|
Plagegeister aller Art und deren Bekämpfung: Packard Bell EasyNote Ts, Win7:Touchpad reagiert nicht mehr und MP3, den erkannt, aber nicht eingelesenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.08.2014, 04:49 | #1 |
| Packard Bell EasyNote Ts, Win7:Touchpad reagiert nicht mehr und MP3, den erkannt, aber nicht eingelesen Hallo! Ich hoffe, Ihr wisst Rat für mein Problem! Mein Laptop (Packard Bell EasyNote TS, Win7, 64Bit) erkennt zwar Komponenten wie MP3-Player und SD-Karte, kann sie aber nicht einlesen (Dateien durchsuchen ist nicht wählbar). Somit hat man keinen Zugriff. Zudem funktioniert seit geraumer Zeit das Synaptics Touchpad nicht mehr. Ist Win7 falsch konfiguriert? Liegt´s am Treiber? Hilfe, ich verzweifle.... LG Daria |
29.08.2014, 06:38 | #2 |
/// the machine /// TB-Ausbilder | Packard Bell EasyNote Ts, Win7:Touchpad reagiert nicht mehr und MP3, den erkannt, aber nicht eingelesen Hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
29.08.2014, 07:17 | #3 |
| Packard Bell EasyNote Ts, Win7:Touchpad reagiert nicht mehr und MP3, den erkannt, aber nicht eingelesen Hallo!
__________________VIELEN DANK für umgehende Antwort! Ich habe soeben Farbar Recovery runter geladen.Darf ich es starten, während ESET NOD 32 noch den Scan durchführt? Habe Farbar Recovery herunter geladen, darf ich es starten, während ESET NOD 32 den Scan durchführt? |
29.08.2014, 11:10 | #4 |
| Packard Bell EasyNote Ts, Win7:Touchpad reagiert nicht mehr und MP3, den erkannt, aber nicht eingelesen Hallo! Ich sollte nochmal erwähnen, dass ich ein Computer-Vollidiot bin und nicht einmal mit Begriffen wie ,,Thread´´ etwas anfangen kann.... , .....geschweige denn, wie man´s posted.... FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014 Ran by Gabi (administrator) on GABI-PC on 29-08-2014 12:01:14 Running from C:\Users\Gabi\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Microsoft Corporation) C:\Windows\System32\CISVC.EXE (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe ( ) C:\Windows\System32\lxctcoms.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Users\Gabi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Gabi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Gabi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Gabi\AppData\Local\Google\Chrome\Application\chrome.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Google Inc.) C:\Users\Gabi\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) C:\Users\Gabi\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5581888 2014-02-24] (ESET) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoStrCmpLogical] 1 HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe [247968 2012-02-26] (Adobe Systems, Inc.) HKU\S-1-5-21-3220686304-206382180-1288161846-1000\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [162408 2011-09-13] () HKU\S-1-5-21-3220686304-206382180-1288161846-1001\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-3220686304-206382180-1288161846-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-3220686304-206382180-1288161846-1001\...\Policies\Explorer: [NoDrives] 0xD3FFFF03 HKU\S-1-5-21-3220686304-206382180-1288161846-1001\...\MountPoints2: G - G:\AutoRun.exe HKU\S-1-5-21-3220686304-206382180-1288161846-1001\...\MountPoints2: {052d0b0b-b155-11e1-96ed-dc0ea19a135d} - E:\AutoRun.exe HKU\S-1-5-21-3220686304-206382180-1288161846-1001\...\MountPoints2: {052d0b1a-b155-11e1-96ed-dc0ea19a135d} - E:\AutoRun.exe HKU\S-1-5-21-3220686304-206382180-1288161846-1001\...\MountPoints2: {0a6675e4-b1a6-11e1-b9bd-9cb70da1746b} - E:\AutoRun.exe HKU\S-1-5-21-3220686304-206382180-1288161846-1001\...\MountPoints2: {87cd047d-6017-11e1-96d5-806e6f6e6963} - D:\EPSETUP.EXE HKU\S-1-5-21-3220686304-206382180-1288161846-1001\...\MountPoints2: {ef7ce6f2-ba6c-11e1-9132-9cb70da1746b} - G:\AutoRun.exe AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation) BootExecute: autocheck autochk /r \??\F:autocheck autochk /r \??\F:autocheck autochk * GroupPolicyUsers\S-1-5-21-3220686304-206382180-1288161846-1000\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: http=127.0.0.1:49199;https=127.0.0.1:49199 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=706&systemid=406&apn_uid=0018759653534119&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKCU - ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ*´Ñ;áa´[¦†8*º~RÙxœòÜ8'£-)x*ä* URL = BHO-x32: Smart Suggestor -> {DB536AF2-E422-402d-B7FD-887297F1A198} -> C:\Program Files (x86)\Smart Suggestor\SmartSuggestor.dll (Think Tank Labs, LLC) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\mfdp2njx.default FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Gabi\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Gabi\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF user.js: detected! => C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\mfdp2njx.default\user.js FF SearchPlugin: C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\mfdp2njx.default\searchplugins\optitoolbar.xml FF SearchPlugin: C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\mfdp2njx.default\searchplugins\yahoo_ff.xml FF Extension: Ghostery - C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\mfdp2njx.default\Extensions\firefox@ghostery.com [2013-03-08] FF Extension: Whilokii - C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\mfdp2njx.default\Extensions\firefox@whilokii.net [2013-10-18] FF Extension: FreeHDSport TV 3 - C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\mfdp2njx.default\Extensions\fhdp3@freehdsp.tv.xpi [2013-06-30] FF Extension: PrivDog - C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\mfdp2njx.default\Extensions\PrivDog@AdTrustMedia.com.xpi [2013-10-19] FF Extension: Smart Suggestor - C:\Users\Gabi\AppData\Roaming\Mozilla\Firefox\Profiles\mfdp2njx.default\Extensions\{3628D7BD-FD0D-47b8-8C8B-865CEB7DD779}.xpi [2013-02-06] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-08-29] FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird Chrome: ======= CHR HomePage: Default -> https://de.yahoo.com?fr=hp-avast&type=avastbcl CHR StartupUrls: Default -> "https://www.google.de/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8" CHR DefaultSearchProvider: Default -> Search By ZoneAlarm CHR DefaultSearchURL: Default -> hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=DE&q={searchTerms}&gu=3b87a481610547869bede2eff9b66e37&tu=11Jiy00FS1D13P0&sku=&tstsId=&ver=& CHR DefaultSuggestURL: Default -> CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll No File CHR Plugin: (Shockwave Flash) - C:\Users\Gabi\AppData\Local\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Gabi\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Gabi\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll () CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (Google Update) - C:\Users\Gabi\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) CHR Profile: C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Wallet) - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [] CHR HKLM-x32\...\Chrome\Extension: [demmlacpnijjgliknaehpamnnbncnodb] - C:\Program Files (x86)\Smart Suggestor\SmartSuggestor.crx [2014-08-27] CHR HKLM-x32\...\Chrome\Extension: [gkjoindjjcmbdpbfppabdgflnkgbbcli] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx [2014-08-27] CHR HKLM-x32\...\Chrome\Extension: [jbhadopkkbkjmnjmifbbofhnbmhacoae] - C:\Program Files (x86)\DDownTango6bToolbar\chrome\DDownTango6bToolbar.crx [2014-08-27] CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Gabi\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [2012-11-21] CHR StartMenuInternet: Google Chrome - C:\Users\Gabi\AppData\Local\Google\Chrome\Application\chrome.exe CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1343408 2014-02-24] (ESET) R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [872552 2011-08-02] (Acer Incorporated) R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [36456 2011-05-30] (Acer Incorporated) R2 Live Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [244624 2011-04-22] (Acer Incorporated) R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation) R2 lxct_device; C:\Windows\system32\lxctcoms.exe [566192 2007-03-19] ( ) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2103096 2013-12-10] (TuneUp Software) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET) S0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [122584 2014-08-29] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2013-05-22] () S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-10-16] (Anchorfree Inc.) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-11-12] (TuneUp Software) S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X] S0 qmhgf; System32\drivers\ugevuev.sys [X] ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49 C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048 C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\drivers\arc.sys ==> MD5 is legit C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\athrx.sys C8679A07267F030704168E45E27C3D43 C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57xdbd.sys A424CB46A145E5AABF15621550976DF2 C:\Windows\System32\DRIVERS\b57xdmp.sys BE4E6FD5A898812B85D5817AD9754A9F C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bScsiMSa.sys 0970D8B7151E9113BF8D44CE2E954DF7 C:\Windows\System32\DRIVERS\bScsiSDa.sys 0C1EEE5AF32402D306874B110DE237EC C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706 C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\drivers\disk.sys ==> MD5 is legit C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868 C:\Windows\System32\DRIVERS\eamonm.sys FE96AA1A36E76588C80DF1040286DDE1 C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\edevmon.sys FD4BC52A6978A50A81B01E2C74D8737E C:\Windows\System32\DRIVERS\ehdrv.sys 807BA90D47F8885C09E1D6AFBB706E18 C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\epfwwfpr.sys FEE856E92AFCC61DA146F186E291FFD7 C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0 C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit C:\Windows\System32\drivers\iaStor.sys 26CF4275034214ECEDD8EC17B0A18A99 C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366 C:\Windows\System32\DRIVERS\igdkmd64.sys 9937600A1584FF00565D5379EB4C9EDB