| |
| |||||||
Log-Analyse und Auswertung: Windows 7: FTP-Passwörter geknacktWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
01.09.2014, 23:41
| #1 |
| |  Windows 7: FTP-Passwörter geknackt Hallo zusammen, nachdem ich mit den üblichen Bordmitteln (avast, Spybot S&D) nicht mehr weiterkomme, wende ich mich vertrauensvoll an diese tolle Institution... Ich betreibe einige kleine Websites (verschiedene Domains, verschiedene Hoster). Vor Kurzem bekam ich eine E-Mail von einem Hoster dass es Virenfunde in einer Wordpress-Installation gab. Der Verursacher wurde in der automatisch generierten E-Mail ebenfalls benannt. Es war eine .php-Datei die im Verzeichnis einer anderen Homepage lag, die ich da ganz sicher nicht abgeladen hatte... Absurderweise ist dieses Projekt komplett ohne CMS gebaut worden, so dass es eigentlich keine "Standard-Angriffsflächen" gibt... außer man hat natürlich das FTP-Passwort. Das scheint wohl genau das Problem zu sein. Da ich hier komplett auf'm Schlauch stehe wie das wohl in den Griff zu bekommen ist poste ich hier jetzt die initial geforderten Logs und warte ehrfürchtig(!) auf auf einen Helfer. Defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:44 on 01/09/2014 (*****)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by ***** (administrator) on THINKTANK on 01-09-2014 22:51:40
Running from C:\Users\*****\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Caphyon) C:\Program Files (x86)\Caphyon\Advanced Web Ranking\Scheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Rocket Division Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
() C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synology Inc.) C:\Program Files (x86)\Synology Data Replicator 3\Backup.exe
() C:\Program Files (x86)\Ditto\Ditto.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo.) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TrackPointSrv] => C:\Program Files\Lenovo\TrackPoint\tp4serv.exe [138784 2011-11-01] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [44096 2012-01-16] (Lenovo Group Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Snipping Tool Plus] => C:\Users\*****\Desktop\Snipping Tool Plus.exe /h
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Message Center Plus] => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-28] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2010-03-02] (CANON INC.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-18] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4095381569-4012469814-2939302448-1000\...\Run: [Data Replicator 3] => C:\Program Files (x86)\Synology Data Replicator 3\Backup.exe [11590528 2013-06-28] (Synology Inc.)
HKU\S-1-5-21-4095381569-4012469814-2939302448-1000\...\Run: [Ditto] => C:\Program Files (x86)\Ditto\Ditto.exe [831488 2010-12-23] ()
HKU\S-1-5-21-4095381569-4012469814-2939302448-1000\...\Run: [Google Update] => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-11-30] (Google Inc.)
Lsa: [Notification Packages] scecli ACGina
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x448E6756E48ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {6D0687E1-170A-4BC6-9B30-C0E863DDAE84} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {6D0687E1-170A-4BC6-9B30-C0E863DDAE84} URL = hxxp://startsear.ch/?aff=1&src=sp&cf=e29718ee-f9ba-11e0-bd86-001f163629ae&q={searchTerms}
SearchScopes: HKCU - {6D0687E1-170A-4BC6-9B30-C0E863DDAE84} URL = hxxp://startsear.ch/?aff=1&src=sp&cf=e29718ee-f9ba-11e0-bd86-001f163629ae&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default
FF DefaultSearchEngine: Web Search
FF SearchEngineOrder.1: Web Search
FF Homepage: https://www.google.com/adsense/?hl=de
FF Keyword.URL: www.google.com/search?q
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\*****\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\*****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll (vShare.tv )
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FireShot - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-07-26]
FF Extension: SeoQuake - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2014-05-08]
FF Extension: Live HTTP Headers - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2013-10-16]
FF Extension: Page Speed - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2014-04-22]
FF Extension: Firebug - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\firebug@software.joehewitt.com.xpi [2011-04-04]
FF Extension: KGen - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\kgen@elitwork.com.xpi [2011-04-04]
FF Extension: MozBar - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\toolbar@seomoz.org.xpi [2013-10-16]
FF Extension: Screengrab - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{02450954-cdd9-410f-b1da-db804e18c671}.xpi [2011-04-04]
FF Extension: SISTRIX Toolbar - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{08eaf605-03f5-44b1-a86d-e1ce89872ac3}.xpi [2011-09-30]
FF Extension: All-in-One Sidebar - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2012-10-30]
FF Extension: Flagfox - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-08]
FF Extension: LinkChecker - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{49f3fc85-dcfe-4e42-9301-226ebe658509}.xpi [2013-10-16]
FF Extension: MeasureIt - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2011-04-04]
FF Extension: Web Developer - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2011-04-04]
FF Extension: SearchStatus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi [2011-04-04]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-31]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-04-24]
Chrome:
=======
CHR HomePage: Default -> https://www.google.com/adsense/?hl=de
CHR DefaultSearchKeyword: Default -> google#
CHR DefaultSearchProvider: Default -> Google#
CHR DefaultSearchURL: Default -> hxxp://www.google.de/search?q={searchTerms}&pws=0
CHR DefaultSuggestURL: Default ->
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\*****\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\*****\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\*****\AppData\Local\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (vShare.tv plug-in) - C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll (vShare.tv )
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\*****\AppData\Roaming\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\*****\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Skype Click to Call) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-01-13]
CHR Extension: (Scraper) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbigbapnjcgaffohmbkdlecaccepngjd [2013-10-16]
CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (SEO for Chrome) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj [2011-11-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-12-06] (Adobe Systems) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-27] (AVAST Software)
R2 AWRScheduler; C:\Program Files (x86)\Caphyon\Advanced Web Ranking\Scheduler.exe [166304 2014-04-16] (Caphyon)
R3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-16] (Lenovo.)
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-13] (Brio) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2011-05-06] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynoDrService; C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe [381312 2013-06-28] () [File not signed]
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-06] (Lenovo Group Limited)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2013-11-14] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AQFileRestore; C:\Windows\System32\DRIVERS\AQFileRestore.sys [21040 2012-01-13] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-27] ()
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2011-05-09] (Duplex Secure Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-17] (Anchorfree Inc.)
R3 Tp4Track; C:\Windows\System32\DRIVERS\tp4track.sys [29992 2011-11-01] (Lenovo Group Limited)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-07-02] (Lenovo (United States) Inc.)
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\WNt500x64\Sandra.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-01 22:51 - 2014-09-01 22:52 - 00028032 _____ () C:\Users\*****\Desktop\FRST.txt
2014-09-01 22:51 - 2014-09-01 22:51 - 00000000 ____D () C:\FRST
2014-09-01 22:50 - 2014-09-01 22:50 - 02104832 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-09-01 22:44 - 2014-09-01 22:44 - 00000582 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-09-01 22:44 - 2014-09-01 22:44 - 00000020 _____ () C:\Users\*****\defogger_reenable
2014-09-01 22:38 - 2014-09-01 22:38 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-09-01 17:50 - 2014-09-01 17:50 - 00000105 _____ () C:\Users\*****\Desktop\T-Shirts
2014-09-01 17:42 - 2014-09-01 17:42 - 00001010 _____ () C:\Users\*****\Desktop\Moni.lnk
2014-08-29 08:31 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 08:31 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-29 08:31 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-28 16:48 - 2014-08-28 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-08-28 16:46 - 2014-08-28 16:47 - 07327904 _____ () C:\Users\*****\Downloads\MyPhoneExplorer_Setup_1.8.6.exe
2014-08-27 00:38 - 2014-08-27 00:38 - 00000000 ____D () C:\Users\*****\AppData\Roaming\MPEG Streamclip
2014-08-26 23:16 - 2014-08-26 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Poker
2014-08-25 09:22 - 2014-08-25 09:22 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Program Files\iTunes
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Program Files\iPod
2014-08-19 16:18 - 2009-06-10 23:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140819-161813.backup
2014-08-19 14:43 - 2014-08-19 16:05 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-19 14:42 - 2014-08-19 14:43 - 11188736 _____ (SurfRight B.V.) C:\Users\*****\Downloads\hitmanpro_x64.exe
2014-08-19 05:50 - 2014-08-19 05:50 - 00001406 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-19 05:50 - 2014-08-19 05:50 - 00001394 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-19 05:50 - 2014-08-19 05:50 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-19 05:50 - 2014-08-19 05:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-19 05:50 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-08-19 05:49 - 2014-08-19 05:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-19 05:47 - 2014-08-19 05:47 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\*****\Downloads\spybot-2.4.exe
2014-08-19 05:34 - 2014-08-19 05:34 - 06052529 _____ (Tim Kosse) C:\Users\*****\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-18 03:04 - 2014-08-18 03:04 - 00323600 _____ (Dropbox, Inc.) C:\Users\*****\Downloads\DropboxInstaller.exe
2014-08-16 13:52 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 13:52 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 13:52 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 13:52 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 13:52 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 13:52 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 13:50 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 13:50 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-12 19:14 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-12 19:14 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-12 19:13 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-12 19:13 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-12 19:13 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-12 19:13 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-12 19:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-12 19:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-12 19:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-12 19:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-12 19:13 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-12 19:13 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-12 19:13 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-12 19:13 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-12 19:13 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-12 19:13 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-12 19:13 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-12 19:13 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-12 19:12 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-12 19:12 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-12 19:12 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-12 19:12 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-12 19:12 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-12 19:12 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-12 19:12 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-12 19:12 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-12 19:12 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-12 19:12 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-12 19:12 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-12 19:12 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-12 19:12 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-12 19:12 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-12 19:12 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-12 19:12 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-12 19:12 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-12 19:12 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-12 19:12 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-12 19:12 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-12 19:12 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-12 19:12 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-12 19:12 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-12 19:12 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-12 19:12 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-12 19:12 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-12 19:12 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-12 19:12 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-12 19:12 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-12 19:12 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-12 19:12 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-12 19:12 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-12 19:12 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-12 19:12 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-12 19:12 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-12 19:12 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-12 19:12 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-12 19:12 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-12 19:12 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-12 19:12 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-12 19:12 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-12 19:12 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-12 19:12 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-12 19:12 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-12 19:12 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-12 19:12 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-12 19:12 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-12 19:12 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-12 19:12 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-12 19:12 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-12 19:12 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-12 19:12 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-12 19:12 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-12 19:12 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-12 19:12 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-12 19:12 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-12 19:11 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-12 19:11 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-12 19:11 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-11 21:50 - 2014-08-11 21:51 - 06004615 _____ (Tim Kosse) C:\Users\*****\Downloads\FileZilla_3.9.0.2_win32-setup.exe
