2010-05-19 11:05 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2007-12-03 10:58 - 2007-12-03 10:58 - 01336600 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\fox.dll
2014-05-11 13:09 - 2014-04-15 18:59 - 00049744 _____ () C:\Users\Admin-*****\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
==================== Faulty Device Manager Devices =============
Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "0816" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "013" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "010" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "00C" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "00A" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "006" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "001" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "0816" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "013" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: Die Zeichenfolgen der Leistungsindikatoren, die für die Sprach-ID "010" definiert wurden, können nicht gelesen werden. Das erste DWORD im Datenbereich enthält den Win32-Fehlercode.
System errors:
=============
Error: (05/11/2014 01:44:48 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (05/11/2014 01:44:48 PM) (Source: Application Popup) (User: ) (EventID: 875)
Description: Treiber atksgt.sys konnte nicht geladen werden.
Error: (05/11/2014 01:09:17 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (05/11/2014 01:09:17 PM) (Source: Application Popup) (User: ) (EventID: 875)
Description: Treiber atksgt.sys konnte nicht geladen werden.
Error: (05/11/2014 01:06:18 PM) (Source: Service Control Manager) (User: ) (EventID: 7030)
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/11/2014 01:06:18 PM) (Source: Service Control Manager) (User: ) (EventID: 7030)
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/11/2014 01:06:18 PM) (Source: Service Control Manager) (User: ) (EventID: 7030)
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/11/2014 01:06:17 PM) (Source: Service Control Manager) (User: ) (EventID: 7030)
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/11/2014 01:06:17 PM) (Source: Service Control Manager) (User: ) (EventID: 7030)
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/11/2014 00:36:08 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Microsoft Office Sessions:
=========================
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 08168020000002D010000
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 0138020000002D010000
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 0108020000002D010000
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 00C8020000002D010000
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 00A8020000002D010000
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 0068020000002D010000
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 0018020000002D010000
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 0816120200000000000000AF000000
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 013120200000000000000AF000000
Error: (05/11/2014 01:48:58 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3006)
Description: 010120200000000000000AF000000
==================== Memory info ===========================
Percentage of memory in use: 44%
Total physical RAM: 4046.36 MB
Available physical RAM: 2254.5 MB
Total Pagefile: 8090.9 MB
Available Pagefile: 5798.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:115.23 GB) (Free:78.67 GB) NTFS
Drive d: (HP_TOOLS) (Fixed) (Total:9.99 GB) (Free:9.99 GB) FAT32
Drive e: (MUSIK) (Fixed) (Total:113.14 GB) (Free:2.07 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: B71EBFEC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=115 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=113 GB) - (Type=05)
Partition 4: (Not Active) - (Size=10 GB) - (Type=0C)
==================== End Of Log ============================
|
Baum-Darstellung