C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\IntcDAud.sys FC727061C0F47C8059E88E05D5C8E381 C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6 C:\Windows\System32\DRIVERS\k57nd60a.sys 455B75C19BF3F1F2EE3AC10E1169826C C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\drivers\mbam.sys F92B0E478C0FAA6D6661E6E977247E60 C:\Windows\System32\drivers\MBAMSwissArmy.sys 8A50D5304E6AE48664CF5838EC32F647 C:\Windows\system32\drivers\mwac.sys 15E8ABC06843672955CE26A009533BAD C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567 C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\MpFilter.sys 9EB89625A82AC961F25E7C865947BF9A C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404 C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163 C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\NisDrvWFP.sys C3E0696C3B42F694C5822776AA6FFFDF C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2 C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nvlddmkm.sys 9B93CC9C70EDE60A9C486E7719DB9E8D C:\Windows\System32\DRIVERS\nvpciflt.sys F76296368BB813E0C6996501A3271C7C C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\drivers\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\drivers\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1 C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34 C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0 C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit C:\Windows\system32\drivers\serial.sys ==> MD5 is legit C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit C:\Windows\System32\Drivers\SmartDefragDriver.sys DD0443BC6CC78A19FD399817F8C51401 C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28 C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3 C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\taphss6.sys 2A6F99C1E2D25C4C920A37E07BB26291 C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8 C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09 C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426 C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07 C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys 45427C4B8CAC6B241478F149B935CD80 C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31 C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965 C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24 C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6 C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3 C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\drivers\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-29 11:51 - 2014-08-29 11:55 - 00045218 _____ () C:\Users\Gabi\Desktop\Shortcut.txt 2014-08-29 11:49 - 2014-08-29 11:55 - 00030976 _____ () C:\Users\Gabi\Desktop\Addition.txt 2014-08-29 11:46 - 2014-08-29 12:01 - 00033166 _____ () C:\Users\Gabi\Desktop\FRST.txt 2014-08-29 11:46 - 2014-08-29 12:01 - 00000000 ____D () C:\FRST 2014-08-29 11:14 - 2014-08-29 11:14 - 00005602 _____ () C:\Users\Gabi\Desktop\exe-fix.bat 2014-08-29 09:41 - 2014-08-29 09:41 - 00000525 _____ () C:\Users\Gabi\Desktop\Vergleich.bat 2014-08-29 09:35 - 2014-08-29 09:36 - 00969845 _____ (ShadowExplorer.com ) C:\Users\Gabi\Desktop\ShadowExplorer-0.9-setup.exe 2014-08-29 08:08 - 2014-08-29 08:08 - 02103296 _____ (Farbar) C:\Users\Gabi\Desktop\FRST64.exe 2014-08-29 06:20 - 2014-08-29 06:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2014-08-29 06:20 - 2014-08-29 06:20 - 00000000 ____D () C:\ProgramData\ESET 2014-08-29 06:20 - 2014-08-29 06:20 - 00000000 ____D () C:\Program Files\ESET 2014-08-29 06:17 - 2014-08-29 06:17 - 01695680 _____ (ESET) C:\Users\Gabi\Desktop\eset_nod32_antivirus_live_installer_.exe 2014-08-29 04:25 - 2014-08-29 04:25 - 00000020 ___SH () C:\Users\TEMP\ntuser.ini 2014-08-29 04:25 - 2014-08-29 04:25 - 00000000 _SHDL () C:\Users\TEMP\Vorlagen 2014-08-29 04:25 - 2014-08-29 04:25 - 00000000 _SHDL () C:\Users\TEMP\Startmenü 2014-08-29 04:25 - 2014-08-29 04:25 - 00000000 _SHDL () C:\Users\TEMP\Netzwerkumgebung 2014-08-29 04:25 - 2014-08-29 04:25 - 00000000 _SHDL () C:\Users\TEMP\Lokale Einstellungen 2014-08-29 04:25 - 2014-08-29 04:25 - 00000000 _SHDL () C:\Users\TEMP\Eigene Dateien 2014-08-29 04:25 - 2014-08-29 04:25 - 00000000 _SHDL () C:\Users\TEMP\Druckumgebung 2014-08-29 04:25 - 2014-08-29 04:25 - 00000000 _SHDL () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-08-29 04:25 - 2014-08-29 04:25 - 00000000 _SHDL () C:\Users\TEMP\AppData\Local\Verlauf 2014-08-29 04:25 - 2014-08-29 04:25 - 00000000 _SHDL () C:\Users\TEMP\AppData\Local\Anwendungsdaten 2014-08-29 04:25 - 2014-08-29 04:25 - 00000000 _SHDL () C:\Users\TEMP\Anwendungsdaten 2014-08-29 04:25 - 2014-08-29 04:25 - 00000000 ____D () C:\Users\TEMP 2014-08-29 04:25 - 2014-07-23 14:14 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\GlarySoft 2014-08-29 04:25 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-08-29 04:25 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-08-29 04:16 - 2014-08-29 04:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON 2014-08-29 04:16 - 2014-08-29 04:16 - 00002298 _____ () C:\Users\Public\Desktop\Epson Stylus SX210_SX410_TX210_TX410 Handbuch.lnk 2014-08-29 03:47 - 2014-08-29 03:47 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\InstallShield 2014-08-28 15:36 - 2014-08-28 15:36 - 00001560 _____ () C:\Users\Gabi\Desktop\Windows -Antimalware.lnk 2014-08-28 15:09 - 2014-08-28 15:10 - 00000000 ____D () C:\Users\Gabi\Dokumente\Ereignisprotokoll & Diskreport 2014-08-28 13:20 - 2014-08-28 13:20 - 00000000 ___RD () C:\GABI-PC -SICHERUNGEN- 2014-08-28 13:09 - 2014-08-28 13:09 - 00001103 _____ () C:\Users\Gabi\Desktop\TRAILERPARK.lnk 2014-08-28 13:08 - 2014-08-28 13:08 - 00001056 _____ () C:\Users\Gabi\Desktop\257ERS.lnk 2014-08-28 09:31 - 2014-08-28 09:31 - 00001549 _____ () C:\Users\Gabi\Desktop\Malware -bytes.lnk 2014-08-28 08:46 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-28 08:46 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-28 08:46 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-28 08:43 - 2014-08-28 08:43 - 00002770 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 2014-08-27 17:15 - 2014-08-28 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CardRecovery 2014-08-27 16:20 - 2014-08-29 04:23 - 00006753 _____ () C:\Windows\DtcInstall.log 2014-08-27 16:11 - 2014-08-28 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Suggestor 2014-08-27 16:11 - 2014-08-28 13:00 - 00000000 ____D () C:\Program Files (x86)\Smart Suggestor 2014-08-27 15:36 - 2014-08-27 15:36 - 00000656 _____ () C:\Users\Gabi\Desktop\pdf-editor_setup_full1155.exe.lnk 2014-08-27 14:16 - 2014-08-28 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit 2014-08-27 12:27 - 2014-08-27 12:27 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\SpeedMaxPc 2014-08-27 12:27 - 2014-08-27 12:27 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\DriverCure 2014-08-27 12:26 - 2014-08-27 15:01 - 00000000 ____D () C:\ProgramData\SpeedMaxPc 2014-08-27 12:21 - 2014-08-27 12:21 - 00002056 _____ () C:\Users\Gabi\Desktop\TuneUp 1-Klick-Wartung.lnk 2014-08-27 12:21 - 2014-08-27 12:21 - 00002052 _____ () C:\Users\Gabi\Desktop\TuneUp Utilities 2014.lnk 2014-08-26 16:14 - 2014-08-26 16:14 - 00001362 _____ () C:\Users\Gabi\Desktop\BEST OF TRAILERPARK & 257ERS.lnk 2014-08-26 13:35 - 2014-08-26 13:35 - 00003544 ____N () C:\bootsqm.dat 2014-08-26 10:29 - 2014-08-26 10:29 - 00000000 ____D () C:\Users\Gabi\Dokumente\Epson Handbuch 2014-08-26 08:38 - 2013-12-10 09:51 - 00043320 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll 2014-08-26 08:38 - 2013-12-10 09:51 - 00036152 _____ (TuneUp Software) C:\Windows\SysWOW64\uxtuneup.dll 2014-08-26 08:34 - 2014-08-28 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014 2014-08-26 08:34 - 2014-08-28 13:00 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014 2014-08-26 08:34 - 2014-08-26 08:34 - 00002173 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk 2014-08-26 08:34 - 2013-12-10 09:51 - 00040760 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe 2014-08-26 08:34 - 2013-12-10 09:51 - 00029496 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll 2014-08-26 08:34 - 2013-12-10 09:51 - 00025400 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll 2014-08-25 16:56 - 2014-08-28 15:36 - 00000000 ____D () C:\Users\Gabi\Downloads\Windows Downlaods 2014-08-25 16:55 - 2014-08-28 13:00 - 00000000 ____D () C:\Users\Gabi\Downloads\Downloads nachschauen 2014-08-25 16:50 - 2014-08-25 16:50 - 00001472 _____ () C:\Windows\IE11_main.log 2014-08-25 10:01 - 2014-08-28 13:00 - 00000000 ____D () C:\Program Files\Windows Journal 2014-08-25 10:01 - 2014-08-28 12:59 - 00000000 ____D () C:\Windows\ShellNew 2014-08-25 10:01 - 2014-08-25 10:01 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC 2014-08-25 01:39 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-08-25 01:39 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2014-08-25 01:39 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-08-25 01:39 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-08-25 01:31 - 2014-08-25 01:31 - 00000000 _____ () C:\Windows\setuperr.log 2014-08-25 01:09 - 2014-08-29 07:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-25 01:09 - 2014-08-25 01:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-25 01:09 - 2014-08-25 01:09 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-25 01:09 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-25 01:09 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-25 01:09 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-24 22:17 - 2014-08-28 13:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor 2014-08-24 22:17 - 2014-08-24 22:59 - 00002099 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk 2014-08-24 20:15 - 2014-08-28 12:59 - 00000000 ____D () C:\Windows\SysWOW64\NV 2014-08-24 20:15 - 2014-08-28 12:59 - 00000000 ____D () C:\Windows\system32\NV 2014-08-24 20:03 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2014-08-24 20:03 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-08-24 20:03 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-08-24 20:03 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2014-08-24 20:03 