2014-08-11 21:50 - 2014-08-11 21:50 - 05981830 _____ (Tim Kosse) C:\Users\*****\Downloads\FileZilla_3.9.0.1_win32-setup.exe
2014-08-09 16:33 - 2014-08-09 16:33 - 00006166 _____ () C:\Users\*****\Downloads\Logins digitalagenten.xlsx
2014-08-08 21:10 - 2014-08-08 21:10 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-08 21:10 - 2014-08-08 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-03 08:26 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-03 08:26 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-03 08:26 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-03 08:26 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-03 08:26 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-03 08:26 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-03 08:26 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-03 08:26 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-03 08:26 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-03 08:26 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-03 08:26 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-03 08:26 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-03 08:26 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-03 08:26 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-01 22:52 - 2014-09-01 22:51 - 00028032 _____ () C:\Users\*****\Desktop\FRST.txt
2014-09-01 22:51 - 2014-09-01 22:51 - 00000000 ____D () C:\FRST
2014-09-01 22:50 - 2014-09-01 22:50 - 02104832 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-09-01 22:50 - 2011-03-30 10:32 - 01976008 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 22:46 - 2012-07-06 10:47 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-01 22:46 - 2011-05-06 13:39 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Ditto
2014-09-01 22:45 - 2011-05-04 12:06 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-09-01 22:45 - 2011-04-07 11:13 - 00322378 _____ () C:\Windows\PFRO.log
2014-09-01 22:45 - 2011-03-30 10:22 - 00000000 ____D () C:\Program Files\Lenovo
2014-09-01 22:45 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-01 22:45 - 2009-07-14 06:51 - 00232321 _____ () C:\Windows\setupact.log
2014-09-01 22:44 - 2014-09-01 22:44 - 00000582 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-09-01 22:44 - 2014-09-01 22:44 - 00000020 _____ () C:\Users\*****\defogger_reenable
2014-09-01 22:44 - 2011-04-07 11:58 - 00000000 ____D () C:\Users\*****\Documents\Outlook-Dateien
2014-09-01 22:44 - 2011-04-04 14:26 - 00000000 ____D () C:\Users\*****
2014-09-01 22:41 - 2012-10-11 14:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-01 22:38 - 2014-09-01 22:38 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-09-01 22:29 - 2011-11-30 09:49 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4095381569-4012469814-2939302448-1000UA.job
2014-09-01 19:29 - 2011-11-30 09:49 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4095381569-4012469814-2939302448-1000Core.job
2014-09-01 18:36 - 2011-05-03 13:14 - 00000000 ____D () C:\Users\*****\Documents\Allgemeines
2014-09-01 17:57 - 2011-03-30 11:04 - 00708030 _____ () C:\Windows\system32\perfh007.dat
2014-09-01 17:57 - 2011-03-30 11:04 - 00153336 _____ () C:\Windows\system32\perfc007.dat
2014-09-01 17:57 - 2009-07-14 07:13 - 01643024 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-01 17:50 - 2014-09-01 17:50 - 00000105 _____ () C:\Users\*****\Desktop\T-Shirts
2014-09-01 17:44 - 2012-01-21 19:43 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-01 17:42 - 2014-09-01 17:42 - 00001010 _____ () C:\Users\*****\Desktop\Moni.lnk
2014-09-01 17:41 - 2011-09-05 09:24 - 00000000 ____D () C:\Users\*****\Documents\ebay
2014-09-01 17:40 - 2011-05-03 14:35 - 00000000 ____D () C:\Users\*****\Documents\Software
2014-09-01 17:32 - 2013-06-26 15:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\vlc
2014-09-01 14:43 - 2009-07-14 06:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-01 14:43 - 2009-07-14 06:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-01 14:20 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-01 13:15 - 2011-03-30 10:29 - 00000000 ____D () C:\swshare
2014-09-01 12:12 - 2011-04-29 00:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\FileZilla
2014-09-01 11:30 - 2011-05-03 11:01 - 00000295 _____ () C:\Users\*****\Desktop\Konzerte.TXT
2014-09-01 09:00 - 2012-01-13 10:40 - 00029082 _____ () C:\Windows\system32\lvcoinst.log
2014-09-01 09:00 - 2011-05-04 12:06 - 00003494 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-09-01 09:00 - 2011-05-04 12:06 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-09-01 01:34 - 2012-01-21 19:34 - 00000000 ____D () C:\Users\*****\AppData\Roaming\TweetAdder3
2014-08-31 22:37 - 2011-04-04 15:26 - 00000000 ____D () C:\Users\*****\AppData\Local\Adobe
2014-08-30 15:47 - 2011-05-03 15:27 - 00000000 ____D () C:\Users\*****\AppData\Roaming\BOM
2014-08-29 12:58 - 2011-08-21 14:18 - 00000000 ____D () C:\Users\*****\Documents\My Photos
2014-08-29 10:00 - 2013-05-24 00:55 - 00000298 _____ () C:\Windows\Tasks\Synology Data Replicator 3-Thinktank-*****.job
2014-08-29 08:40 - 2009-07-14 06:45 - 04916184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 16:48 - 2014-08-28 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-08-28 16:48 - 2013-02-01 00:20 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer
2014-08-28 16:47 - 2014-08-28 16:46 - 07327904 _____ () C:\Users\*****\Downloads\MyPhoneExplorer_Setup_1.8.6.exe
2014-08-27 00:38 - 2014-08-27 00:38 - 00000000 ____D () C:\Users\*****\AppData\Roaming\MPEG Streamclip
2014-08-27 00:35 - 2011-05-03 15:54 - 00000000 ____D () C:\Users\*****\Documents\Sonstiges_Sortieren
2014-08-26 23:16 - 2014-08-26 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Poker
2014-08-26 23:16 - 2013-10-16 13:54 - 00001489 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\bwin Poker.lnk
2014-08-26 23:16 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-26 21:44 - 2014-07-31 11:06 - 00000000 ____D () C:\Users\*****\AppData\Local\www.rene-zeidler.de
2014-08-26 09:23 - 2011-05-04 12:06 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-08-25 13:00 - 2011-05-04 12:06 - 00004234 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-08-25 09:22 - 2014-08-25 09:22 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Program Files\iTunes
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Program Files\iPod
2014-08-25 09:22 - 2011-07-03 18:53 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-24 10:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-23 21:41 - 2013-07-01 17:24 - 00000000 ____D () C:\Users\*****\Documents\_FILM_nicht_sichern
2014-08-23 04:07 - 2014-08-29 08:31 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-29 08:31 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-29 08:31 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 16:55 - 2011-06-09 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-08-19 16:55 - 2011-04-05 15:29 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-08-19 16:15 - 2011-05-03 15:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-19 16:05 - 2014-08-19 14:43 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-19 14:43 - 2014-08-19 14:42 - 11188736 _____ (SurfRight B.V.) C:\Users\*****\Downloads\hitmanpro_x64.exe
2014-08-19 05:59 - 2014-08-19 05:49 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-19 05:50 - 2014-08-19 05:50 - 00001406 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-19 05:50 - 2014-08-19 05:50 - 00001394 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-19 05:50 - 2014-08-19 05:50 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-19 05:50 - 2014-08-19 05:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-19 05:49 - 2011-05-03 15:24 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-08-19 05:47 - 2014-08-19 05:47 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\*****\Downloads\spybot-2.4.exe
2014-08-19 05:34 - 2014-08-19 05:34 - 06052529 _____ (Tim Kosse) C:\Users\*****\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-18 03:06 - 2011-05-06 13:22 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Dropbox
2014-08-18 03:06 - 2011-05-03 15:55 - 00000000 ___RD () C:\Users\*****\Documents\My Dropbox
2014-08-18 03:05 - 2011-05-06 13:29 - 00001030 _____ () C:\Users\*****\Desktop\Dropbox.lnk
2014-08-18 03:05 - 2011-05-06 13:22 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-18 03:04 - 2014-08-18 03:04 - 00323600 _____ (Dropbox, Inc.) C:\Users\*****\Downloads\DropboxInstaller.exe
2014-08-13 19:01 - 2011-05-03 15:38 - 00000000 ____D () C:\Users\*****\Documents\AWR User Data
2014-08-13 19:01 - 2011-05-03 15:38 - 00000000 ____D () C:\Users\*****\AppData\Local\Caphyon
2014-08-13 15:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 15:49 - 2011-04-07 10:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 15:32 - 2013-07-17 18:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 15:25 - 2011-04-04 16:01 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-11 21:51 - 2014-08-11 21:50 - 06004615 _____ (Tim Kosse) C:\Users\*****\Downloads\FileZilla_3.9.0.2_win32-setup.exe
2014-08-11 21:50 - 2014-08-11 21:50 - 05981830 _____ (Tim Kosse) C:\Users\*****\Downloads\FileZilla_3.9.0.1_win32-setup.exe
2014-08-09 16:33 - 2014-08-09 16:33 - 00006166 _____ () C:\Users\*****\Downloads\Logins digitalagenten.xlsx
2014-08-08 21:11 - 2013-10-16 15:34 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-08 21:10 - 2014-08-08 21:10 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-08 21:10 - 2014-08-08 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-08 21:10 - 2011-03-30 10:33 - 00000000 ____D () C:\Program Files (x86)\Java
ZeroAccess:
C:\Windows\assembly\tmp
C:\Windows\assembly\tmp\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
ZeroAccess:
C:\Users\*****\AppData\Local\fc25d5a8
C:\Users\*****\AppData\Local\fc25d5a8\@
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-28 16:14
==================== End Of Log ============================
Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2014 02
Ran by ***** at 2014-09-01 22:53:04
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Registry Patch to arrange icons in Device and Printers folder of Windows 7 (HKLM\...\W7DevOR) (Version: 1.00 - )
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Advanced Web Ranking (HKLM-x32\...\{7D4F5844-407A-40CE-91B3-AF88A6D3E877}) (Version: 11.0 - Caphyon)
AllDup 3.4.24 (HKLM-x32\...\AllDup_is1) (Version: 3.4.24 - Michael Thummerer Software Design)
Amazon MP3-Downloader 1.0.15 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.15 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Service Activation (HKLM-x32\...\{D81486A1-2371-4059-AC70-1AB894AC96E6}) (Version: 1.8.7.0 - AT&T)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
Balsamiq Mockups For Desktop (HKLM-x32\...\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1) (Version: 2.2.9 - Balsamiq SRL)
Balsamiq Mockups For Desktop (x32 Version: 2.2.9 - Balsamiq SRL) Hidden
Biet-O-Matic v2.14.8 (HKLM-x32\...\Biet-O-Matic v2.14.8) (Version: Biet-O-Matic v2.14.8 - BOM Development Team)
Bing Bar (HKLM-x32\...\{16D0F2D2-242C-4885-BEF1-4B1655C141AE}) (Version: 7.0.822.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bwin Poker (HKLM-x32\...\bwincomPoker) (Version: - bwincom)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MG5200 series Benutzerregistrierung (HKLM-x32\...\Canon MG5200 series Benutzerregistrierung) (Version: - )
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 3.17 - Piriform)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM-x32\...\{F82C81F9-ADB5-42BD-AFE9-DD5DFDD215E3}) (Version: 1.0.135 - Citrix)
Conexant 20561 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.92.12.0 - Conexant)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version: - Microsoft)
DirComp (HKLM-x32\...\{C153B6B0-A94B-44F4-9957-99551406FB02}) (Version: 2.08.0000 - Wirth IT Design)
Ditto 3.17.0.17 (HKLM-x32\...\Ditto_is1) (Version: - Scott Brogden)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
FileZilla Client 3.9.0.3 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.3 - Tim Kosse)
Folder Size (64-bit) (HKLM\...\{F24FF688-7138-4CCF-A83F-71E9FB01170E}) (Version: 2.6 - Brio)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.0 - )
Google AdWords Editor (HKLM-x32\...\{52915551-80CE-4446-8E61-85085BA98495}) (Version: 10.2.1 - Google)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google+ Auto Backup (HKLM-x32\...\{D1D4D7EA-62B8-4665-9FF7-02A91B925CC9}) (Version: 1.0.18.74 - Google)
GoToMeeting 5.9.0.1207 (HKCU\...\GoToMeeting) (Version: 5.9.0.1207 - CitrixOnline)
HDClone 4 Free Edition (HKLM-x32\...\HDClone.Free.4.0.4.1031-{AB647B59-8203-4474-937A-E665448D873F}) (Version: - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2555 - Intel Corporation)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version: - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: - )
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.112 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.0.20.112 - InterVideo Inc.) Hidden
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
iTunesFolderWatch (HKLM-x32\...\{42CA9D92-E0D2-4514-A59A-C0C6CD9E1679}) (Version: 2.1.05 - JezSoft)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Konz 2012 (HKLM-x32\...\InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}) (Version: 1.00.0000 - USM)
Konz 2012 (x32 Version: 1.00.0000 - USM) Hidden
Konz 2013 (HKLM-x32\...\InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}) (Version: 1.00.0000 - USM)
Konz 2013 (x32 Version: 1.00.0000 - USM) Hidden
KONZ-Steuer-2014 (HKLM-x32\...\InstallShield_{20F1078B-E3B6-4DA1-9570-003DE110890A}) (Version: 1.00.0000 - USM)
KONZ-Steuer-2014 (x32 Version: 1.00.0000 - USM) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (HKLM-x32\...\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.05.0009 - Lenovo)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.0.018.0 - Lenovo)
Malwarebytes Anti-Malware Version 1.61.0.1400 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.61.0.1400 - Malwarebytes Corporation)
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Research AutoCollage Touch 2009 (HKLM-x32\...\{1F8DA253-3C27-4B01-A63A-BA3533120833}) (Version: 2.00.2009 - Microsoft Research)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mobile Broadband Connect (HKLM-x32\...\{5C111F14-D9BE-459D-B0B6-B4D082F03749}) (Version: 3.5.0006 - Lenovo)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Poedit (HKLM-x32\...\{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1) (Version: 1.6.6 - Vaclav Slavik)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.32 - )
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ravensburger tiptoi (HKLM-x32\...\Ravensburger tiptoi) (Version: - )
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM-x32\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steuer 2011 (HKLM-x32\...\{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}) (Version: 19.00.7304 - Buhl Data Service GmbH)
Steuer 2012 (HKLM-x32\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH)
Steuer 2013 (HKLM-x32\...\{05AEF487-8926-48A9-B5BA-9BED72BC6B1C}) (Version: 21.00.8480 - Buhl Data Service GmbH)
StreamTransport version: 1.0.2.2171 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version: - )
SUPER © v2012.build.53 (Sep 13, 2012) Version v2012.build.53 (HKLM-x32\...\{8F311E72-C27F-4DF0-8254-B739A1831668}_is1) (Version: v2012.build.53 - eRightSoft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: - )
Synology Data Replicator 3 (HKLM-x32\...\{8E310838-457C-4269-B177-3EFB300CBDDC}) (Version: 1.0.0.0 - Synology Inc.)
System Migration Assistant (HKLM-x32\...\{8A4DB1CA-8206-4ADC-805C-66ACF1611DA3}) (Version: 6.00.0009 - Lenovo Group Limited.)
System Requirements Lab for Intel (HKLM-x32\...\{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}) (Version: 4.4.24.0 - Husdawg, LLC)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.14563 - TeamViewer)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.8.50 - Conexant Systems)
ThinkPad TrackPoint Driver (HKLM\...\TrackPoint) (Version: 4.73.1.0 - Lenovo)
ThinkPad Wireless LAN Adapter Software (HKLM-x32\...\{9D3D2C60-A55F-4fed-B2B9-17394396DF01}) (Version: 1.00.0029.8 - REALTEK Semiconductor Corp.)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.21 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.77.0.8 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.09 - Lenovo)
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TweetAdder4 (HKLM-x32\...\{911174C5-85BF-4972-B5E0-4882B32E9396}_is1) (Version: 4.1.140610 - TweetAdder.com)
TweetDeck (HKLM-x32\...\{C5AC39F1-001D-4338-84C6-35109525588A}) (Version: 1.0.0 - Twitter, Inc.)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
Verizon Wireless Mobile Broadband Self Activation (HKLM-x32\...\{7A408D56-A9CF-4219-9F78-23E6B48A1C0D}) (Version: 3.1.1 - Smith Micro Software, Inc.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
vShare.tv plugin 1.3 (HKLM-x32\...\vShare.tv plugin) (Version: 1.3 - vShare.tv, Inc.) <==== ATTENTION
WebEx (HKCU\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Windows Driver Package - Intel System (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows Driver Package - Lenovo 1.55 (08/18/2009 1.55) (HKLM\...\112AA64E0C8CC704E307FE914F7DEC1C0035598E) (Version: 08/18/2009 1.55 - Lenovo)
Windows Live Anmelde-Assistent (HKLM-x32\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinMerge 2.12.4 (HKLM-x32\...\WinMerge_is1) (Version: 2.12.4 - Thingamahoochie Software)
Xaldon WebSpider2 (HKLM-x32\...\WebSpider2) (Version: - )
Xenu's Link Sleuth (HKLM-x32\...\Xenu's Link Sleuth) (Version: 1.3.8 - Tilman Hausherr)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4095381569-4012469814-2939302448-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4095381569-4012469814-2939302448-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4095381569-4012469814-2939302448-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1207\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-4095381569-4012469814-2939302448-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4095381569-4012469814-2939302448-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4095381569-4012469814-2939302448-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4095381569-4012469814-2939302448-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4095381569-4012469814-2939302448-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4095381569-4012469814-2939302448-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4095381569-4012469814-2939302448-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4095381569-4012469814-2939302448-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4095381569-4012469814-2939302448-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4095381569-4012469814-2939302448-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4095381569-4012469814-2939302448-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-08-19 16:18 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {27C244D6-2F9A-47A2-A5BF-308486B93EBE} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {2CF775A5-0AFB-49E0-A4EC-0D299E8468BC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {30C26CDD-93EB-4F2F-8A8C-3F80D8D1E669} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {366217DA-82DA-4F13-B630-144920D37808} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {3F0B957A-D255-4313-8D18-1976E1535F6D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4ADC716C-470B-4DE7-BBC3-D74FA8DA0F69} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {4BF8F90E-D15F-48F3-994D-034123880621} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {54721562-667D-4ED8-8713-C51961C69575} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {556AE063-D1B9-4490-BCBB-33BB2A53D921} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {5B2FAC70-8377-4780-9C07-93CD75A70F8B} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-02-21] ()
Task: {6643CC10-48C8-4356-AB2A-31FD573B671B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {6A269A4F-44D1-4352-8363-9932342325CC} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {6F2B3585-85CE-4166-8B54-5EA640F8EE47} - System32\Tasks\{4B877246-0C6E-4893-A99E-89300D88AAAD} => Firefox.exe hxxp://ui.skype.com/ui/0/5.6.59.110/en/abandoninstall?source=lightinstaller&page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {6F874530-4B6A-44A1-AE16-D1CC7B89E0F3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {9D79092E-4CAC-4FF9-A46D-A2F1A57E3586} - System32\Tasks\Synology Data Replicator 3-Thinktank-***** => C:\Program Files (x86)\Synology Data Replicator 3\Backup.exe [2013-06-28] (Synology Inc.)
Task: {9F836E20-0092-48CD-8B41-FC6185CC1042} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {A250D90D-9E31-490F-B5A9-D372B1FEB767} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-01-21] (Microsoft)
Task: {BE41DBA2-81E9-41F5-85F6-DAFB19667974} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4095381569-4012469814-2939302448-1000Core => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30] (Google Inc.)
Task: {C4E54C5A-36D8-45C7-9429-E42A0D811438} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {CC2B3395-CD3C-4BCD-88AD-02F0E82A812D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-27] (AVAST Software)
Task: {EB07A15B-D3AB-4309-BB33-6DD5380F1EFE} - System32\Tasks\JavaUpdateSched => C:\Windows\SysWOW64\jusched.exe
Task: {EFC7CB89-D1F9-4217-9343-55E1B7FB19B1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {F08C858A-5D73-42AF-ACAA-323FFC0E4CA0} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {F300BE69-F190-4FFB-A0B7-991927E24FAA} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {FE050AF2-484A-4AA6-95F3-D93CEA6D971B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4095381569-4012469814-2939302448-1000UA => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4095381569-4012469814-2939302448-1000Core.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4095381569-4012469814-2939302448-1000UA.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\Synology Data Replicator 3-Thinktank-*****.job => C:\Program Files (x86)\Synology Data Replicator 3\Backup.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe
==================== Loaded Modules (whitelisted) =============
2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-06-28 11:35 - 2013-06-28 11:35 - 00381312 _____ () C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe
2013-11-14 15:28 - 2013-11-14 15:28 - 00248736 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2011-05-06 13:39 - 2010-12-23 12:56 - 00831488 _____ () C:\Program Files (x86)\Ditto\Ditto.exe
2011-03-30 10:28 - 2012-05-16 06:32 - 00103936 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2009-05-28 07:09 - 2009-05-28 07:09 - 00049976 ____N () C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
2014-09-01 20:16 - 2014-09-01 20:16 - 02806272 _____ () C:\Program Files\AVAST Software\Avast\defs\14090101\algo.dll
2014-09-01 22:48 - 2014-09-01 22:48 - 02806272 _____ () C:\Program Files\AVAST Software\Avast\defs\14090102\algo.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-19 05:49 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-19 05:49 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-19 05:49 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-19 05:49 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-19 05:49 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-03-14 17:47 - 2014-03-14 17:47 - 00092504 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2011-05-06 13:39 - 2010-12-23 12:55 - 00511383 _____ () C:\Program Files (x86)\Ditto\sqlite3.dll
2011-05-06 13:39 - 2010-12-23 12:55 - 00034304 _____ () C:\Program Files (x86)\Ditto\focus.dll
2011-05-06 13:39 - 2010-12-23 12:55 - 00059904 _____ () C:\Program Files (x86)\Ditto\zlib1.dll
2013-10-23 16:53 - 2013-10-23 16:53 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HTC Sync Loader => "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/01/2014 10:27:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4617
Error: (09/01/2014 10:27:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4617
Error: (09/01/2014 10:27:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/01/2014 09:20:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4259
Error: (09/01/2014 09:20:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4259
Error: (09/01/2014 09:20:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/01/2014 08:14:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12090
Error: (09/01/2014 08:14:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12090
Error: (09/01/2014 08:14:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/01/2014 08:14:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3089
System errors:
=============
Error: (09/01/2014 10:46:24 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" ist von folgendem Dienst abhängig: wscsvc. Dieser Dienst ist eventuell nicht installiert.
Error: (09/01/2014 07:49:41 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" ist von folgendem Dienst abhängig: wscsvc. Dieser Dienst ist eventuell nicht installiert.
Error: (08/31/2014 10:36:17 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" ist von folgendem Dienst abhängig: wscsvc. Dieser Dienst ist eventuell nicht installiert.
Error: (08/31/2014 10:36:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (08/31/2014 10:36:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (08/30/2014 10:15:14 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" ist von folgendem Dienst abhängig: wscsvc. Dieser Dienst ist eventuell nicht installiert.
Error: (08/30/2014 10:15:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (08/30/2014 10:15:12 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (08/29/2014 08:54:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst IPBusEnum erreicht.
Error: (08/29/2014 08:40:43 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" ist von folgendem Dienst abhängig: wscsvc. Dieser Dienst ist eventuell nicht installiert.
Microsoft Office Sessions:
=========================
Error: (09/01/2014 10:27:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4617
Error: (09/01/2014 10:27:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4617
Error: (09/01/2014 10:27:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/01/2014 09:20:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4259
Error: (09/01/2014 09:20:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4259
Error: (09/01/2014 09:20:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/01/2014 08:14:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12090
Error: (09/01/2014 08:14:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12090
Error: (09/01/2014 08:14:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (09/01/2014 08:14:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3089
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz
Percentage of memory in use: 50%
Total physical RAM: 3992.03 MB
Available physical RAM: 1962.03 MB
Total Pagefile: 7982.24 MB
Available Pagefile: 6042.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:429.43 GB) (Free:110.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Lenovo_Recovery) (Fixed) (Total:31.2 GB) (Free:24.56 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 13B672CB)
Partition 1: (Active) - (Size=5.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=429.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=31.2 GB) - (Type=07 NTFS)
==================== End Of Log ============================
GMER hat hier leider nicht mehr reingepasst, deshalb als Anhang anbei. |
|
02.09.2014, 06:35
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: FTP-Passwörter geknackt hi,
__________________Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
02.09.2014, 08:46
| #3 |
| | Windows 7: FTP-Passwörter geknackt Danke für die schnelle Hilfe!
__________________Hier die neuen Logs: Malwarebytes Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org
Database version: v2014.09.02.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17239
***** :: THINKTANK [administrator]
02.09.2014 08:46:26
mbar-log-2014-09-02 (08-46-26).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 316505
Time elapsed: 17 minute(s), 18 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\*****\AppData\Roaming\desktop.ini (Trojan.Agent) -> Delete on reboot. [c9d08247de9dd6600a7cbcf9ba47768a]
Physical Sectors Detected: 0
(No malicious items detected)
(end)
TDSSKiller Code:
ATTFilter 09:34:05.0211 0x00e4 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
09:34:11.0957 0x00e4 ============================================================
09:34:11.0957 0x00e4 Current date / time: 2014/09/02 09:34:11.0957
09:34:11.0957 0x00e4 SystemInfo:
09:34:11.0957 0x00e4
09:34:11.0957 0x00e4 OS Version: 6.1.7601 ServicePack: 1.0
09:34:11.0957 0x00e4 Product type: Workstation
09:34:11.0957 0x00e4 ComputerName: THINKTANK
09:34:11.0958 0x00e4 UserName: *****
09:34:11.0958 0x00e4 Windows directory: C:\Windows
09:34:11.0958 0x00e4 System windows directory: C:\Windows