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2014-08-24 20:03 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-08-24 20:03 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2014-08-24 20:03 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2014-08-24 20:03 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll 2014-08-24 20:03 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll 2014-08-24 20:03 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2014-08-24 20:03 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2014-08-24 20:03 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2014-08-24 20:03 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-08-24 20:03 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2014-08-24 20:03 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-08-24 20:02 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2014-08-24 20:02 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2014-08-24 20:02 - 2012-08-23 16:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys 2014-08-24 20:02 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll 2014-08-24 20:02 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll 2014-08-24 19:54 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-08-24 19:54 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-08-24 19:54 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-08-24 19:54 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-08-22 15:59 - 2014-08-22 15:59 - 00002992 _____ () C:\Windows\System32\Tasks\{C48A051A-2315-41EF-9F4B-F0E795C9B490} 2014-08-22 14:19 - 2014-08-22 14:19 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Macromedia 2014-08-22 13:39 - 2014-08-25 18:06 - 00002968 _____ () C:\Windows\System32\Tasks\{935254F1-69CA-4F8E-9052-9433F872F202} 2014-08-22 13:23 - 2014-08-29 04:23 - 00004922 _____ () C:\Windows\setupact.log 2014-08-22 13:23 - 2014-08-29 04:12 - 00006848 _____ () C:\Windows\PFRO.log 2014-08-22 13:23 - 2014-08-28 09:38 - 00293120 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-22 09:06 - 2014-08-28 13:00 - 00000000 ___HD () C:\Windows\Icons 2014-08-21 17:03 - 2014-08-26 08:39 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-08-21 07:46 - 2014-08-21 07:48 - 00001197 _____ () C:\Users\Gabi\Desktop\Fotos.lnk 2014-08-21 07:21 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-21 07:21 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-21 07:21 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-08-21 07:21 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-21 07:21 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-21 07:21 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-08-21 07:21 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-08-21 07:21 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-21 07:21 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-21 07:21 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-08-21 07:21 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-21 07:21 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-08-21 07:21 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-21 07:21 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-08-20 14:57 - 2014-08-26 08:34 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\TuneUp Software 2014-08-20 14:46 - 2014-08-28 13:37 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\vlc 2014-08-20 11:32 - 2014-08-21 07:43 - 00001755 _____ () C:\Users\Gabi\Desktop\Suchvorgänge.lnk 2014-08-20 11:27 - 2014-08-20 15:10 - 00000000 ___RD () C:\Users\Gabi\Suchen 2014-08-17 02:29 - 2014-08-17 02:30 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-08-16 19:34 - 2014-08-16 19:34 - 00003028 _____ () C:\Windows\System32\Tasks\{14D869DD-E476-4211-9A2B-7DB47C22235C} 2014-08-16 11:54 - 2014-08-16 11:54 - 00000000 ____D () C:\ProgramData\CheckPoint 2014-08-14 10:38 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-14 10:38 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2014-08-14 10:38 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-08-14 10:38 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-14 10:38 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-14 10:38 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-14 10:38 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2014-08-14 10:38 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2014-08-14 02:14 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-14 02:14 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-08-14 02:14 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-08-14 02:14 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-08-14 02:14 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-08-14 02:14 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-08-14 02:14 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-08-14 02:14 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL 2014-08-14 02:14 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL 2014-08-14 02:14 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL 2014-08-14 02:14 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL 2014-08-14 02:14 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL 2014-08-14 02:14 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-08-14 02:14 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls 2014-08-14 02:13 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-08-14 02:13 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-08-14 02:13 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-14 02:13 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-08-14 02:13 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-14 02:13 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-14 02:13 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-08-14 02:13 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-08-14 02:13 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-14 02:13 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-14 02:13 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-08-14 02:13 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-14 02:13 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-08-14 02:13 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-14 02:13 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-14 02:13 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-08-14 02:13 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-14 02:13 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-14 02:13 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-08-14 02:13 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-08-14 02:13 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-08-14 02:13 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-14 02:13 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-08-14 02:13 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-08-14 02:13 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-08-14 02:13 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-08-14 02:13 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-14 02:13 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-08-14 02:13 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-08-14 02:13 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-14 02:13 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-08-14 02:13 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-14 02:13 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-08-14 02:13 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-08-14 02:13 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-14 02:13 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-08-14 02:13 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-08-14 02:13 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-08-14 02:13 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-08-14 02:13 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-14 02:13 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-08-14 02:13 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-14 02:13 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-14 02:13 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-08-14 02:13 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-08-14 02:13 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-08-14 02:13 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-08-14 02:13 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-14 02:13 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-08-14 02:13 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-08-14 02:13 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-08-14 02:13 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-08-14 02:13 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-14 02:13 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-14 02:13 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-08-14 02:13 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-08-14 02:13 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-08-14 02:13 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-08-14 02:13 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-14 02:13 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-08-14 02:13 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-08-14 02:13 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-08-14 02:13 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-14 02:13 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-14 02:13 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-14 02:13 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-14 02:13 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-14 02:13 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-08-14 02:13 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-08-14 02:13 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-08-13 14:47 - 2014-08-16 14:49 - 00076329 _____ () C:\Windows\system32\ScanResults.xml 2014-08-13 14:43 - 2014-08-16 14:47 - 00000464 _____ () C:\Windows\system32\ScannerSettings 2014-08-10 08:50 - 2014-08-10 19:50 - 00000163 _____ () C:\Windows\Reimage.ini 2014-08-09 01:18 - 2014-08-09 01:18 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2014-08-01 23:00 - 2014-08-22 13:22 - 00327680 _____ () C:\Windows\system32\Ikeext.etl ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-29 12:01 - 2014-08-29 11:46 - 00033166 _____ () C:\Users\Gabi\Desktop\FRST.txt 2014-08-29 12:01 - 2014-08-29 11:46 - 00000000 ____D () C:\FRST 2014-08-29 11:55 - 2014-08-29 11:51 - 00045218 _____ () C:\Users\Gabi\Desktop\Shortcut.txt 2014-08-29 11:55 - 2014-08-29 11:49 - 00030976 _____ () C:\Users\Gabi\Desktop\Addition.txt 2014-08-29 11:14 - 2014-08-29 11:14 - 00005602 _____ () C:\Users\Gabi\Desktop\exe-fix.bat 2014-08-29 10:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2014-08-29 09:41 - 2014-08-29 09:41 - 00000525 _____ () C:\Users\Gabi\Desktop\Vergleich.bat 2014-08-29 09:36 - 2014-08-29 09:35 - 00969845 _____ (ShadowExplorer.com ) C:\Users\Gabi\Desktop\ShadowExplorer-0.9-setup.exe 2014-08-29 09:34 - 2012-06-08 12:02 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3220686304-206382180-1288161846-1001Core.job 2014-08-29 08:08 - 2014-08-29 08:08 - 02103296 _____ (Farbar) C:\Users\Gabi\Desktop\FRST64.exe 2014-08-29 07:51 - 2012-02-26 03:19 - 01505820 _____ () C:\Windows\WindowsUpdate.log 2014-08-29 07:45 - 2014-08-25 01:09 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-29 06:20 - 2014-08-29 06:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2014-08-29 06:20 - 2014-08-29 06:20 - 00000000 ____D () C:\ProgramData\ESET 2014-08-29 06:20 - 2014-08-29 06:20 - 00000000 ____D () C:\Program Files\ESET 2014-08-29 06:17 - 2014-08-29 06:17 - 01695680 _____ (ESET) C:\Users\Gabi\Desktop\eset_nod32_antivirus_live_installer_.exe 2014-08-29 05:29 - 2009-07-14 06:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-29 05:29 - 2009-07-14 06:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-29 04:45 - 2014-08-29 04:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON 2014-08-29 04:31 - 2011-10-11 13:50 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-08-29 04:25 - 2014-08-29 04:25 - 00000020 ___SH () C:\Users\TEMP\ntuser.ini 2014-08-29 04:25 - 2014-08-29 04:25 - 00000000 _SHDL () C:\Users\TEMP\Vorlagen 2014-08-29 04:25 - 2014-08-29 04:25 - 00000000 _SHDL () C:\Users\TEMP\Startmenü 2014-08-29 04:25 - 2014-08-29 04:25 - 00000000 _SHDL () C:\Users\TEMP\Netzwerkumgebung 2014-08-29 04:25 - 2014-08-29 04:25 - 00000000 _SHDL () C:\Users\TEMP\Lokale Einstellungen 2014-08-29 04:25 - 2014-08-29 04:25 - 00000000 _SHDL () C:\Users\TEMP\Eigene Dateien 2014-08-29 04:25 - 2014-08-29 04:25 - 00000000 _SHDL () C:\Users\TEMP\Druckumgebung 2014-08-29 04:25 - 2014-08-29 04:25 - 00000000 _SHDL () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-08-29 04:25 - 2014-08-29 04:25 - 00000000 _SHDL () C:\Users\TEMP\AppData\Local\Verlauf 2014-08-29 04:25 - 2014-08-29 04:25 - 00000000 _SHDL () C:\Users\TEMP\AppData\Local\Anwendungsdaten 2014-08-29 04:25 - 2014-08-29 04:25 - 00000000 _SHDL () C:\Users\TEMP\Anwendungsdaten 2014-08-29 04:25 - 2014-08-29 04:25 - 00000000 ____D () C:\Users\TEMP 2014-08-29 04:23 - 2014-08-27 16:20 - 00006753 _____ () C:\Windows\DtcInstall.log 2014-08-29 04:23 - 2014-08-22 13:23 - 00004922 _____ () C:\Windows\setupact.log 2014-08-29 04:23 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-29 04:21 - 2014-07-11 04:24 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-08-29 04:20 - 2014-07-09 15:23 - 00000000 ____D () C:\ProgramData\UDL 2014-08-29 04:18 - 2014-07-09 15:18 - 00000000 ____D () C:\Program Files (x86)\epson 2014-08-29 04:16 - 2014-08-29 04:16 - 00002298 _____ () C:\Users\Public\Desktop\Epson Stylus SX210_SX410_TX210_TX410 Handbuch.lnk 2014-08-29 04:15 - 2014-07-09 15:18 - 00000000 ____D () C:\ProgramData\EPSON 2014-08-29 04:12 - 2014-08-22 13:23 - 00006848 _____ () C:\Windows\PFRO.log 2014-08-29 04:03 - 2012-02-26 12:11 - 00773502 _____ () C:\Windows\system32\perfh007.dat 2014-08-29 04:03 - 2012-02-26 12:11 - 00176440 _____ () C:\Windows\system32\perfc007.dat 2014-08-29 04:03 - 2009-07-14 07:13 - 01807946 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-29 03:47 - 2014-08-29 03:47 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\InstallShield 2014-08-28 17:38 - 2014-02-16 09:52 - 00000680 __RSH () C:\Users\Gabi\ntuser.pol 2014-08-28 17:38 - 2012-06-08 12:14 - 00000000 ____D () C:\Users\Gabi 2014-08-28 16:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-08-28 16:32 - 2012-06-08 12:14 - 00000000 ___RD () C:\Users\Gabi\Dokumente 2014-08-28 15:36 - 2014-08-28 15:36 - 00001560 _____ () C:\Users\Gabi\Desktop\Windows -Antimalware.lnk 2014-08-28 15:36 - 2014-08-25 16:56 - 00000000 ____D () C:\Users\Gabi\Downloads\Windows Downlaods 2014-08-28 15:32 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries 2014-08-28 15:10 - 2014-08-28 15:09 - 00000000 ____D () C:\Users\Gabi\Dokumente\Ereignisprotokoll & Diskreport 2014-08-28 15:04 - 2014-02-03 07:59 - 00000000 ____D () C:\Users\Gabi\Dokumente\Wichtige Unterlagen ARBEIT 2014-08-28 15:03 - 2014-02-03 07:51 - 00000000 ____D () C:\Users\Gabi\Dokumente\Stadtwerke 2014-08-28 15:03 - 2013-07-08 00:06 - 00000000 ____D () C:\Users\Gabi\Dokumente\Schule Dario 2014-08-28 15:02 - 2014-02-03 08:04 - 00000000 ____D () C:\Users\Gabi\Dokumente\MUSTERBRIEFE VERBRAUCHERZENTRALE 2014-08-28 14:59 - 2014-03-04 11:52 - 00000000 ____D () C:\Users\Gabi\Dokumente\Kindergeld 2014-08-28 14:59 - 2014-01-12 14:40 - 00000000 ____D () C:\Users\Gabi\Dokumente\Marco 2014-08-28 14:58 - 2014-05-13 18:14 - 00000000 ____D () C:\Users\Gabi\Dokumente\HPG 14.05.2014 2014-08-28 14:58 - 2014-02-21 12:58 - 00000000 ____D () C:\Users\Gabi\Dokumente\Jobcenter 2014-08-28 14:58 - 2014-02-03 08:05 - 00000000 ____D () C:\Users\Gabi\Dokumente\Jugendamt 2014-08-28 14:57 - 2013-07-08 00:10 - 00000000 ____D () C:\Users\Gabi\Dokumente\Hammes 2014-08-28 14:56 - 2014-02-03 08:03 - 00000000 ____D () C:\Users\Gabi\Dokumente\HAMM HÜRRÜNGÜN 2014-08-28 14:56 - 2014-02-03 07:54 - 00000000 ____D () C:\Users\Gabi\Dokumente\Frau Laumann 2014-08-28 14:55 - 2013-07-08 00:08 - 00000000 ____D () C:\Users\Gabi\Dokumente\Base 2014-08-28 14:55 - 2013-07-06 06:29 - 00000000 ____D () C:\Users\Gabi\Fotos 2014-08-28 14:54 - 2014-05-10 18:59 - 00000000 ____D () C:\Users\Gabi\Dokumente\CALLA 2014-08-28 14:54 - 2013-07-08 00:16 - 00000000 ____D () C:\Users\Gabi\Dokumente\A-Amt 2014-08-28 14:53 - 2013-07-08 00:03 - 00000000 ____D () C:\Users\Gabi\Dokumente\Dario 2014-08-28 13:47 - 2014-05-01 19:52 - 00000000 ____D () C:\Users\Gabi\Dokumente\Alle Frequenzen im BOS und Polizeifunk im 8m, 4m, 2m und 70cm Band_files 2014-08-28 13:46 - 2014-05-03 21:47 - 00000000 ____D () C:\Users\Gabi\Dokumente\mt 2014-08-28 13:37 - 2014-08-20 14:46 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\vlc 2014-08-28 13:20 - 2014-08-28 13:20 - 00000000 ___RD () C:\GABI-PC -SICHERUNGEN- 2014-08-28 13:09 - 2014-08-28 13:09 - 00001103 _____ () C:\Users\Gabi\Desktop\TRAILERPARK.lnk 2014-08-28 13:08 - 2014-08-28 13:08 - 00001056 _____ () C:\Users\Gabi\Desktop\257ERS.lnk 2014-08-28 13:00 - 2014-08-27 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Suggestor 2014-08-28 13:00 - 2014-08-27 16:11 - 00000000 ____D () C:\Program Files (x86)\Smart Suggestor 2014-08-28 13:00 - 2014-08-26 08:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014 2014-08-28 13:00 - 2014-08-26 08:34 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014 2014-08-28 13:00 - 2014-08-25 16:55 - 00000000 ____D () C:\Users\Gabi\Downloads\Downloads nachschauen 2014-08-28 13:00 - 2014-08-25 10:01 - 00000000 ____D () C:\Program Files\Windows Journal 2014-08-28 13:00 - 2014-08-24 22:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor 2014-08-28 13:00 - 2014-08-22 09:06 - 00000000 ___HD () C:\Windows\Icons 2014-08-28 13:00 - 2012-02-26 03:26 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-08-28 13:00 - 2012-02-26 03:25 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-08-28 13:00 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-08-28 13:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-08-28 13:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-08-28 13:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Branding 2014-08-28 12:59 - 2014-08-25 10:01 - 00000000 ____D () C:\Windows\ShellNew 2014-08-28 12:59 - 2014-08-24 20:15 - 00000000 ____D () C:\Windows\SysWOW64\NV 2014-08-28 12:59 - 2014-08-24 20:15 - 00000000 ____D () C:\Windows\system32\NV 2014-08-28 12:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\schemas 2014-08-28 12:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-08-28 10:09 - 2014-08-27 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CardRecovery 2014-08-28 09:54 - 2014-08-27 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit 2014-08-28 09:38 - 2014-08-22 13:23 - 00293120 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-28 09:31 - 2014-08-28 09:31 - 00001549 _____ () C:\Users\Gabi\Desktop\Malware -bytes.lnk 2014-08-28 08:43 - 2014-08-28 08:43 - 00002770 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 2014-08-27 15:36 - 2014-08-27 15:36 - 00000656 _____ () C:\Users\Gabi\Desktop\pdf-editor_setup_full1155.exe.lnk 2014-08-27 15:01 - 2014-08-27 12:26 - 00000000 ____D () C:\ProgramData\SpeedMaxPc 2014-08-27 12:27 - 2014-08-27 12:27 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\SpeedMaxPc 2014-08-27 12:27 - 2014-08-27 12:27 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\DriverCure 2014-08-27 12:21 - 2014-08-27 12:21 - 00002056 _____ () C:\Users\Gabi\Desktop\TuneUp 1-Klick-Wartung.lnk 2014-08-27 12:21 - 2014-08-27 12:21 - 00002052 _____ () C:\Users\Gabi\Desktop\TuneUp Utilities 2014.lnk 2014-08-27 10:41 - 2007-07-12 03:49 - 00000000 ____D () C:\Windows\Panther 2014-08-26 16:14 - 2014-08-26 16:14 - 00001362 _____ () C:\Users\Gabi\Desktop\BEST OF TRAILERPARK & 257ERS.lnk 2014-08-26 14:22 - 2012-08-06 19:00 - 01782226 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-08-26 13:35 - 2014-08-26 13:35 - 00003544 ____N () C:\bootsqm.dat 2014-08-26 10:47 - 2014-04-11 13:27 - 00000000 ____D () C:\Users\Gabi\Dokumente\Gespräch Fr. Starp 11.04.2014 2014-08-26 10:44 - 2014-04-27 18:31 - 00000000 ____D () C:\Users\Gabi\Dokumente\WINDOWS REPAIR 2014-08-26 10:29 - 2014-08-26 10:29 - 00000000 ____D () C:\Users\Gabi\Dokumente\Epson Handbuch 2014-08-26 10:16 - 2014-06-26 20:44 - 00000000 ____D () C:\Fotos von Marco´s Handy; versuvh 2014-08-26 10:16 - 2014-03-04 11:34 - 00000000 ____D () C:\Users\Gabi\Dokumente\Mietvertrag Hohe Strasse 2014-08-26 10:15 - 2014-03-04 14:14 - 00000000 ____D () C:\Users\Gabi\Dokumente\SCHMITZ NK 2013 2014-08-26 10:15 - 2014-03-04 11:55 - 00000000 ____D () C:\Users\Gabi\Dokumente\UVG 2014-08-26 10:13 - 2014-03-04 11:25 - 00000000 ____D () C:\Users\Gabi\Dokumente\SCHEIDUNGSURTEIL 2014-08-26 10:12 - 2014-03-04 18:22 - 00000000 ____D () C:\Users\Gabi\Dokumente\STADTWERKE JAHRESRECCHNUNG GAS - 2013 2014-08-26 10:12 - 2014-03-04 11:30 - 00000000 ____D () C:\Users\Gabi\Dokumente\Ablauf ALG-I-Bezug 2014-08-26 08:55 - 2012-02-26 03:39 - 00000000 ____D () C:\ProgramData\install_clap 2014-08-26 08:39 - 2014-08-21 17:03 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-08-26 08:34 - 2014-08-26 08:34 - 00002173 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2014.lnk 2014-08-26 08:34 - 2014-08-20 14:57 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\TuneUp Software 2014-08-25 18:10 - 2013-02-09 08:41 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\NCH Software 2014-08-25 18:06 - 2014-08-22 13:39 - 00002968 _____ () C:\Windows\System32\Tasks\{935254F1-69CA-4F8E-9052-9433F872F202} 2014-08-25 16:50 - 2014-08-25 16:50 - 00001472 _____ () C:\Windows\IE11_main.log 2014-08-25 10:01 - 2014-08-25 10:01 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC 2014-08-25 01:31 - 2014-08-25 01:31 - 00000000 _____ () C:\Windows\setuperr.log 2014-08-25 01:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system 2014-08-25 01:09 - 2014-08-25 01:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-25 01:09 - 2014-08-25 01:09 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-24 22:59 - 2014-08-24 22:17 - 00002099 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk 2014-08-24 20:15 - 2012-02-26 03:26 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-08-23 04:07 - 2014-08-28 08:46 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 03:45 - 2014-08-28 08:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-23 02:59 - 2014-08-28 08:46 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-22 15:59 - 2014-08-22 15:59 - 00002992 _____ () C:\Windows\System32\Tasks\{C48A051A-2315-41EF-9F4B-F0E795C9B490} 2014-08-22 14:19 - 2014-08-22 14:19 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\Macromedia 2014-08-22 13:29 - 2012-09-08 17:45 - 00002057 _____ () C:\Windows\epplauncher.mif 2014-08-22 13:22 - 2014-08-01 23:00 - 00327680 _____ () C:\Windows\system32\Ikeext.etl 2014-08-22 12:13 - 2012-06-08 12:17 - 00001433 _____ () C:\Users\Gabi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-08-21 19:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-08-21 17:26 - 2013-10-05 18:52 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-08-21 17:26 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-08-21 16:46 - 2013-12-31 01:19 - 00000000 ____D () C:\Windows\System32\Tasks\Nero 2014-08-21 16:46 - 2013-11-10 13:18 - 00003500 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Gabi-PC-Gabi 2014-08-21 16:46 - 2012-09-08 21:02 - 00003786 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm 2014-08-21 08:35 - 2013-10-22 09:12 - 00001148 _____ () C:\Users\Gabi\Desktop\Uninstall Manager Start.lnk 2014-08-21 08:35 - 2013-01-26 17:38 - 00000000 ___RD () C:\Users\Gabi\Desktop\Uninstall Manager Setup-Datei 2014-08-21 07:48 - 2014-08-21 07:46 - 00001197 _____ () C:\Users\Gabi\Desktop\Fotos.lnk 2014-08-21 07:43 - 2014-08-20 11:32 - 00001755 _____ () C:\Users\Gabi\Desktop\Suchvorgänge.lnk 2014-08-21 07:42 - 2014-03-12 13:31 - 00001766 _____ () C:\Users\Gabi\Desktop\Eigene Dokumente.lnk 2014-08-21 07:42 - 2013-07-06 09:21 - 00001042 _____ () C:\Users\Gabi\Desktop\Gabi.lnk 2014-08-21 07:35 - 2014-02-22 19:58 - 00001796 _____ () C:\Users\Gabi\Desktop\MP3 MINIMAL Techno.lnk 2014-08-21 07:34 - 2014-02-22 19:58 - 00001775 _____ () C:\Users\Gabi\Desktop\MP3 ACID Techno.lnk 2014-08-20 17:47 - 2014-07-11 05:11 - 00000000 ____D () C:\inetpub 2014-08-20 15:10 - 2014-08-20 11:27 - 00000000 ___RD () C:\Users\Gabi\Suchen 2014-08-20 14:54 - 2012-09-26 15:16 - 00000000 ____D () C:\Users\SYSTEM 2014-08-20 13:35 - 2014-05-28 07:02 - 00000000 ____D () C:\ProgramData\GlarySoft 2014-08-20 13:35 - 2014-05-28 06:56 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\GlarySoft 2014-08-20 10:10 - 2011-10-11 14:20 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-08-17 02:31 - 2011-10-11 14:00 - 00000000 ____D () C:\ProgramData\WildTangent 2014-08-17 02:31 - 2011-10-11 14:00 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games 2014-08-17 02:30 - 2014-08-17 02:29 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-08-16 19:34 - 2014-08-16 19:34 - 00003028 _____ () C:\Windows\System32\Tasks\{14D869DD-E476-4211-9A2B-7DB47C22235C} 2014-08-16 14:49 - 2014-08-13 14:47 - 00076329 _____ () C:\Windows\system32\ScanResults.xml 2014-08-16 14:47 - 2014-08-13 14:43 - 00000464 _____ () C:\Windows\system32\ScannerSettings 2014-08-16 11:54 - 2014-08-16 11:54 - 00000000 ____D () C:\ProgramData\CheckPoint 2014-08-14 10:48 - 2013-09-01 13:20 - 00000000 ____D () C:\Windows\system32\MRT 2014-08-14 10:37 - 2014-05-09 12:15 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-08-10 19:50 - 2014-08-10 08:50 - 00000163 _____ () C:\Windows\Reimage.ini 2014-08-09 04:13 - 2014-05-28 06:56 - 00000000 ____D () C:\Users\Gabi\AppData\Roaming\DiskDefrag 2014-08-09 01:18 - 2014-08-09 01:18 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2014-08-07 04:06 - 2014-08-14 02:13 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-08-07 04:01 - 2014-08-14 02:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-08-07 00:22 - 2014-05-31 23:54 - 00000000 ____D () C:\Users\Gabi\Dokumente\DVDVideoSoft 2014-08-01 22:32 - 2014-03-14 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-08-01 21:37 - 2014-07-29 12:16 - 00000000 ____D () C:\Users\Gabi\Dokumente\Treibersicherung 2014-08-01 01:41 - 2014-08-14 02:13 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-01 01:16 - 2014-08-14 02:13 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-07-31 23:41 - 2012-09-08 01:14 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe Some content of TEMP: ==================== C:\Users\Gabi\AppData\Local\Temp\DseShExt-x64.dll C:\Users\Gabi\AppData\Local\Temp\DseShExt-x86.dll C:\Users\Gabi\AppData\Local\Temp\InstHelper.exe C:\Users\Gabi\AppData\Local\Temp\Player_Setup.exe C:\Users\Gabi\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\Gabi\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\Gabi\AppData\Local\Temp\Setup.exe C:\Users\Gabi\AppData\Local\Temp\_is14F6.exe C:\Users\Gabi\AppData\Local\Temp\_is3919.exe C:\Users\Gabi\AppData\Local\Temp\_is46A0.exe C:\Users\Gabi\AppData\Local\Temp\_is4A67.exe C:\Users\Gabi\AppData\Local\Temp\_is710A.exe C:\Users\Gabi\AppData\Local\Temp\_is88CE.exe C:\Users\Gabi\AppData\Local\Temp\_isC9B4.exe C:\Users\Gabi\AppData\Local\Temp\_isD7C8.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ Windows-Start-Manager --------------------- Bezeichner {bootmgr} device partition=\Device\HarddiskVolume2 description Windows Boot Manager locale de-DE inherit {globalsettings} default {current} resumeobject {59be5274-6060-11e1-a589-81634de44ff0} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Windows-Startladeprogramm ------------------------- Bezeichner {current} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale de-DE inherit {bootloadersettings} recoverysequence {59be5276-6060-11e1-a589-81634de44ff0} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {59be5274-6060-11e1-a589-81634de44ff0} nx OptIn Windows-Startladeprogramm ------------------------- Bezeichner {59be5276-6060-11e1-a589-81634de44ff0} device ramdisk=[C:]\Recovery\59be5276-6060-11e1-a589-81634de44ff0\Winre.wim,{59be5277-6060-11e1-a589-81634de44ff0} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\59be5276-6060-11e1-a589-81634de44ff0\Winre.wim,{59be5277-6060-11e1-a589-81634de44ff0} systemroot \windows nx OptIn winpe Yes Wiederaufnahme aus dem Ruhezustand ---------------------------------- Bezeichner {59be5274-6060-11e1-a589-81634de44ff0} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale de-DE inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows-Speichertestprogramm ---------------------------- Bezeichner {memdiag} device partition=\Device\HarddiskVolume2 path \boot\memtest.exe description Windows Memory Diagnostic locale de-DE inherit {globalsettings} badmemoryaccess Yes EMS-Einstellungen ----------------- Bezeichner {emssettings} bootems Yes Debuggereinstellungen --------------------- Bezeichner {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM-Defekte ----------- Bezeichner {badmemory} Globale Einstellungen --------------------- Bezeichner {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Startladeprogramm-Einstellungen ------------------------------- Bezeichner {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisoreinstellungen ------------------- Bezeichner {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Einstellungen zur Ladeprogrammfortsetzung ----------------------------------------- Bezeichner {resumeloadersettings} inherit {globalsettings} Ger„teoptionen -------------- Bezeichner {59be5277-6060-11e1-a589-81634de44ff0} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\59be5276-6060-11e1-a589-81634de44ff0\boot.sdi LastRegBack: 2014-08-17 09:04 ==================== End Of Log ============================ --- --- --- Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-08-2014 Ran by Gabi at 2014-08-29 12:02:23 Running from C:\Users\Gabi\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AV: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} AS: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1784.41616 - ABBYY Software House) Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.0.1.152 - Adobe Systems Incorporated) Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated) Adobe Photoshop Elements 9 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Premiere Elements 9 (HKLM-x32\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated) Adobe Premiere Elements 9 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated) Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.8.2.2 - Broadcom Corporation) Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.4.1 - Broadcom Corporation) CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1720_38230 - CyberLink Corp.) CyberLink MediaEspresso (x32 Version: 6.5.1720_38230 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM) Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Epson Stylus SX210_SX410_TX210_TX410 Handbuch (HKLM-x32\...