09:34:11.0958 0x00e4 Running under WOW64
09:34:11.0958 0x00e4 Processor architecture: Intel x64
09:34:11.0958 0x00e4 Number of processors: 2
09:34:11.0958 0x00e4 Page size: 0x1000
09:34:11.0958 0x00e4 Boot type: Normal boot
09:34:11.0958 0x00e4 ============================================================
09:34:12.0080 0x00e4 KLMD registered as C:\Windows\system32\drivers\74257599.sys
09:34:12.0589 0x00e4 System UUID: {7800C98F-BA55-20A9-6FAE-B03C72683442}
09:34:13.0216 0x00e4 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
09:34:13.0232 0x00e4 ============================================================
09:34:13.0232 0x00e4 \Device\Harddisk0\DR0:
09:34:13.0232 0x00e4 MBR partitions:
09:34:13.0232 0x00e4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xA4351E
09:34:13.0232 0x00e4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xA43D1E, BlocksNum 0x35ADE13B
09:34:13.0232 0x00e4 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x36521E59, BlocksNum 0x3E641D7
09:34:13.0232 0x00e4 ============================================================
09:34:13.0263 0x00e4 C: <-> \Device\Harddisk0\DR0\Partition2
09:34:13.0307 0x00e4 E: <-> \Device\Harddisk0\DR0\Partition3
09:34:13.0308 0x00e4 ============================================================
09:34:13.0308 0x00e4 Initialize success
09:34:13.0308 0x00e4 ============================================================
09:34:27.0655 0x1340 ============================================================
09:34:27.0655 0x1340 Scan started
09:34:27.0655 0x1340 Mode: Manual; SigCheck; TDLFS;
09:34:27.0655 0x1340 ============================================================
09:34:27.0655 0x1340 KSN ping started
09:34:41.0446 0x1340 KSN ping finished: true
09:34:42.0707 0x1340 ================ Scan system memory ========================
09:34:42.0707 0x1340 System memory - ok
09:34:42.0717 0x1340 ================ Scan services =============================
09:34:42.0877 0x1340 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:34:43.0047 0x1340 1394ohci - ok
09:34:43.0077 0x1340 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:34:43.0107 0x1340 ACPI - ok
09:34:43.0117 0x1340 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:34:43.0227 0x1340 AcpiPmi - ok
09:34:43.0347 0x1340 [ 81FDE4250DA1720657A42C2020B1AA28, 0E35C692347A576B41ADC45D922AF6B9F0A7F857E94A50842873A55D21F4C9D0 ] AcPrfMgrSvc C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
09:34:43.0387 0x1340 AcPrfMgrSvc - ok
09:34:43.0447 0x1340 [ 01A8EAA10F8B827F59CF506A97EC37C0, 44351082300A5B3A90F742F5C39AFF219D5FCF2F94CA7785DB2762AEB854212E ] AcSvc C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
09:34:43.0467 0x1340 AcSvc - ok
09:34:43.0567 0x1340 [ 8B46D5A1D3EF08232C04D0EAFB871FB2, 5306F8452EF675851CB0015F9E5C5EB750137D6D65C9CB7E47F8EF5B10A44D10 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
09:34:43.0597 0x1340 Adobe LM Service - detected UnsignedFile.Multi.Generic ( 1 )
09:34:46.0077 0x1340 Detect skipped due to KSN trusted
09:34:46.0077 0x1340 Adobe LM Service - ok
09:34:46.0167 0x1340 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:34:46.0207 0x1340 AdobeARMservice - ok
09:34:46.0317 0x1340 [ A6B6AB9502B63F43A9A56AE6AFB22078, DD1F0BA3D8F3333F52A71EAE3719A001F6EF844D647FFABF0E4C56C6C764ACA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:34:46.0357 0x1340 AdobeFlashPlayerUpdateSvc - ok
09:34:46.0407 0x1340 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:34:46.0447 0x1340 adp94xx - ok
09:34:46.0487 0x1340 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:34:46.0507 0x1340 adpahci - ok
09:34:46.0527 0x1340 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:34:46.0537 0x1340 adpu320 - ok
09:34:46.0567 0x1340 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:34:46.0697 0x1340 AeLookupSvc - ok
09:34:46.0777 0x1340 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
09:34:46.0867 0x1340 AFD - ok
09:34:46.0897 0x1340 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
09:34:46.0917 0x1340 agp440 - ok
09:34:46.0947 0x1340 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
09:34:47.0017 0x1340 ALG - ok
09:34:47.0047 0x1340 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
09:34:47.0067 0x1340 aliide - ok
09:34:47.0097 0x1340 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
09:34:47.0107 0x1340 amdide - ok
09:34:47.0127 0x1340 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:34:47.0157 0x1340 AmdK8 - ok
09:34:47.0177 0x1340 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:34:47.0197 0x1340 AmdPPM - ok
09:34:47.0227 0x1340 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:34:47.0237 0x1340 amdsata - ok
09:34:47.0257 0x1340 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:34:47.0277 0x1340 amdsbs - ok
09:34:47.0287 0x1340 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:34:47.0307 0x1340 amdxata - ok
09:34:47.0347 0x1340 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
09:34:47.0507 0x1340 AppID - ok
09:34:47.0547 0x1340 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:34:47.0597 0x1340 AppIDSvc - ok
09:34:47.0647 0x1340 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
09:34:47.0737 0x1340 Appinfo - ok
09:34:47.0817 0x1340 [ 6B73E94F9FE82D45781B8C8A09483082, C35EEAE7457168387A7C77A315524A3703ABDE49D9F23F59057315D9249D3473 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:34:47.0857 0x1340 Apple Mobile Device - ok
09:34:47.0887 0x1340 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
09:34:47.0927 0x1340 AppMgmt - ok
09:34:47.0997 0x1340 [ CF4AAEDE8E4747397E554024252C40F5, 3AC91BD286C51D3D05F01B8DEBCA417123A38751147B606F437D348A40FE2004 ] AQFileRestore C:\Windows\system32\DRIVERS\AQFileRestore.sys
09:34:48.0037 0x1340 AQFileRestore - ok
09:34:48.0077 0x1340 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
09:34:48.0097 0x1340 arc - ok
09:34:48.0117 0x1340 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:34:48.0127 0x1340 arcsas - ok
09:34:48.0237 0x1340 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:34:48.0317 0x1340 aspnet_state - ok
09:34:48.0387 0x1340 [ 340B0467E98A8C92697D73034DB4BCB7, 342572B566747A05DA5391CFC027A6703AECCE29C3D288428884D8641A35D0F5 ] aswHwid C:\Windows\system32\drivers\aswHwid.sys
09:34:48.0427 0x1340 aswHwid - ok
09:34:48.0487 0x1340 [ ED5B09937D559FFA53FC988D20031E98, EC9E50C9BC2184AE93944EA3115A25BADF5FFB91D11776498EBC9A0D60029A84 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
09:34:48.0517 0x1340 aswMonFlt - ok
09:34:48.0537 0x1340 [ 33C77DCB0AEC76E26BD6352A1A5281BB, CEA7BB3407C1F900DE5CB09F42AF7734811F86B7DE0085FADC7AAE8178D59665 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
09:34:48.0547 0x1340 aswRdr - ok
09:34:48.0587 0x1340 [ BF5B9E9E97CED45208E498D9FA73688F, BCB2CC516EAD040573D80599C2306ECB26FCCB16A97B940327CD3A3CE9077877 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
09:34:48.0597 0x1340 aswRvrt - ok
09:34:48.0707 0x1340 [ F88CE00A7736C349ED1414D7ECDC9BED, 8C0783CE32968874065C2F46088B34F9C872F26C98AB8E8BA895D84CCB25E534 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
09:34:48.0757 0x1340 aswSnx - ok
09:34:48.0807 0x1340 [ 3AE912B08E2A1ABB2B63F3C56BED95C2, BE99BA3A74427444FEE5D47D70BDBA631DBBF50D80B0483C0675F87119926765 ] aswSP C:\Windows\system32\drivers\aswSP.sys
09:34:48.0827 0x1340 aswSP - ok
09:34:48.0877 0x1340 [ A7115ED31675BB823CFA9FE571C25676, DEEBB3920934DCDDD488DCFCB1E6F4C7EFDD3C79F31E41D59E292C3CF9400E95 ] aswStm C:\Windows\system32\drivers\aswStm.sys
09:34:48.0907 0x1340 aswStm - ok
09:34:48.0947 0x1340 [ 47CBD3F64E412FFAFD93404580A3C7B9, F9B02E232416BAFC21BCBCDC0A3D9E5E855BFAF11F29ED2C4C469692E6688278 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
09:34:48.0967 0x1340 aswVmm - ok
09:34:49.0007 0x1340 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:34:49.0057 0x1340 AsyncMac - ok
09:34:49.0087 0x1340 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
09:34:49.0097 0x1340 atapi - ok
09:34:49.0177 0x1340 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:34:49.0247 0x1340 AudioEndpointBuilder - ok
09:34:49.0267 0x1340 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:34:49.0317 0x1340 AudioSrv - ok
09:34:49.0397 0x1340 [ 37D17AE2936867F88EB3C4CBCBC6B8A1, E1F4D288CE1E5482A5594C8F9EEDE1E8134466F5E0C7DA32D88985497CD8588B ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
09:34:49.0417 0x1340 avast! Antivirus - ok
09:34:49.0527 0x1340 [ 31D30350C785E48527C4A806F4C15C52, 98BCB249C8C369C538D8E3F0E3543CA91386936CF1B2D9FB7B468F912DC9161D ] AWRScheduler C:\Program Files (x86)\Caphyon\Advanced Web Ranking\Scheduler.exe
09:34:49.0557 0x1340 AWRScheduler - ok
09:34:49.0607 0x1340 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:34:49.0677 0x1340 AxInstSV - ok
09:34:49.0727 0x1340 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
09:34:49.0767 0x1340 b06bdrv - ok
09:34:49.0797 0x1340 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:34:49.0817 0x1340 b57nd60a - ok
09:34:49.0907 0x1340 [ 2ED050291BC1D7F9E322E328DB3AAECF, 906DB2E9A8020EDB33C9732C7BA2474D6600C9B14537AAD4EBFE924A7801794B ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
09:34:49.0937 0x1340 BBSvc - ok
09:34:50.0007 0x1340 [ 785DE7ABDA13309D6065305542829E76, 78F49A5349B66042836615EF99B4EB70FA708369D315D105513C04F33070D297 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
09:34:50.0037 0x1340 BBUpdate - ok
09:34:50.0077 0x1340 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
09:34:50.0137 0x1340 BDESVC - ok
09:34:50.0157 0x1340 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
09:34:50.0227 0x1340 Beep - ok
09:34:50.0317 0x1340 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
09:34:50.0389 0x1340 BFE - ok
09:34:50.0469 0x1340 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
09:34:50.0589 0x1340 BITS - ok
09:34:50.0619 0x1340 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:34:50.0649 0x1340 blbdrive - ok
09:34:50.0749 0x1340 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:34:50.0779 0x1340 Bonjour Service - ok
09:34:50.0809 0x1340 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:34:50.0839 0x1340 bowser - ok
09:34:50.0869 0x1340 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:34:50.0959 0x1340 BrFiltLo - ok
09:34:50.0989 0x1340 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:34:51.0029 0x1340 BrFiltUp - ok
09:34:51.0079 0x1340 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
09:34:51.0139 0x1340 Browser - ok
09:34:51.0169 0x1340 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:34:51.0249 0x1340 Brserid - ok
09:34:51.0269 0x1340 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:34:51.0299 0x1340 BrSerWdm - ok
09:34:51.0319 0x1340 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:34:51.0360 0x1340 BrUsbMdm - ok
09:34:51.0380 0x1340 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:34:51.0400 0x1340 BrUsbSer - ok
09:34:51.0440 0x1340 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
09:34:51.0550 0x1340 BthEnum - ok
09:34:51.0580 0x1340 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:34:51.0620 0x1340 BTHMODEM - ok
09:34:51.0640 0x1340 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
09:34:51.0680 0x1340 BthPan - ok
09:34:51.0720 0x1340 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
09:34:51.0770 0x1340 BTHPORT - ok
09:34:51.0810 0x1340 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
09:34:51.0860 0x1340 bthserv - ok
09:34:51.0890 0x1340 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
09:34:51.0920 0x1340 BTHUSB - ok
09:34:51.0970 0x1340 [ 32B94975BF6F101C27C43E90FF8ABBEB, B5475D9A705894CBFA583D6E9DAF969527A75800E98D0288182BAB2F10136642 ] busenum C:\Windows\system32\DRIVERS\busenum.sys
09:34:52.0000 0x1340 busenum - ok
09:34:52.0060 0x1340 [ 9C4E50BEA239E2D45099EC919F779DB0, 4B2C557CE8B416A841A5399128AD5D53F369B18E47AC36951F7846C78F875FC7 ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys
09:34:52.0080 0x1340 CAXHWAZL - ok
09:34:52.0110 0x1340 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:34:52.0190 0x1340 cdfs - ok
09:34:52.0240 0x1340 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:34:52.0290 0x1340 cdrom - ok
09:34:52.0340 0x1340 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
09:34:52.0410 0x1340 CertPropSvc - ok
09:34:52.0430 0x1340 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:34:52.0460 0x1340 circlass - ok
09:34:52.0490 0x1340 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
09:34:52.0520 0x1340 CLFS - ok
09:34:52.0580 0x1340 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:34:52.0620 0x1340 clr_optimization_v2.0.50727_32 - ok
09:34:52.0660 0x1340 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:34:52.0690 0x1340 clr_optimization_v2.0.50727_64 - ok
09:34:52.0780 0x1340 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:34:52.0810 0x1340 clr_optimization_v4.0.30319_32 - ok
09:34:52.0840 0x1340 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:34:52.0960 0x1340 clr_optimization_v4.0.30319_64 - ok
09:34:53.0000 0x1340 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:34:53.0020 0x1340 CmBatt - ok
09:34:53.0040 0x1340 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:34:53.0050 0x1340 cmdide - ok
09:34:53.0100 0x1340 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
09:34:53.0140 0x1340 CNG - ok
09:34:53.0200 0x1340 [ D3C4F72E8F8DC523B02A0C313CEEEA99, 754A7A75EBD0D8C67C286984BE79120480F3DCCD5271228D5A5006ADE62F82D1 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