\Epson Stylus SX210_SX410_TX210_TX410 Benutzerhandbuch) (Version: - ) ESET NOD32 Antivirus (HKLM\...\{EDD78A07-776B-417C-817B-35BB00F12EBF}) (Version: 7.0.317.4 - ESET, spol s r. o.) Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.) HomeMedia (HKLM-x32\...\{AA4BF92B-2AAF-11DA-9D78-000129760D75}) (Version: 2.0.8920 - CyberLink Corporation) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Packard Bell) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation) Java Auto Updater (x32 Version: 2.0.2.4 - Sun Microsystems, Inc.) Hidden Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle) Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Packard Bell) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) MediaHuman Audio Converter Version 1.9 (HKLM-x32\...\MediaHuman Audio Converter_is1) (Version: 1.9 - MediaHuman) MediaHuman YouTube to MP3 Converter Version 3.5.3 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.5.3 - ) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Nero 2014 (HKLM-x32\...\{CFF19D4A-F26D-4C6C-8535-A7C9107C9027}) (Version: 15.0.07100 - Nero AG) Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden Nero Blu-ray Player (x32 Version: 12.0.20064 - Nero AG) Hidden Nero Blu-ray Player Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden Nero Burning Core (x32 Version: 15.0.25001 - Nero AG) Hidden Nero Burning ROM (x32 Version: 15.0.25001 - Nero AG) Hidden Nero Burning ROM Help (CHM) (x32 Version: 15.0.00021 - Nero AG) Hidden Nero Control Center 10 (x32 Version: 10.6.12700.0.7 - Nero AG) Hidden Nero ControlCenter (x32 Version: 11.0.16700 - Nero AG) Hidden Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden Nero ControlCenter Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden Nero Core Components (x32 Version: 11.0.23200 - Nero AG) Hidden Nero Core Components 10 (x32 Version: 2.0.19900.9.11 - Nero AG) Hidden Nero Device Updates (x32 Version: 15.0.1002 - Nero AG) Hidden Nero Disc Menus Basic (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Disc to Device (x32 Version: 15.0.12032 - Nero AG) Hidden Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden Nero Effects Basic (x32 Version: 15.0.10011 - Nero AG) Hidden Nero Express (x32 Version: 15.0.25001 - Nero AG) Hidden Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG) Nero Express 10 Help (CHM) (x32 Version: 10.6.10700 - Nero AG) Hidden Nero Express Help (CHM) (x32 Version: 15.0.00021 - Nero AG) Hidden Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG) Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden Nero Launcher (x32 Version: 15.0.12000 - Nero AG) Hidden Nero MediaHome (x32 Version: 1.22.3600 - Nero AG) Hidden Nero MediaHome Help (CHM) (x32 Version: 15.0.00021 - Nero AG) Hidden Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG) Nero PiP Effects Basic (x32 Version: 15.0.10008 - Nero AG) Hidden Nero Recode (x32 Version: 15.0.25000 - Nero AG) Hidden Nero Recode Help (CHM) (x32 Version: 15.0.00021 - Nero AG) Hidden Nero RescueAgent (x32 Version: 15.0.2000 - Nero AG) Hidden Nero RescueAgent Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden Nero SharedVideoCodecs (x32 Version: 1.0.15005 - Nero AG) Hidden Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG) Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000 - Nero AG) Hidden Nero Update (x32 Version: 11.0.13300.42.0 - Nero AG) Hidden Nero Video (x32 Version: 15.0.23000 - Nero AG) Hidden Nero Video Help (CHM) (x32 Version: 15.0.00021 - Nero AG) Hidden NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) Hidden NVIDIA PhysX (HKLM-x32\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation) NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org) Packard Bell Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Packard Bell) Packard Bell Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Packard Bell) Packard Bell Registration (HKLM-x32\...\Packard Bell Registration) (Version: 1.04.3504 - Packard Bell) Packard Bell ScreenSaver (HKLM-x32\...\Packard Bell Screensaver) (Version: 1.1.0915.2011 - Packard Bell ) Packard Bell Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Packard Bell) PDF24 Creator 5.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden Smart Suggestor (HKLM-x32\...\Smart Suggestor) (Version: 1.2.13.0 - Think Tank Labs, LLC) TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.216 - TuneUp Software) Hidden TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.216 - TuneUp Software) TuneUp Utilities 2014 (x32 Version: 14.0.1000.216 - TuneUp Software) Hidden TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3020.2 - TuneUp Software) Hidden Uninstall Manager 5.3 (HKLM\...\{45BFB5F0-19B7-4564-B787-A3BAAA0E5AA1}_is1) (Version: 5.3 - Martin Fuchs) Video Web Camera (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.) Video Web Camera (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden Welcome Center (HKLM-x32\...\Packard Bell Welcome Center) (Version: 1.02.3504 - Packard Bell) WildTangent Games App (Packard Bell Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden Windows 7 Upgrade Advisor (HKLM-x32\...\{9A4D182C-35C7-4791-8484-4304EBC9101A}) (Version: 2.0.5000.0 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3220686304-206382180-1288161846-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Gabi\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3220686304-206382180-1288161846-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Gabi\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.) ==================== Restore Points ========================= 25-08-2014 03:20:03 Windows Update 25-08-2014 08:01:09 Windows Modules Installer 25-08-2014 14:14:07 Windows Modules Installer 25-08-2014 16:06:33 TuneUp Utilities 2014 wird entfernt 25-08-2014 16:08:13 TuneUp Utilities 2014 (de-DE) wird entfernt 26-08-2014 06:28:13 TuneUp Utilities 2014 wird installiert 28-08-2014 07:34:17 Windows Update 28-08-2014 10:51:54 Wiederherstellungsvorgang 29-08-2014 02:01:01 Installiert InstallShield Wiederherstellungspunkt 29-08-2014 02:17:02 Installiert InstallShield Wiederherstellungspunkt ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {18A439AB-78C9-4EE6-B6F8-4521D6B0C053} - \DealPlyUpdate No Task File <==== ATTENTION Task: {20C6C438-10E3-4766-99F8-1B13B8AF4FF0} - System32\Tasks\{935254F1-69CA-4F8E-9052-9433F872F202} => C:\Program Files (x86)\NCH Software\Switch\switch.exe Task: {2F2CE611-F235-422A-AED6-168C2AD516BB} - \PC Performer No Task File <==== ATTENTION Task: {6C021162-AB55-4260-87C6-562AB6B1984B} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-05-20] (CyberLink) Task: {76C64681-7712-4D01-B978-59621C6FF4A3} - System32\Tasks\{C48A051A-2315-41EF-9F4B-F0E795C9B490} => C:\Program Files (x86)\TuneUp Utilities 2014\StartupOptimizer.exe [2013-12-10] (TuneUp Software) Task: {8E45A426-73B1-4CC7-A9D5-CBE5ED671E77} - \BrowserSafeguard Update Task No Task File <==== ATTENTION Task: {A25BFC0C-0EC1-42F5-9DB3-BF9F7B10CA4D} - \EPUpdater No Task File <==== ATTENTION Task: {A813132B-4E48-4E37-89BD-B2445E187C0F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3220686304-206382180-1288161846-1001Core => C:\Users\Gabi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-08] (Google Inc.) Task: {C617A6F7-EBFF-42BA-A891-34D66C0B1AC6} - System32\Tasks\Google Updater and Installer => C:\Users\Gabi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-08] (Google Inc.) Task: {CD5AE839-7FE6-4EA4-9320-1B02D276B61E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {DE849EFF-F5DB-4830-B944-B70F485A4B89} - System32\Tasks\AdobeAAMUpdater-1.0-Gabi-PC-Gabi => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated) Task: {E7C75A9D-6285-431D-AC1D-C50845E86D56} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2013-12-10] (TuneUp Software) Task: {E88E9EFB-C3C2-405C-B1D7-4BD2A1D05CFC} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated) Task: {F2C5D482-18FD-4A57-9C70-0ECA2316437B} - \DealPly No Task File <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3220686304-206382180-1288161846-1001Core.job => C:\Users\Gabi\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-02-26 03:26 - 2013-08-30 00:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-07-06 09:14 - 2007-01-18 03:32 - 00146432 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxctdrpp.dll 2013-09-05 02:36 - 2013-09-05 02:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2013-12-10 09:51 - 2013-12-10 09:51 - 00742200 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll 2014-08-14 11:06 - 2014-08-14 11:06 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\7598189e5bf031ab690da3f2ae3b30ef\IsdiInterop.ni.dll 2011-10-11 13:50 - 2011-04-30 09:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2014-08-15 18:27 - 2014-08-07 05:20 - 00718152 _____ () C:\Users\Gabi\AppData\Local\Google\Chrome\Application\36.0.1985.143\libglesv2.dll 2014-08-15 18:27 - 2014-08-07 05:20 - 00126280 _____ () C:\Users\Gabi\AppData\Local\Google\Chrome\Application\36.0.1985.143\libegl.dll 2014-08-15 18:27 - 2014-08-07 05:20 - 08537928 _____ () C:\Users\Gabi\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll 2014-08-15 18:27 - 2014-08-07 05:20 - 00353096 _____ () C:\Users\Gabi\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll 2014-08-15 18:27 - 2014-08-07 05:20 - 01732936 _____ () C:\Users\Gabi\AppData\Local\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: (default) => MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/29/2014 05:11:17 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm explorer.exe, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 474 Startzeit: 01cfc336aef67c7b Endzeit: 0 Anwendungspfad: C:\Windows\explorer.exe Berichts-ID: 16d51970-2f2a-11e4-a2a3-dc0ea19a135d Error: (08/29/2014 04:25:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Gabi-PC) Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren. Error: (08/29/2014 04:25:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Gabi-PC) Description: Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden. Error: (08/29/2014 04:24:49 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/29/2014 04:17:02 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-3220686304-206382180-1288161846-1000.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig. . Vorgang: OnIdentify-Ereignis Generatordaten werden gesammelt Kontext: Ausführungskontext: Shadow Copy Optimization Writer Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Generatorname: Shadow Copy Optimization Writer Generatorinstanz-ID: {d758659b-9bab-4b6c-9332-426e3262ecaf} Error: (08/29/2014 04:15:58 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Gabi-PC) Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren. Error: (08/29/2014 04:15:58 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Gabi-PC) Description: Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden. Error: (08/29/2014 04:14:48 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/29/2014 04:11:34 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Gabi-PC) Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren. Error: (08/29/2014 04:11:34 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Gabi-PC) Description: Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden. System errors: ============= Error: (08/29/2014 06:20:25 AM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Der Dienst "ESET Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (08/29/2014 04:53:08 AM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{E151C35F-D4CF-4E7D-A7CF-D4380577DC42}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (08/29/2014 04:23:48 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: qmhgf Error: (08/29/2014 04:13:47 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: qmhgf Error: (08/29/2014 04:12:18 AM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: Der Dienst TuneUp Utilities Service konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden. Error: (08/29/2014 04:09:23 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: qmhgf Error: (08/29/2014 03:51:35 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: qmhgf Error: (08/29/2014 03:31:32 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: qmhgf Error: (08/28/2014 06:31:10 PM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{E151C35F-D4CF-4E7D-A7CF-D4380577DC42}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (08/28/2014 05:38:31 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: qmhgf Microsoft Office Sessions: ========================= Error: (08/29/2014 05:11:17 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: explorer.exe6.1.7601.1756747401cfc336aef67c7b0C:\Windows\explorer.exe16d51970-2f2a-11e4-a2a3-dc0ea19a135d Error: (08/29/2014 04:25:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Gabi-PC) Description: Error: (08/29/2014 04:25:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Gabi-PC) Description: Error: (08/29/2014 04:24:49 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/29/2014 04:17:02 AM) (Source: VSS) (EventID: 8193) (User: ) Description: ConvertStringSidToSid(S-1-5-21-3220686304-206382180-1288161846-1000.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig. Vorgang: OnIdentify-Ereignis Generatordaten werden gesammelt Kontext: Ausführungskontext: Shadow Copy Optimization Writer Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Generatorname: Shadow Copy Optimization Writer Generatorinstanz-ID: {d758659b-9bab-4b6c-9332-426e3262ecaf} Error: (08/29/2014 04:15:58 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Gabi-PC) Description: Error: (08/29/2014 04:15:58 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Gabi-PC) Description: Error: (08/29/2014 04:14:48 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/29/2014 04:11:34 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Gabi-PC) Description: Error: (08/29/2014 04:11:34 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Gabi-PC) Description: CodeIntegrity Errors: =================================== Date: 2012-09-08 17:32:41.048 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Gabi\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-09-08 17:32:41.017 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Gabi\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-09-08 17:32:40.876 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-09-08 17:32:40.861 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz Percentage of memory in use: 69% Total physical RAM: 3947.86 MB Available physical RAM: 1185.48 MB Total Pagefile: 7893.9 MB Available Pagefile: 4694.94 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (Packard Bell) (Fixed) (Total:277.99 GB) (Free:201.69 GB) NTFS Drive d: (EPSON) (CDROM) (Total:0.22 GB) (Free:0 GB) CDFS Drive f: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:464.08 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 42F397A7) Partition 1: (Not Active) - (Size=20 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=278 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 531C9FCC) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
30.08.2014, 06:55 | #5 |
/// the machine /// TB-Ausbilder | Packard Bell EasyNote Ts, Win7:Touchpad reagiert nicht mehr und MP3, den erkannt, aber nicht eingelesen hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
30.08.2014, 18:49 | #6 |
| Packard Bell EasyNote Ts, Win7:Touchpad reagiert nicht mehr und MP3, den erkannt, aber nicht eingelesen Combofix meldet, dass Microsoft Essentials noch aktiv ist und ich weiß nicht; ob es nur ,,meckert´´ oder dies der Fall ist..... Hallo! Hier einmal die Daten, die ich über den Combofix-Scan bekommen habe. Ich hoffe, es sind die gewünschten im richtigen Format..... Combofix Logfile: Code:
ATTFilter ComboFix 14-08-29.03 - Gabi 30.08.2014 18:49:47.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3948.2333 [GMT 2:00] ausgeführt von:: c:\users\Gabi\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289} AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Im Speicher befindliches AV aktiv. . . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Gabi\AppData\Roaming\Microsoft\Windows\Recent\desktop_69065494.ico c:\windows\SysWow64\DEBUG.log c:\windows\wininit.ini . . ((((((((((((((((((((((( Dateien erstellt von 2014-07-28 bis 2014-08-30 )))))))))))))))))))))))))))))) . . 2014-08-30 17:02 . 2014-08-30 17:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2014-08-30 17:02 . 2014-08-30 17:02 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-08-30 16:10 . 2014-08-30 16:10 -------- d-----w- c:\users\TEMP 2014-08-30 15:59 . 2014-07-21 10:27 29496 ----a-w- c:\windows\system32\authuitu.dll 2014-08-30 15:59 . 2014-07-21 10:27 25400 ----a-w- c:\windows\SysWow64\authuitu.dll 2014-08-30 15:59 . 2014-07-21 10:27 43320 ----a-w- c:\windows\system32\uxtuneup.dll 2014-08-30 15:59 . 2014-07-21 10:27 36152 ----a-w- c:\windows\SysWow64\uxtuneup.dll 2014-08-30 04:54 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF4E4903-D4CA-44A7-8EBD-05C0ECE6F65A}\mpengine.dll 2014-08-30 02:01 . 2014-08-30 02:01 -------- d-----w- c:\users\Public\Recorded TV 2014-08-29 16:40 . 2014-08-20 06:29 1169712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{86E7FF9F-B236-46C4-8114-B1F9379ADD1A}\gapaengine.dll 2014-08-29 16:39 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-08-29 09:46 . 2014-08-29 10:03 -------- d-----w- C:\FRST 2014-08-29 04:20 . 2014-08-29 04:20 -------- d-----w- c:\program files\ESET 2014-08-29 01:47 . 2014-08-29 01:47 -------- d-----w- c:\users\Gabi\AppData\Roaming\InstallShield 2014-08-28 11:20 . 2014-08-28 11:20 -------- d-----r- C:\GABI-PC -SICHERUNGEN- 2014-08-28 06:46 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys 2014-08-28 06:46 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll 2014-08-28 06:46 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll 2014-08-27 14:11 . 2014-08-28 11:00 -------- d-----w- c:\program files (x86)\Smart Suggestor 2014-08-27 10:27 . 2014-08-27 10:27 -------- d-----w- c:\users\Gabi\AppData\Roaming\DriverCure 2014-08-27 10:27 . 2014-08-27 10:27 -------- d-----w- c:\users\Gabi\AppData\Roaming\SpeedMaxPc 2014-08-27 10:26 . 2014-08-27 13:01 -------- d-----w- c:\programdata\SpeedMaxPc 2014-08-26 06:34 . 2014-07-21 10:27 40760 ----a-w- c:\windows\system32\TURegOpt.exe 2014-08-26 06:34 . 2014-08-30 16:00 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2014 2014-08-25 08:01 . 2014-08-28 11:00 -------- d-----w- c:\program files\Windows Journal 2014-08-25 08:01 . 2014-08-28 10:59 -------- d-----w- c:\windows\ShellNew 2014-08-24 23:39 . 2014-05-08 09:32 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll 2014-08-24 23:39 . 2014-05-08 09:32 3178496 ----a-w- c:\windows\system32\rdpcorets.dll 2014-08-24 23:39 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll 2014-08-24 23:39 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll 2014-08-24 23:09 . 2014-08-30 16:08 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-08-24 23:09 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-08-24 23:09 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-08-24 23:09 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-08-24 23:09 . 2014-08-24 23:09 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware 2014-08-24 20:17 . 2014-08-28 11:00 -------- d-----w- c:\program files (x86)\Microsoft Windows 7 Upgrade Advisor 2014-08-24 18:15 . 2014-08-28 10:59 -------- d-----w- c:\windows\system32\NV 2014-08-24 18:15 . 2014-08-28 10:59 -------- d-----w- c:\windows\SysWow64\NV 2014-08-24 18:02 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys 2014-08-24 18:02 . 2012-08-23 14:08 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys 2014-08-24 18:02 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll 2014-08-24 18:02 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll 2014-08-24 18:02 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll 2014-08-24 17:54 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll 2014-08-24 17:54 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll 2014-08-24 17:54 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2014-08-24 17:54 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2014-08-22 07:06 . 