09:34:53.0280 0x1340 CnxtHdAudService - ok
09:34:53.0310 0x1340 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:34:53.0330 0x1340 Compbatt - ok
09:34:53.0360 0x1340 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:34:53.0400 0x1340 CompositeBus - ok
09:34:53.0430 0x1340 COMSysApp - ok
09:34:53.0450 0x1340 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:34:53.0470 0x1340 crcdisk - ok
09:34:53.0530 0x1340 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:34:53.0580 0x1340 CryptSvc - ok
09:34:53.0640 0x1340 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
09:34:53.0730 0x1340 CSC - ok
09:34:53.0790 0x1340 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
09:34:53.0850 0x1340 CscService - ok
09:34:53.0910 0x1340 [ D06E443457FADC6B1AFAF3AA4B6936F6, 109B4D05E156604AFB3D63B380CC063B900AEB12F57A1D235B9F9399EE0909C7 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
09:34:53.0950 0x1340 dc3d - ok
09:34:54.0000 0x1340 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:34:54.0070 0x1340 DcomLaunch - ok
09:34:54.0110 0x1340 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
09:34:54.0160 0x1340 defragsvc - ok
09:34:54.0190 0x1340 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:34:54.0240 0x1340 DfsC - ok
09:34:54.0310 0x1340 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
09:34:54.0391 0x1340 Dhcp - ok
09:34:54.0431 0x1340 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
09:34:54.0521 0x1340 discache - ok
09:34:54.0561 0x1340 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:34:54.0571 0x1340 Disk - ok
09:34:54.0611 0x1340 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:34:54.0661 0x1340 Dnscache - ok
09:34:54.0701 0x1340 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
09:34:54.0751 0x1340 dot3svc - ok
09:34:54.0801 0x1340 [ 9597BCB69286FF017DB1A0FB8144408D, B477E4E7C3B49A77075B3165079E29FF1908C81E2BCCB930B47DCCF7DA5C417C ] DozeSvc C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
09:34:54.0821 0x1340 DozeSvc - ok
09:34:54.0861 0x1340 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
09:34:54.0911 0x1340 DPS - ok
09:34:54.0941 0x1340 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:34:54.0981 0x1340 drmkaud - ok
09:34:55.0081 0x1340 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:34:55.0111 0x1340 DXGKrnl - ok
09:34:55.0181 0x1340 [ 3CE83D7EE95D9C9F03323810A2E747DF, 50E34E2EC26584A1BE06EA5049481D1AE2F3213B2A81BA86411623ADCEE24F53 ] DzHDD64 C:\Windows\system32\DRIVERS\DzHDD64.sys
09:34:55.0201 0x1340 DzHDD64 - ok
09:34:55.0251 0x1340 [ 11D0ECA73AB25135F65656B93ADBCB3D, 65970D64DFB2272C36918D47B440ECDB45D99BAABB78651BF67D1BD0026A45CC ] e1yexpress C:\Windows\system32\DRIVERS\e1y62x64.sys
09:34:55.0271 0x1340 e1yexpress - ok
09:34:55.0311 0x1340 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
09:34:55.0361 0x1340 EapHost - ok
09:34:55.0484 0x1340 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
09:34:55.0613 0x1340 ebdrv - ok
09:34:55.0653 0x1340 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
09:34:55.0733 0x1340 EFS - ok
09:34:55.0803 0x1340 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:34:55.0883 0x1340 ehRecvr - ok
09:34:55.0913 0x1340 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
09:34:55.0953 0x1340 ehSched - ok
09:34:56.0003 0x1340 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:34:56.0033 0x1340 elxstor - ok
09:34:56.0063 0x1340 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:34:56.0103 0x1340 ErrDev - ok
09:34:56.0153 0x1340 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
09:34:56.0203 0x1340 EventSystem - ok
09:34:56.0223 0x1340 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
09:34:56.0263 0x1340 exfat - ok
09:34:56.0283 0x1340 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:34:56.0333 0x1340 fastfat - ok
09:34:56.0423 0x1340 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
09:34:56.0483 0x1340 Fax - ok
09:34:56.0503 0x1340 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:34:56.0523 0x1340 fdc - ok
09:34:56.0553 0x1340 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
09:34:56.0603 0x1340 fdPHost - ok
09:34:56.0623 0x1340 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
09:34:56.0663 0x1340 FDResPub - ok
09:34:56.0683 0x1340 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:34:56.0693 0x1340 FileInfo - ok
09:34:56.0713 0x1340 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:34:56.0753 0x1340 Filetrace - ok
09:34:56.0773 0x1340 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:34:56.0793 0x1340 flpydisk - ok
09:34:56.0833 0x1340 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:34:56.0853 0x1340 FltMgr - ok
09:34:56.0923 0x1340 [ 813155B27B68DACCBAECCCEEA60BD8BF, 24BD34825B0D1A1DCB9BD1834733B21A8EB2DA49B9B31F8B1AFC1D71DC8CE823 ] FolderSize C:\Program Files\FolderSize\FolderSizeSvc.exe
09:34:56.0933 0x1340 FolderSize - detected UnsignedFile.Multi.Generic ( 1 )
09:34:59.0393 0x1340 Detect skipped due to KSN trusted
09:34:59.0393 0x1340 FolderSize - ok
09:34:59.0493 0x1340 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
09:34:59.0563 0x1340 FontCache - ok
09:34:59.0623 0x1340 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:34:59.0663 0x1340 FontCache3.0.0.0 - ok
09:34:59.0689 0x1340 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:34:59.0702 0x1340 FsDepends - ok
09:34:59.0745 0x1340 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:34:59.0755 0x1340 Fs_Rec - ok
09:34:59.0805 0x1340 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:34:59.0845 0x1340 fvevol - ok
09:34:59.0865 0x1340 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:34:59.0885 0x1340 gagp30kx - ok
09:34:59.0915 0x1340 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:34:59.0925 0x1340 GEARAspiWDM - ok
09:35:00.0005 0x1340 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
09:35:00.0115 0x1340 gpsvc - ok
09:35:00.0185 0x1340 [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
09:35:00.0205 0x1340 gusvc - ok
09:35:00.0225 0x1340 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:35:00.0265 0x1340 hcw85cir - ok
09:35:00.0315 0x1340 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:35:00.0375 0x1340 HdAudAddService - ok
09:35:00.0405 0x1340 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:35:00.0445 0x1340 HDAudBus - ok
09:35:00.0475 0x1340 [ 15C9789470B8855AC2F54FDF96802D13, 5375BBA13219456DA87023F206732BF76F934DC04C8E298C7C5E94944CC268D4 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
09:35:00.0485 0x1340 HECIx64 - ok
09:35:00.0505 0x1340 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:35:00.0535 0x1340 HidBatt - ok
09:35:00.0545 0x1340 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:35:00.0585 0x1340 HidBth - ok
09:35:00.0615 0x1340 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:35:00.0655 0x1340 HidIr - ok
09:35:00.0675 0x1340 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
09:35:00.0725 0x1340 hidserv - ok
09:35:00.0775 0x1340 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:35:00.0825 0x1340 HidUsb - ok
09:35:00.0865 0x1340 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:35:00.0935 0x1340 hkmsvc - ok
09:35:00.0985 0x1340 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:35:01.0025 0x1340 HomeGroupListener - ok
09:35:01.0065 0x1340 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:35:01.0095 0x1340 HomeGroupProvider - ok
09:35:01.0135 0x1340 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:35:01.0145 0x1340 HpSAMD - ok
09:35:01.0265 0x1340 [ 447256D1C026654C5CD3CC17E7B20631, F89589AC17BC50483E6687963370937E6CD19D6030F30D70577A7DA266116919 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
09:35:01.0315 0x1340 HsfXAudioService - ok
09:35:01.0385 0x1340 [ 5A518B63D408B2DBC1778788456E1A66, 177A11C53E9B00A166DB8942F43C0FB6F5699248D2D2D8061C5057CE4E882C3B ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
09:35:01.0435 0x1340 HSF_DPV - ok
09:35:01.0475 0x1340 [ F47CEC45FB85791D4AB237563AD0FA8F, 1035066D48BD179855BCA7F62EFA1B951E6E839D2E29E15A31844E18A126DD41 ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
09:35:01.0535 0x1340 HTCAND64 - ok
09:35:01.0585 0x1340 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:35:01.0655 0x1340 HTTP - ok
09:35:01.0695 0x1340 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:35:01.0715 0x1340 hwpolicy - ok
09:35:01.0745 0x1340 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:35:01.0765 0x1340 i8042prt - ok
09:35:01.0805 0x1340 [ BBB3B6DF1ABB0FE35802EDE85CC1C011, 6E1FA8519A7D417969244E807D2863B39656169A925966045036A989A5EB611D ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
09:35:01.0825 0x1340 iaStor - ok
09:35:01.0885 0x1340 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:35:01.0925 0x1340 iaStorV - ok
09:35:01.0965 0x1340 [ 6C7FE2FD06EF34A7972E34C876FC78DF, B545A10DEEF59B8145D3D20361DA7F1C0FD27B6273B126B500594D6456C3FC06 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
09:35:01.0985 0x1340 IBMPMDRV - ok
09:35:02.0015 0x1340 [ 5A1E3B4BA187327DF5FF122F96FA753A, AED93AA268F75D46752FCE5189392EE41225DA45F7D67C73B77629C8227E5084 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
09:35:02.0045 0x1340 IBMPMSVC - ok
09:35:02.0135 0x1340 [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
09:35:02.0165 0x1340 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
09:35:04.0645 0x1340 Detect skipped due to KSN trusted
09:35:04.0645 0x1340 IDriverT - ok
09:35:04.0745 0x1340 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:35:04.0785 0x1340 idsvc - ok
09:35:04.0815 0x1340 IEEtwCollectorService - ok
09:35:05.0155 0x1340 [ 4EAA4261E1AD4B860657CADA790B9B38, BC4D7F207F1A7D67371169545D2C68D696EF69DF4C740F74D6ABFBE4B5CA48A6 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
09:35:05.0679 0x1340 igfx - ok
09:35:05.0729 0x1340 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:35:05.0739 0x1340 iirsp - ok
09:35:05.0829 0x1340 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
09:35:05.0879 0x1340 IKEEXT - ok
09:35:05.0899 0x1340 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
09:35:05.0909 0x1340 intelide - ok
09:35:05.0939 0x1340 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:35:05.0969 0x1340 intelppm - ok
09:35:05.0999 0x1340 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:35:06.0049 0x1340 IPBusEnum - ok
09:35:06.0089 0x1340 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:35:06.0129 0x1340 IpFilterDriver - ok
09:35:06.0159 0x1340 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:35:06.0169 0x1340 IPMIDRV - ok
09:35:06.0199 0x1340 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:35:06.0249 0x1340 IPNAT - ok
09:35:06.0349 0x1340 [ 68A5EDD4843CF0033BAE537C9C495F69, 386C66A6562218D0F0A616D75457CDA4B82DB87DC3DA83935497819963DB6D86 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:35:06.0379 0x1340 iPod Service - ok
09:35:06.0409 0x1340 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:35:06.0449 0x1340 IRENUM - ok
09:35:06.0469 0x1340 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:35:06.0479 0x1340 isapnp - ok
09:35:06.0539 0x1340 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:35:06.0569 0x1340 iScsiPrt - ok
09:35:06.0599 0x1340 [ 213822072085B5BBAD9AF30AB577D817, 2C373B804D840933EC3A5F3ABFC43E47C2636CDB2431AB51846C565077B7C468 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
09:35:06.0609 0x1340 IviRegMgr - ok
09:35:06.0619 0x1340 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:35:06.0629 0x1340 kbdclass - ok
09:35:06.0659 0x1340 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:35:06.0689 0x1340 kbdhid - ok
09:35:06.0709 0x1340 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
09:35:06.0729 0x1340 KeyIso - ok
09:35:06.0769 0x1340 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:35:06.0779 0x1340 KSecDD - ok
09:35:06.0799 0x1340 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:35:06.0819 0x1340 KSecPkg - ok
09:35:06.0849 0x1340 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:35:06.0899 0x1340 ksthunk - ok
09:35:06.0959 0x1340 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
09:35:07.0059 0x1340 KtmRm - ok
09:35:07.0109 0x1340 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:35:07.0169 0x1340 LanmanServer - ok
09:35:07.0229 0x1340 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:35:07.0329 0x1340 LanmanWorkstation - ok
09:35:07.0409 0x1340 [ A4973DF3264791952D6D7AB56565DD55, 4A2666889AC619EB2F5FDC876001D9043F04D58372FDF72AE0C31F51B6CE61F8 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
09:35:07.0429 0x1340 LENOVO.CAMMUTE - ok
09:35:07.0459 0x1340 [ 2B9D8555DC004E240082D18E7725CE20, 9DEF9463CB099C0BC8782C1E5FCE62F038B971ABC12966774D1F83569B081A42 ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys
09:35:07.0469 0x1340 lenovo.smi - ok
09:35:07.0479 0x1340 [ 05D72DE005BE625CE60CE3BE4FAB9714, D26226161C89F09EF8A2F3AFFD551C684696C4D73CAB7338162008EB0B480D85 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
09:35:07.0489 0x1340 LENOVO.TPKNRSVC - ok
09:35:07.0509 0x1340 [ F7DE50781DC4D162C1005EB30D98F931, CDD07CD2E300DCD818CF97AC05CAFD2BA5568CEA10622D69E156CFC936DD4769 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
09:35:07.0519 0x1340 Lenovo.VIRTSCRLSVC - ok
09:35:07.0549 0x1340 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:35:07.0599 0x1340 lltdio - ok
09:35:07.0639 0x1340 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:35:07.0709 0x1340 lltdsvc - ok
09:35:07.0719 0x1340 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:35:07.0769 0x1340 lmhosts - ok
09:35:07.0799 0x1340 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:35:07.0809 0x1340 LSI_FC - ok
09:35:07.0829 0x1340 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:35:07.0839 0x1340 LSI_SAS - ok
09:35:07.0859 0x1340 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:35:07.0869 0x1340 LSI_SAS2 - ok
09:35:07.0879 0x1340 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:35:07.0899 0x1340 LSI_SCSI - ok
09:35:07.0919 0x1340 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
09:35:07.0959 0x1340 luafv - ok
09:35:08.0029 0x1340 [ 0C85B2B6FB74B36A251792D45E0EF860, 2E04204560C1159ABC25F273B0B7F81FDF9BA5E88C17929FD924C4E945DE5020 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
09:35:08.0069 0x1340 LVRS64 - ok
09:35:08.0239 0x1340 [ FF3A488924B0032B1A9CA6948C1FA9E8, 6F05852B75498210926F5CDF49D2A6DD97C39CD93D32E3200D7240AADA3E7BEE ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
09:35:08.0379 0x1340 LVUVC64 - ok
09:35:08.0430 0x1340 [ B8EAC4507EB4655377B1E094FCE7F12E, FF094A752224F2A5F4866B56D84B80DB18467776645C01B4CADAB85C377B9EE8 ] Macromedia Licensing Service C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
09:35:08.0440 0x1340 Macromedia Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
09:35:10.0890 0x1340 Detect skipped due to KSN trusted
09:35:10.0890 0x1340 Macromedia Licensing Service - ok
09:35:10.0940 0x1340 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:35:10.0970 0x1340 Mcx2Svc - ok
09:35:11.0010 0x1340 [ FC631425ED761EA1F24738AA15FF5A7D, CB8CE73E35B8C44B8F61EE2E72826225E60C1F6B40613727409F898A91D39AF0 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:35:11.0020 0x1340 mdmxsdk - ok
09:35:11.0040 0x1340 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:35:11.0060 0x1340 megasas - ok
09:35:11.0080 0x1340 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:35:11.0100 0x1340 MegaSR - ok
09:35:11.0130 0x1340 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
09:35:11.0170 0x1340 MMCSS - ok
09:35:11.0190 0x1340 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
09:35:11.0240 0x1340 Modem - ok
09:35:11.0280 0x1340 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:35:11.0300 0x1340 monitor - ok
09:35:11.0330 0x1340 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:35:11.0340 0x1340 mouclass - ok
09:35:11.0360 0x1340 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:35:11.0410 0x1340 mouhid - ok
09:35:11.0450 0x1340 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:35:11.0470 0x1340 mountmgr - ok
09:35:11.0590 0x1340 [ 4E9D8041D352A33332FD6F59A3A78B03, D4E6229B07EF9866993EEE4F6223DC7F1FF1108273FE14A3DC74E65C181DE56A ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:35:11.0620 0x1340 MozillaMaintenance - ok
09:35:11.0650 0x1340 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
09:35:11.0670 0x1340 mpio - ok
09:35:11.0690 0x1340 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:35:11.0730 0x1340 mpsdrv - ok
09:35:11.0810 0x1340 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:35:11.0890 0x1340 MpsSvc - ok
09:35:11.0940 0x1340 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:35:11.0990 0x1340 MRxDAV - ok
09:35:12.0030 0x1340 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:35:12.0070 0x1340 mrxsmb - ok
09:35:12.0110 0x1340 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:35:12.0140 0x1340 mrxsmb10 - ok
09:35:12.0150 0x1340 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:35:12.0190 0x1340 mrxsmb20 - ok
09:35:12.0220 0x1340 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
09:35:12.0230 0x1340 msahci - ok
09:35:12.0260 0x1340 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:35:12.0270 0x1340 msdsm - ok
09:35:12.0290 0x1340 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
09:35:12.0320 0x1340 MSDTC - ok
09:35:12.0360 0x1340 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:35:12.0420 0x1340 Msfs - ok
09:35:12.0430 0x1340 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:35:12.0470 0x1340 mshidkmdf - ok
09:35:12.0490 0x1340 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:35:12.0500 0x1340 msisadrv - ok
09:35:12.0540 0x1340 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:35:12.0590 0x1340 MSiSCSI - ok
09:35:12.0600 0x1340 msiserver - ok
09:35:12.0620 0x1340 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:35:12.0670 0x1340 MSKSSRV - ok
09:35:12.0680 0x1340 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:35:12.0720 0x1340 MSPCLOCK - ok
09:35:12.0730 0x1340 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:35:12.0780 0x1340 MSPQM - ok
09:35:12.0850 0x1340 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:35:12.0880 0x1340 MsRPC - ok
09:35:12.0910 0x1340 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:35:12.0920 0x1340 mssmbios - ok
09:35:12.0940 0x1340 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:35:12.0990 0x1340 MSTEE - ok
09:35:13.0000 0x1340 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:35:13.0020 0x1340 MTConfig - ok
09:35:13.0030 0x1340 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
09:35:13.0050 0x1340 Mup - ok
09:35:13.0090 0x1340 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
09:35:13.0150 0x1340 napagent - ok
09:35:13.0190 0x1340 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:35:13.0240 0x1340 NativeWifiP - ok
09:35:13.0330 0x1340 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
09:35:13.0370 0x1340 NDIS - ok
09:35:13.0380 0x1340 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:35:13.0430 0x1340 NdisCap - ok
09:35:13.0441 0x1340 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:35:13.0491 0x1340 NdisTapi - ok
09:35:13.0541 0x1340 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:35:13.0591 0x1340 Ndisuio - ok
09:35:13.0621 0x1340 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:35:13.0661 0x1340 NdisWan - ok
09:35:13.0691 0x1340 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:35:13.0761 0x1340 NDProxy - ok
09:35:13.0791 0x1340 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:35:13.0841 0x1340 NetBIOS - ok
09:35:13.0881 0x1340 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:35:13.0921 0x1340 NetBT - ok
09:35:13.0931 0x1340 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
09:35:13.0951 0x1340 Netlogon - ok
09:35:13.0991 0x1340 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
09:35:14.0041 0x1340 Netman - ok
09:35:14.0111 0x1340 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:35:14.0171 0x1340 NetMsmqActivator - ok
09:35:14.0181 0x1340 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:35:14.0191 0x1340 NetPipeActivator - ok
09:35:14.0221 0x1340 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
09:35:14.0281 0x1340 netprofm - ok
09:35:14.0301 0x1340 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:35:14.0321 0x1340 NetTcpActivator - ok
09:35:14.0331 0x1340 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:35:14.0341 0x1340 NetTcpPortSharing - ok
09:35:14.0551 0x1340 [ 64428DFDAF6E88366CB51F45A79C5F69, 31187D38C1AB52120A3CB7AC3CE47ED9682AC37B0F06B9A9610C0065DD4E7B13 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
09:35:14.0741 0x1340 netw5v64 - ok
09:35:14.0781 0x1340 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:35:14.0791 0x1340 nfrd960 - ok
09:35:14.0841 0x1340 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:35:14.0881 0x1340 NlaSvc - ok
09:35:14.0901 0x1340 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:35:14.0941 0x1340 Npfs - ok
09:35:14.0961 0x1340 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
09:35:15.0001 0x1340 nsi - ok
09:35:15.0011 0x1340 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:35:15.0051 0x1340 nsiproxy - ok
09:35:15.0161 0x1340 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:35:15.0221 0x1340 Ntfs - ok
09:35:15.0271 0x1340 [ 96ACBF3DDC38A52FEE115F577F36568F, DB8CB01971208C8D7A306A5FEDA39A3802195123E6B801DFB905B0E1934D3C96 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
09:35:15.0301 0x1340 NuidFltr - ok
09:35:15.0321 0x1340 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
09:35:15.0371 0x1340 Null - ok
09:35:15.0411 0x1340 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:35:15.0431 0x1340 nvraid - ok
09:35:15.0461 0x1340 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:35:15.0481 0x1340 nvstor - ok
09:35:15.0511 0x1340 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:35:15.0521 0x1340 nv_agp - ok
09:35:15.0541 0x1340 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:35:15.0561 0x1340 ohci1394 - ok
09:35:15.0611 0x1340 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:35:15.0651 0x1340 ose - ok
09:35:15.0841 0x1340 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:35:15.0983 0x1340 osppsvc - ok
09:35:16.0033 0x1340 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:35:16.0073 0x1340 p2pimsvc - ok
09:35:16.0103 0x1340 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
09:35:16.0143 0x1340 p2psvc - ok
09:35:16.0183 0x1340 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:35:16.0193 0x1340 Parport - ok
09:35:16.0243 0x1340 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:35:16.0283 0x1340 partmgr - ok
09:35:16.0313 0x1340 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
09:35:16.0343 0x1340 PcaSvc - ok
09:35:16.0363 0x1340 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
09:35:16.0383 0x1340 pci - ok
09:35:16.0403 0x1340 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
09:35:16.0413 0x1340 pciide - ok
09:35:16.0423 0x1340 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:35:16.0443 0x1340 pcmcia - ok
09:35:16.0443 0x1340 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
09:35:16.0463 0x1340 pcw - ok
09:35:16.0493 0x1340 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:35:16.0563 0x1340 PEAUTH - ok
09:35:16.0623 0x1340 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
09:35:16.0703 0x1340 PeerDistSvc - ok
09:35:16.0723 0x1340 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:35:16.0753 0x1340 PerfHost - ok
09:35:16.0853 0x1340 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
09:35:16.0943 0x1340 pla - ok
09:35:17.0023 0x1340 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:35:17.0073 0x1340 PlugPlay - ok
09:35:17.0093 0x1340 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:35:17.0123 0x1340 PNRPAutoReg - ok
09:35:17.0143 0x1340 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:35:17.0173 0x1340 PNRPsvc - ok
09:35:17.0193 0x1340 [ 34A8FAE065249F85A67A3215FF5ECB34, 913297755C1046BA004E79660B7DA5BBE5E92B96AAA83D78AE3FF379371950D5 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
09:35:17.0213 0x1340 Point64 - ok
09:35:17.0273 0x1340 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:35:17.0343 0x1340 PolicyAgent - ok
09:35:17.0373 0x1340 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
09:35:17.0413 0x1340 Power - ok
09:35:17.0533 0x1340 [ DEED60F99C5B8E386D507860F600D509, 1662F4F7C2CB305C6794B0FF546550393DC7C7FCC709C2D342A7092B446830AA ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
09:35:17.0603 0x1340 Power Manager DBC Service - ok
09:35:17.0663 0x1340 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:35:17.0723 0x1340 PptpMiniport - ok
09:35:17.0753 0x1340 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:35:17.0773 0x1340 Processor - ok
09:35:17.0813 0x1340 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
09:35:17.0863 0x1340 ProfSvc - ok
09:35:17.0883 0x1340 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:35:17.0903 0x1340 ProtectedStorage - ok
09:35:17.0923 0x1340 [ 05A4779E4994B21473EDBE85AABE8030, AFD597461B036FDE42013648A4D542B02AE1D7E128BF0B193BA4B478432F0C72 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
09:35:17.0933 0x1340 psadd - ok
09:35:17.0983 0x1340 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:35:18.0033 0x1340 Psched - ok
09:35:18.0073 0x1340 [ DD3FD48D69F5FBBB21D46D1514C1C2DB, 2B188E3AC4BD9B608D375DD550507717852C2AF7C0F99FFED90098999B9D4F01 ] PSI C:\Windows\system32\DRIVERS\psi_mf_amd64.sys
09:35:18.0083 0x1340 PSI - ok
09:35:18.0213 0x1340 [ 68DCE950DCD2ABBB82362D383EC5836E, 5A3E0ABE32BA53A0D719757222455BE9308844C4968CA27B178C86BCF6FDC4DC ] PwmEWSvc C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
09:35:18.0263 0x1340 PwmEWSvc - ok
09:35:18.0373 0x1340 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:35:18.0443 0x1340 ql2300 - ok
09:35:18.0473 0x1340 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:35:18.0493 0x1340 ql40xx - ok
09:35:18.0513 0x1340 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
09:35:18.0553 0x1340 QWAVE - ok
09:35:18.0573 0x1340 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:35:18.0603 0x1340 QWAVEdrv - ok
09:35:18.0613 0x1340 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:35:18.0663 0x1340 RasAcd - ok
09:35:18.0693 0x1340 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:35:18.0733 0x1340 RasAgileVpn - ok
09:35:18.0743 0x1340 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
09:35:18.0793 0x1340 RasAuto - ok
09:35:18.0823 0x1340 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:35:18.0873 0x1340 Rasl2tp - ok