2014-08-28 11:00 -------- d--h--w- c:\windows\Icons 2014-08-21 15:03 . 2014-08-26 06:39 -------- d-----w- c:\programdata\TuneUp Software 2014-08-20 12:57 . 2014-08-26 06:34 -------- d-----w- c:\users\Gabi\AppData\Roaming\TuneUp Software 2014-08-20 12:46 . 2014-08-28 11:37 -------- d-----w- c:\users\Gabi\AppData\Roaming\vlc 2014-08-20 09:27 . 2014-08-20 13:10 -------- d-----r- c:\users\Gabi\Suchen 2014-08-17 00:29 . 2014-08-17 00:30 -------- d-----w- c:\program files (x86)\Windows Live 2014-08-16 09:54 . 2014-08-16 09:54 -------- d-----w- c:\programdata\CheckPoint 2014-08-14 08:38 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll 2014-08-14 08:38 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe 2014-08-14 08:38 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll 2014-08-14 08:38 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe 2014-08-14 08:38 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll 2014-08-14 08:38 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll 2014-08-14 08:38 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe 2014-08-14 08:38 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe 2014-08-14 00:14 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL 2014-08-14 00:14 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL 2014-08-14 00:14 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL 2014-08-14 00:14 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL 2014-08-14 00:14 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL 2014-08-14 00:14 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL 2014-08-14 00:14 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL 2014-08-14 00:14 . 2014-07-16 03:23 2048 ----a-w- c:\windows\system32\tzres.dll 2014-08-14 00:14 . 2014-07-16 02:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-08-20 06:29 . 2013-04-09 06:38 1169712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2014-07-31 21:41 . 2012-09-07 23:14 99218768 ----a-w- c:\windows\system32\MRT.exe 2014-06-27 19:06 . 2013-02-16 01:21 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2014-06-27 19:06 . 2013-02-16 01:20 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2014-06-18 02:18 . 2014-07-09 12:00 692736 ----a-w- c:\windows\system32\osk.exe 2014-06-18 01:51 . 2014-07-09 12:00 646144 ----a-w- c:\windows\SysWow64\osk.exe 2014-06-06 10:10 . 2014-07-09 12:00 624128 ----a-w- c:\windows\system32\qedit.dll 2014-06-06 09:44 . 2014-07-09 12:00 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2014-06-05 14:45 . 2014-07-09 11:59 1460736 ----a-w- c:\windows\system32\lsasrv.dll 2014-06-05 14:26 . 2014-07-09 11:59 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2014-06-05 14:25 . 2014-07-09 11:59 96768 ----a-w- c:\windows\SysWow64\sspicli.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{DB536AF2-E422-402d-B7FD-887297F1A198}] 2013-02-06 14:35 460600 ----a-w- c:\program files (x86)\Smart Suggestor\SmartSuggestor.dll . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe" [2012-02-26 247968] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /r \??\f:\0autocheck autochk /r \??\F:\0autocheck autochk * . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" . R0 qmhgf;qmhgf;c:\windows\System32\drivers\ugevuev.sys;c:\windows\SYSNATIVE\drivers\ugevuev.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x] R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x] S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x] S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x] S2 ePowerSvc;ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [x] S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 Live Updater Service;Live Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x] S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x] S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x] S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x] S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - MBAMSWISSARMY *NewlyCreated* - TUNEUPUTILITIESDRV . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . Inhalt des "geplante Tasks" Ordners . 2014-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3220686304-206382180-1288161846-1001Core.job - c:\users\Gabi\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-08 10:02] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2014-02-24 5581888] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.de/ mStart Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <-loopback> uInternet Settings,ProxyServer = http=127.0.0.1:49199;https=127.0.0.1:49199 uSearchAssistant = hxxp://www.google.com IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm IE: Mit &Google suchen - c:\programdata\TuneUp Software\TuneUp Utilities 2014\Web\gsearch.htm IE: Mit Mr&Check nachschlagen... - c:\programdata\TuneUp Software\TuneUp Utilities 2014\Web\tumrcheck.htm IE: Zurückführende &Links - c:\programdata\TuneUp Software\TuneUp Utilities 2014\Web\gbacklinks.htm IE: Übersetzen mit &dict.leo.org - c:\programdata\TuneUp Software\TuneUp Utilities 2014\Web\tutrans.htm IE: {{520BD054-EEEE-487c-84E8-D5B2DFFE5C18} - {DB536AF2-E422-402d-B7FD-887297F1A198} - c:\program files (x86)\Smart Suggestor\SmartSuggestor.dll TCP: DhcpNameServer = 192.168.2.1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) AddRemove-Epson Stylus SX210_SX410_TX210_TX410 Benutzerhandbuch - c:\program files (x86)\EPSON\TPMANUAL\ESSX210_410_TX210_410\DEU\USE_G\DOCUNINS.EXE . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{5BFBC635-8E77-459E-B715-9CDD671B323D}"=hex:51,66,7a,6c,4c,1d,38,12,5b,c5,e8, 5f,45,c0,f0,00,c8,03,df,9d,62,45,76,29 "{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"=hex:51,66,7a,6c,4c,1d,38,12,f2,0d,f8, 07,a3,34,ef,06,dd,36,d8,12,b3,1f,89,a5 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}"=hex:51,66,7a,6c,4c,1d,38,12,e3,94,1f, be,3b,97,d8,0c,d0,f4,c8,9e,21,03,83,f2 "{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}"=hex:51,66,7a,6c,4c,1d,38,12,27,28,80, ea,f2,9b,77,08,dc,cc,8d,48,4c,7b,c9,f2 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:8a,f5,1b,41,fb,ce,ce,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,32,e9,90,62,fe,fb,4e,80,f4,21,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,32,e9,90,62,fe,fb,4e,80,f4,21,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2014-08-30 19:24:32 ComboFix-quarantined-files.txt 2014-08-30 17:24 . Vor Suchlauf: 10 Verzeichnis(se), 215.336.407.040 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 215.188.545.536 Bytes frei . - - End Of File - - 83F17AF6C9AB18ADF6F8F1C2C7636CD3 |
31.08.2014, 11:24 | #7 |
/// the machine /// TB-Ausbilder | Packard Bell EasyNote Ts, Win7:Touchpad reagiert nicht mehr und MP3, den erkannt, aber nicht eingelesen Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
31.08.2014, 23:01 | #8 |
| Packard Bell EasyNote Ts, Win7:Touchpad reagiert nicht mehr und MP3, den erkannt, aber nicht eingelesen Hallo! Danke nochmal für die nette, schnelle Hilfe! Malwarebytes habe ich schon seit einer Weil und führe auch regelmäßig den Bedrohungssuchlauf aus. Danach läuft alles ein wenig besser, aber das Touchpad funktoniert noch immer nicht. Seit dem Einleseproblem habe ich Malwarebytes noch nicht wieder scannen lassen.... Bitte um Nachricht wie ich fortfahren soll. -->THANX!!!<-- |
01.09.2014, 14:45 | #9 |
/// the machine /// TB-Ausbilder | Packard Bell EasyNote Ts, Win7:Touchpad reagiert nicht mehr und MP3, den erkannt, aber nicht eingelesen Da steht noch bissl mehr als nur MBAM in meinem Post
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
01.09.2014, 15:31 | #10 |
| Packard Bell EasyNote Ts, Win7:Touchpad reagiert nicht mehr und MP3, den erkannt, aber nicht eingelesen Hallo! Was steht denn da noch so in meinem Post? Ich hoffe doch nix Schlimmes? Ich habe nun das Problem, dass ich bei Malwarebytes den Ansicht-Button nicht anklicken kann. Was nun? Gruß, Daria Geändert von DariaW (01.09.2014 um 15:59 Uhr) |
02.09.2014, 09:55 | #11 |
/// the machine /// TB-Ausbilder | Packard Bell EasyNote Ts, Win7:Touchpad reagiert nicht mehr und MP3, den erkannt, aber nicht eingelesen die andern beiden Tools die unter MBAM stehen???
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
03.09.2014, 22:35 | #12 |
| Packard Bell EasyNote Ts, Win7:Touchpad reagiert nicht mehr und MP3, den erkannt, aber nicht eingelesen Hallo! Ist die Hilfe jetzt beendet? Was stand denn noch in meinem Post?? |
04.09.2014, 14:45 | #13 |
/// the machine /// TB-Ausbilder | Packard Bell EasyNote Ts, Win7:Touchpad reagiert nicht mehr und MP3, den erkannt, aber nicht eingelesen Willst du mich ärgern? Ich habe dir 3 Programme aufgegeben, du hast nichts davon gemacht, ausser mir nen Satz zu posten dass Du mit MBAM schon mal gescannt hast. Hier nochmal: Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
04.09.2014, 17:18 | #14 |
| Packard Bell EasyNote Ts, Win7:Touchpad reagiert nicht mehr und MP3, den erkannt, aber nicht eingelesen Hallo! Es liegt mir absolut fern, dich zu ärgern! Sorry, wenn der Eindruck entstanden ist! Ich habe die Programme schon herunter geladen, bin aber noch nicht fort gefahren, weil ich die gewünschten Daten bei Malwarebytes nicht abrufen konnte. Ich lasse das Programm gerade laufen und hoffe, dass es dann klappt! Hatte die letzten Tage leider auch zu wenig Zeit, um mich gewissenhaft um mein Laptop-Problem kümmern zu können. Gruß, Daria |
05.09.2014, 12:35 | #15 |
/// the machine /// TB-Ausbilder | Packard Bell EasyNote Ts, Win7:Touchpad reagiert nicht mehr und MP3, den erkannt, aber nicht eingelesen ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Packard Bell EasyNote Ts, Win7:Touchpad reagiert nicht mehr und MP3, den erkannt, aber nicht eingelesen |
64bit, dateien, durchsuchen, einlesen, erkannt, erkennt, falsch, funktionier, funktioniert, hoffe, ics, komponente, komponenten, konfiguriert, laptop, mp3, mp3-player, nicht mehr, packard bell, problem, reagiert, sd-karte/mp3-player nicht einlesbar, touchpad, touchpad funktioniert nicht, treiber, win, win7, wisst |