09:35:18.0923 0x1340 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
09:35:18.0963 0x1340 RasMan - ok
09:35:18.0993 0x1340 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:35:19.0043 0x1340 RasPppoe - ok
09:35:19.0053 0x1340 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:35:19.0103 0x1340 RasSstp - ok
09:35:19.0163 0x1340 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:35:19.0235 0x1340 rdbss - ok
09:35:19.0255 0x1340 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:35:19.0285 0x1340 rdpbus - ok
09:35:19.0305 0x1340 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:35:19.0345 0x1340 RDPCDD - ok
09:35:19.0385 0x1340 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
09:35:19.0425 0x1340 RDPDR - ok
09:35:19.0455 0x1340 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:35:19.0495 0x1340 RDPENCDD - ok
09:35:19.0505 0x1340 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:35:19.0555 0x1340 RDPREFMP - ok
09:35:19.0615 0x1340 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:35:19.0675 0x1340 RdpVideoMiniport - ok
09:35:19.0725 0x1340 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:35:19.0805 0x1340 RDPWD - ok
09:35:19.0865 0x1340 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:35:19.0895 0x1340 rdyboost - ok
09:35:19.0925 0x1340 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:35:19.0965 0x1340 RemoteAccess - ok
09:35:19.0995 0x1340 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:35:20.0035 0x1340 RemoteRegistry - ok
09:35:20.0065 0x1340 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
09:35:20.0105 0x1340 RFCOMM - ok
09:35:20.0125 0x1340 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:35:20.0165 0x1340 RpcEptMapper - ok
09:35:20.0185 0x1340 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
09:35:20.0205 0x1340 RpcLocator - ok
09:35:20.0255 0x1340 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
09:35:20.0305 0x1340 RpcSs - ok
09:35:20.0315 0x1340 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:35:20.0365 0x1340 rspndr - ok
09:35:20.0425 0x1340 [ 0583056B3E41CD3011D1E4764BE7E2B5, D3F6ACA0B1B620A79E65246B2E5975F9C722BDD2D8E65827C20509416CD8F7ED ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
09:35:20.0465 0x1340 rtl8192se - ok
09:35:20.0515 0x1340 [ 301FBA4594FB5C0A469299A65106B4AA, 53683D49420B4647DBA63B1A6328511620DF615EAE6F42221A16AD3D3B77EE19 ] s1018bus C:\Windows\system32\DRIVERS\s1018bus.sys
09:35:20.0555 0x1340 s1018bus - ok
09:35:20.0585 0x1340 [ D1D7C744F79710357E60FC04D125ED01, E7C10217323887E2605872720BB36BAB5CF3E24BDA1365F033A79EBB817A397B ] s1018mdfl C:\Windows\system32\DRIVERS\s1018mdfl.sys
09:35:20.0605 0x1340 s1018mdfl - ok
09:35:20.0615 0x1340 [ 7DBE12CCCD837D4266B2DDD80A329C09, 557873A5D508471108F1756FEE5D88F80702D7CA3D7684B61046C1C5A80E14D9 ] s1018mdm C:\Windows\system32\DRIVERS\s1018mdm.sys
09:35:20.0625 0x1340 s1018mdm - ok
09:35:20.0645 0x1340 [ 065FF5E62D2D18A6D93FD925546CD549, 18D38DA96C618B96BE715E2E3F17C15E80468879DB68E3AAB333E0CBB3822070 ] s1018mgmt C:\Windows\system32\DRIVERS\s1018mgmt.sys
09:35:20.0665 0x1340 s1018mgmt - ok
09:35:20.0705 0x1340 [ 5101D815BDF0D667E3D5F0EA727CAAEE, 070BCE2EE15DD067E794BF80A79011B646775E55EE848614DFD45E405420AB0D ] s1018nd5 C:\Windows\system32\DRIVERS\s1018nd5.sys
09:35:20.0725 0x1340 s1018nd5 - ok
09:35:20.0745 0x1340 [ 13F220C65B444AC9BDA49DACFC3230BB, 996B46949AEE14D1D43D9D68759CA0EBA7C43B83363E2F2C674A9A0A249C7881 ] s1018obex C:\Windows\system32\DRIVERS\s1018obex.sys
09:35:20.0755 0x1340 s1018obex - ok
09:35:20.0795 0x1340 [ CE7D8BCE80211D8A35F6BD7A87791860, 93A5DEB41B5AA3F706EB5F601BB3CFF45B51310BBB3D0320A91B4A2CF9560B6D ] s1018unic C:\Windows\system32\DRIVERS\s1018unic.sys
09:35:20.0825 0x1340 s1018unic - ok
09:35:20.0855 0x1340 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
09:35:20.0875 0x1340 s3cap - ok
09:35:20.0895 0x1340 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
09:35:20.0905 0x1340 SamSs - ok
09:35:20.0935 0x1340 SANDRA - ok
09:35:20.0945 0x1340 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:35:20.0965 0x1340 sbp2port - ok
09:35:20.0995 0x1340 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:35:21.0035 0x1340 SCardSvr - ok
09:35:21.0075 0x1340 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:35:21.0115 0x1340 scfilter - ok
09:35:21.0195 0x1340 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
09:35:21.0285 0x1340 Schedule - ok
09:35:21.0315 0x1340 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
09:35:21.0345 0x1340 SCPolicySvc - ok
09:35:21.0385 0x1340 [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus C:\Windows\system32\drivers\sdbus.sys
09:35:21.0415 0x1340 sdbus - ok
09:35:21.0475 0x1340 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:35:21.0525 0x1340 SDRSVC - ok
09:35:21.0675 0x1340 [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
09:35:21.0725 0x1340 SDScannerService - ok
09:35:21.0805 0x1340 [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
09:35:21.0865 0x1340 SDUpdateService - ok
09:35:21.0905 0x1340 [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
09:35:21.0915 0x1340 SDWSCService - ok
09:35:21.0955 0x1340 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:35:22.0005 0x1340 secdrv - ok
09:35:22.0035 0x1340 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
09:35:22.0075 0x1340 seclogon - ok
09:35:22.0185 0x1340 [ 398A81D590424441B2F5C5C08073CADB, 1E064DFCC49EB0D8A4150276BF796B9DFA030C451570A170EC940F8CBAAD80F3 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
09:35:22.0235 0x1340 Secunia PSI Agent - ok
09:35:22.0285 0x1340 [ 8C2D3A80FC90A860F0F24DEB67471481, CE4D17B63149C44B4CD5CB7776FD4705DC675F6D2D077D53BE15578294EBC9D4 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
09:35:22.0305 0x1340 Secunia Update Agent - ok
09:35:22.0335 0x1340 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
09:35:22.0385 0x1340 SENS - ok
09:35:22.0405 0x1340 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:35:22.0475 0x1340 SensrSvc - ok
09:35:22.0505 0x1340 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:35:22.0525 0x1340 Serenum - ok
09:35:22.0545 0x1340 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:35:22.0565 0x1340 Serial - ok
09:35:22.0595 0x1340 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:35:22.0655 0x1340 sermouse - ok
09:35:22.0705 0x1340 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
09:35:22.0775 0x1340 SessionEnv - ok
09:35:22.0785 0x1340 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:35:22.0815 0x1340 sffdisk - ok
09:35:22.0835 0x1340 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:35:22.0865 0x1340 sffp_mmc - ok
09:35:22.0865 0x1340 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:35:22.0885 0x1340 sffp_sd - ok
09:35:22.0905 0x1340 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:35:22.0915 0x1340 sfloppy - ok
09:35:22.0955 0x1340 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:35:22.0995 0x1340 SharedAccess - ok
09:35:23.0015 0x1340 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:35:23.0065 0x1340 ShellHWDetection - ok
09:35:23.0115 0x1340 [ C3F190562FE82EFDA7CCEF305EBAD3E3, BE809035A9B11945B3BB630F73A7651BBD4D1EA2091060378BCF7AD20003BBE4 ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys
09:35:23.0135 0x1340 Shockprf - ok
09:35:23.0165 0x1340 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:35:23.0185 0x1340 SiSRaid2 - ok
09:35:23.0195 0x1340 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:35:23.0215 0x1340 SiSRaid4 - ok
09:35:23.0285 0x1340 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:35:23.0325 0x1340 SkypeUpdate - ok
09:35:23.0355 0x1340 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:35:23.0415 0x1340 Smb - ok
09:35:23.0455 0x1340 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:35:23.0485 0x1340 SNMPTRAP - ok
09:35:23.0505 0x1340 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
09:35:23.0525 0x1340 spldr - ok
09:35:23.0575 0x1340 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
09:35:23.0625 0x1340 Spooler - ok
09:35:23.0775 0x1340 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
09:35:23.0925 0x1340 sppsvc - ok
09:35:23.0955 0x1340 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:35:23.0995 0x1340 sppuinotify - ok
09:35:24.0115 0x1340 [ 4C33F139236FD9BD14A920F60C1CB072, 806650B2AE7DC299DEC49C519E2452427B819213F863BFCC4188EDF075EAAD2D ] sptd C:\Windows\System32\Drivers\sptd.sys
09:35:24.0155 0x1340 sptd - ok
09:35:24.0195 0x1340 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:35:24.0245 0x1340 srv - ok
09:35:24.0285 0x1340 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:35:24.0325 0x1340 srv2 - ok
09:35:24.0375 0x1340 [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
09:35:24.0435 0x1340 SrvHsfHDA - ok
09:35:24.0495 0x1340 [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
09:35:24.0555 0x1340 SrvHsfV92 - ok
09:35:24.0595 0x1340 [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
09:35:24.0625 0x1340 SrvHsfWinac - ok
09:35:24.0655 0x1340 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:35:24.0685 0x1340 srvnet - ok
09:35:24.0715 0x1340 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:35:24.0755 0x1340 SSDPSRV - ok
09:35:24.0775 0x1340 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:35:24.0825 0x1340 SstpSvc - ok
09:35:24.0915 0x1340 [ B1691AF4A072CB674D600DB16DD7308E, 214E35001E7BA10E8C329CE8904E900AA54F9B35C5329F2FF20E3156D6F21A8E ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
09:35:24.0945 0x1340 StarWindServiceAE - detected UnsignedFile.Multi.Generic ( 1 )
09:35:27.0405 0x1340 Detect skipped due to KSN trusted
09:35:27.0405 0x1340 StarWindServiceAE - ok
09:35:27.0445 0x1340 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:35:27.0485 0x1340 stexstor - ok
09:35:27.0535 0x1340 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
09:35:27.0605 0x1340 stisvc - ok
09:35:27.0655 0x1340 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
09:35:27.0665 0x1340 storflt - ok
09:35:27.0695 0x1340 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
09:35:27.0725 0x1340 StorSvc - ok
09:35:27.0755 0x1340 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
09:35:27.0765 0x1340 storvsc - ok
09:35:27.0855 0x1340 [ F07850E89839894F731E4562B64E08A5, BF11E096E1CC57B57FFB4E0528DB43F6B049A7E8A0C00C34E03A00EF2F2092B6 ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe
09:35:27.0885 0x1340 SUService - ok
09:35:27.0915 0x1340 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
09:35:27.0935 0x1340 swenum - ok
09:35:28.0035 0x1340 [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
09:35:28.0075 0x1340 SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
09:35:30.0537 0x1340 Detect skipped due to KSN trusted
09:35:30.0537 0x1340 SwitchBoard - ok
09:35:30.0607 0x1340 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
09:35:30.0677 0x1340 swprv - ok
09:35:30.0807 0x1340 [ 858000A67EA3E7C18933C80317DCC36F, AA5672F7E69476CD1B6B50D69B06B20709DC1063292E2E5E1DE6E0442EB9F839 ] SynoDrService C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe
09:35:30.0847 0x1340 SynoDrService - detected UnsignedFile.Multi.Generic ( 1 )
09:35:33.0317 0x1340 Detect skipped due to KSN trusted
09:35:33.0317 0x1340 SynoDrService - ok
09:35:33.0437 0x1340 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
09:35:33.0518 0x1340 SysMain - ok
09:35:33.0558 0x1340 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:35:33.0588 0x1340 TabletInputService - ok
09:35:33.0618 0x1340 [ F33FDC72298DF4BF9813A55D21F4EB31, 34AADF5115CA1B275FEF4238B420FE424F0E1D0FFD1606B24A0D594D7305CF1F ] taphss C:\Windows\system32\DRIVERS\taphss.sys
09:35:33.0628 0x1340 taphss - ok
09:35:33.0668 0x1340 [ BD06799129D17F9BE08E2F6C168BBCF0, B115A49B14E241B4CE03274878A7ACFA9004603A08BD265BD7F75424E5FBB8F4 ] taphss6 C:\Windows\system32\DRIVERS\taphss6.sys
09:35:33.0698 0x1340 taphss6 - ok
09:35:33.0728 0x1340 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
09:35:33.0798 0x1340 TapiSrv - ok
09:35:33.0818 0x1340 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
09:35:33.0858 0x1340 TBS - ok
09:35:33.0968 0x1340 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:35:34.0038 0x1340 Tcpip - ok
09:35:34.0088 0x1340 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:35:34.0148 0x1340 TCPIP6 - ok
09:35:34.0188 0x1340 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:35:34.0208 0x1340 tcpipreg - ok
09:35:34.0228 0x1340 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:35:34.0268 0x1340 TDPIPE - ok
09:35:34.0308 0x1340 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:35:34.0318 0x1340 TDTCP - ok
09:35:34.0368 0x1340 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:35:34.0458 0x1340 tdx - ok
09:35:34.0628 0x1340 [ 5E53CF8AD0FD33B35000C113656AB37B, D274DABC4DB03AC5B915F5111FF1218F4F2F9EC93B4A64E426BB7AD27A16C7A1 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
09:35:34.0698 0x1340 TeamViewer7 - ok
09:35:34.0738 0x1340 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
09:35:34.0758 0x1340 TermDD - ok
09:35:34.0828 0x1340 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
09:35:34.0888 0x1340 TermService - ok
09:35:34.0908 0x1340 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
09:35:34.0948 0x1340 Themes - ok
09:35:35.0028 0x1340 [ 39AC444E07FDBD8C2E8E291A65D515D3, 4BFAEF295168AF4A78D3DE456B3819368BF55302EB17E1DB5391BDABB0E577A4 ] ThinkVantage Registry Monitor Service C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
09:35:35.0078 0x1340 ThinkVantage Registry Monitor Service - detected UnsignedFile.Multi.Generic ( 1 )
09:35:37.0538 0x1340 Detect skipped due to KSN trusted
09:35:37.0538 0x1340 ThinkVantage Registry Monitor Service - ok
09:35:37.0618 0x1340 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
09:35:37.0688 0x1340 THREADORDER - ok
09:35:37.0768 0x1340 [ E4FAD21646088D79F8889B6531396ACF, D0C8F0E3293D423245FD2233F283A1FE2463E15F8B9F4ED6AC96C2164EC51F75 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
09:35:37.0808 0x1340 TomTomHOMEService - ok
09:35:37.0848 0x1340 [ 40825EE87AC6291619977AF5244A902E, D69526861A1B0D3D4CC99C934E25EF42A7720227954B4B93D5183EDEE8ACA20A ] Tp4Track C:\Windows\system32\DRIVERS\tp4track.sys
09:35:37.0858 0x1340 Tp4Track - ok
09:35:37.0908 0x1340 [ 1BB77ECCBFA3675B1EE8D6D6D37A1E1E, 6C22ED2FC9FF1EDFAFFA9C5F89A65D348B45F0087885401D056D6448F56F97AF ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys
09:35:37.0938 0x1340 TPDIGIMN - ok
09:35:37.0978 0x1340 [ 88F81D810FF16AC65B02643DAF308D4F, FDD4AFD1836D2CB528F92A788CEEC0D7800CC18B861E7D7601DA69543F0AD315 ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe
09:35:37.0998 0x1340 TPHDEXLGSVC - ok
09:35:38.0028 0x1340 [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM C:\Windows\system32\drivers\tpm.sys
09:35:38.0058 0x1340 TPM - ok
09:35:38.0078 0x1340 [ 1DF6E6C026AD1D428687FE3B427A87BC, DA8F17A1030A0DEC81F5356B4DC99EC1F93FAD1292779191FDD53FEE530F9520 ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys
09:35:38.0088 0x1340 TPPWRIF - ok
09:35:38.0108 0x1340 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
09:35:38.0158 0x1340 TrkWks - ok
09:35:38.0228 0x1340 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:35:38.0298 0x1340 TrustedInstaller - ok
09:35:38.0338 0x1340 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:35:38.0368 0x1340 tssecsrv - ok
09:35:38.0398 0x1340 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:35:38.0458 0x1340 TsUsbFlt - ok
09:35:38.0518 0x1340 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:35:38.0598 0x1340 tunnel - ok
09:35:38.0688 0x1340 [ 4581A61AD590BC3CCDF2759D0BDD69FC, 1D48CC783CF6112B342C3C9A10A539C14FB1C22B5F019463DC22E60E88838023 ] TVT Backup Service C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
09:35:38.0738 0x1340 TVT Backup Service - ok
09:35:38.0768 0x1340 [ FCFA0CFF6C50FF3A58A22A15EA2A9FE5, D9E9A2817FA1B672B0FB10892ADEF0EF634BC34AC08BE0B43A57D528E98938BF ] TVTI2C C:\Windows\system32\DRIVERS\Tvti2c.sys
09:35:38.0778 0x1340 TVTI2C - ok
09:35:38.0798 0x1340 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:35:38.0808 0x1340 uagp35 - ok
09:35:38.0868 0x1340 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:35:38.0928 0x1340 udfs - ok
09:35:38.0958 0x1340 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:35:38.0978 0x1340 UI0Detect - ok
09:35:38.0988 0x1340 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:35:38.0998 0x1340 uliagpkx - ok
09:35:39.0028 0x1340 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:35:39.0048 0x1340 umbus - ok
09:35:39.0078 0x1340 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:35:39.0108 0x1340 UmPass - ok
09:35:39.0148 0x1340 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
09:35:39.0198 0x1340 UmRdpService - ok
09:35:39.0308 0x1340 [ 67A95B9D129ED5399E7965CD09CF30E7, F1F2F684146F1CCB293BB9871117B8CFC1D04588A830F67CE5D3F0D034D93B2A ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
09:35:39.0328 0x1340 UMVPFSrv - ok
09:35:39.0368 0x1340 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
09:35:39.0428 0x1340 upnphost - ok
09:35:39.0468 0x1340 [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
09:35:39.0498 0x1340 USBAAPL64 - ok
09:35:39.0558 0x1340 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
09:35:39.0578 0x1340 usbaudio - ok
09:35:39.0618 0x1340 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:35:39.0668 0x1340 usbccgp - ok
09:35:39.0698 0x1340 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:35:39.0738 0x1340 usbcir - ok
09:35:39.0828 0x1340 [ 635686E528F2C9CB916EC1BB04EE6AD1, 080A0F209773232860F510F17005EF92650BA831F69BB0006AEF11A2BB0A4906 ] UsbClientService C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
09:35:39.0858 0x1340 UsbClientService - ok
09:35:39.0888 0x1340 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:35:39.0908 0x1340 usbehci - ok
09:35:39.0988 0x1340 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:35:40.0028 0x1340 usbhub - ok
09:35:40.0068 0x1340 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:35:40.0078 0x1340 usbohci - ok
09:35:40.0108 0x1340 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:35:40.0138 0x1340 usbprint - ok
09:35:40.0168 0x1340 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:35:40.0208 0x1340 USBSTOR - ok
09:35:40.0248 0x1340 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
09:35:40.0268 0x1340 usbuhci - ok
09:35:40.0328 0x1340 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
09:35:40.0368 0x1340 usbvideo - ok
09:35:40.0428 0x1340 [ 7B28E2FBE75115660FAB31079C0A9F29, 81BB5A3E64B652A672A0782A88ABF6DDD729D38712D0706CE0FB9DE6D1EE1515 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
09:35:40.0468 0x1340 usb_rndisx - ok
09:35:40.0508 0x1340 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
09:35:40.0568 0x1340 UxSms - ok
09:35:40.0588 0x1340 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
09:35:40.0608 0x1340 VaultSvc - ok
09:35:40.0638 0x1340 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:35:40.0648 0x1340 vdrvroot - ok
09:35:40.0708 0x1340 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
09:35:40.0768 0x1340 vds - ok
09:35:40.0788 0x1340 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:35:40.0808 0x1340 vga - ok
09:35:40.0818 0x1340 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
09:35:40.0868 0x1340 VgaSave - ok
09:35:40.0888 0x1340 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:35:40.0908 0x1340 vhdmp - ok
09:35:40.0938 0x1340 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
09:35:40.0948 0x1340 viaide - ok
09:35:40.0968 0x1340 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
09:35:40.0988 0x1340 vmbus - ok
09:35:40.0998 0x1340 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
09:35:41.0018 0x1340 VMBusHID - ok
09:35:41.0038 0x1340 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:35:41.0058 0x1340 volmgr - ok
09:35:41.0098 0x1340 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:35:41.0118 0x1340 volmgrx - ok
09:35:41.0138 0x1340 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:35:41.0158 0x1340 volsnap - ok
09:35:41.0198 0x1340 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:35:41.0208 0x1340 vsmraid - ok
09:35:41.0298 0x1340 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
09:35:41.0390 0x1340 VSS - ok
09:35:41.0410 0x1340 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:35:41.0430 0x1340 vwifibus - ok
09:35:41.0440 0x1340 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:35:41.0470 0x1340 vwififlt - ok
09:35:41.0500 0x1340 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
09:35:41.0530 0x1340 vwifimp - ok
09:35:41.0560 0x1340 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
09:35:41.0620 0x1340 W32Time - ok
09:35:41.0650 0x1340 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:35:41.0670 0x1340 WacomPen - ok
09:35:41.0720 0x1340 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:35:41.0800 0x1340 WANARP - ok
09:35:41.0800 0x1340 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:35:41.0840 0x1340 Wanarpv6 - ok
09:35:41.0930 0x1340 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:35:41.0990 0x1340 WatAdminSvc - ok
09:35:42.0090 0x1340 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
09:35:42.0170 0x1340 wbengine - ok
09:35:42.0200 0x1340 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:35:42.0240 0x1340 WbioSrvc - ok
09:35:42.0300 0x1340 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:35:42.0340 0x1340 wcncsvc - ok
09:35:42.0360 0x1340 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:35:42.0390 0x1340 WcsPlugInService - ok
09:35:42.0420 0x1340 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:35:42.0430 0x1340 Wd - ok
09:35:42.0490 0x1340 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:35:42.0520 0x1340 Wdf01000 - ok
09:35:42.0560 0x1340 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:35:42.0640 0x1340 WdiServiceHost - ok
09:35:42.0640 0x1340 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:35:42.0670 0x1340 WdiSystemHost - ok
09:35:42.0700 0x1340 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
09:35:42.0730 0x1340 WebClient - ok
09:35:42.0750 0x1340 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:35:42.0800 0x1340 Wecsvc - ok
09:35:42.0820 0x1340 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:35:42.0870 0x1340 wercplsupport - ok
09:35:42.0900 0x1340 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
09:35:42.0940 0x1340 WerSvc - ok
09:35:42.0960 0x1340 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:35:43.0000 0x1340 WfpLwf - ok
09:35:43.0010 0x1340 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:35:43.0030 0x1340 WIMMount - ok
09:35:43.0080 0x1340 [ 7387CE6730BAAB8254DA0CE3776A4B28, 75397B2965350A8BB571F2DDD61869FD9A92481E4777922FA11ADCAC03D652EB ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
09:35:43.0110 0x1340 winachsf - ok
09:35:43.0190 0x1340 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:35:43.0250 0x1340 Winmgmt - ok
09:35:43.0370 0x1340 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
09:35:43.0480 0x1340 WinRM - ok
09:35:43.0540 0x1340 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:35:43.0560 0x1340 WinUsb - ok
09:35:43.0630 0x1340 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:35:43.0680 0x1340 Wlansvc - ok
09:35:43.0700 0x1340 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:35:43.0720 0x1340 WmiAcpi - ok
09:35:43.0750 0x1340 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:35:43.0770 0x1340 wmiApSrv - ok
09:35:43.0800 0x1340 WMPNetworkSvc - ok
09:35:43.0810 0x1340 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:35:43.0850 0x1340 WPCSvc - ok
09:35:43.0880 0x1340 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:35:43.0920 0x1340 WPDBusEnum - ok
09:35:43.0950 0x1340 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:35:44.0010 0x1340 ws2ifsl - ok
09:35:44.0010 0x1340 WSearch - ok
09:35:44.0140 0x1340 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
09:35:44.0220 0x1340 wuauserv - ok
09:35:44.0250 0x1340 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:35:44.0330 0x1340 WudfPf - ok
09:35:44.0360 0x1340 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:35:44.0390 0x1340 WUDFRd - ok
09:35:44.0440 0x1340 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:35:44.0470 0x1340 wudfsvc - ok
09:35:44.0511 0x1340 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
09:35:44.0561 0x1340 WwanSvc - ok
09:35:44.0601 0x1340 [ 9907BC1CC78C37073AC78A4541710B61, 4340CCD4C23E94DEC970D36EEF0B4EEBAF1C2D41EB3302CFBF6BCD02482B399C ] XAudio C:\Windows\system32\DRIVERS\XAudio64.sys
09:35:44.0611 0x1340 XAudio - ok
09:35:44.0631 0x1340 ================ Scan global ===============================
09:35:44.0651 0x1340 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
09:35:44.0711 0x1340 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
09:35:44.0741 0x1340 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
09:35:44.0761 0x1340 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
09:35:44.0791 0x1340 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
09:35:44.0801 0x1340 [ Global ] - ok
09:35:44.0801 0x1340 ================ Scan MBR ==================================
09:35:44.0811 0x1340 [ 70A8A069808E30A224B4CD20263DFFCC ] \Device\Harddisk0\DR0
09:35:45.0091 0x1340 \Device\Harddisk0\DR0 - ok
09:35:45.0091 0x1340 ================ Scan VBR ==================================
09:35:45.0101 0x1340 [ 17216C3CF48C815252C189093B8D1007 ] \Device\Harddisk0\DR0\Partition1
09:35:45.0101 0x1340 \Device\Harddisk0\DR0\Partition1 - ok
09:35:45.0111 0x1340 [ 53CD7C62F09EE9674E0D479A81B017C2 ] \Device\Harddisk0\DR0\Partition2
09:35:45.0111 0x1340 \Device\Harddisk0\DR0\Partition2 - ok
09:35:45.0121 0x1340 [ 029736F12C6F859E12613337DC06327D ] \Device\Harddisk0\DR0\Partition3
09:35:45.0121 0x1340 \Device\Harddisk0\DR0\Partition3 - ok
09:35:45.0121 0x1340 ================ Scan generic autorun ======================
09:35:45.0121 0x1340 TrackPointSrv - ok
09:35:45.0181 0x1340 [ 2508FA41A1B58C97D94FFF044111492F, 656AC5EC110C5F8CE68CE1962D6B2CBD47EE6CE20A181C88BB1E5481793F0578 ] C:\Windows\system32\TpShocks.exe
09:35:45.0211 0x1340 TpShocks - ok
09:35:45.0271 0x1340 [ B0C52A038B318257412437F99406D39F, 6ABCEB2AC7883CE97C24394A4F113DE13F717ED80B94FAEBCE8BE1A5FE3BD7D2 ] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
09:35:45.0301 0x1340 AcWin7Hlpr - ok
09:35:45.0371 0x1340 [ 5B3719BDBF1F035558F2D73BA166A99C, AA0A6B2C7B504637A77C31A1680245CEAE993417050B9A0D8595E3424BC2D57A ] C:\Program Files\CONEXANT\SAII\SAIICpl.exe
09:35:45.0401 0x1340 SmartAudio - ok
09:35:45.0481 0x1340 [ 4772BE01974A4978D508F0CD835BF8F2, E08CDDF671B1993A249D1B91251A8254229963A5B23B94976811DFA19F085EFA ] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
09:35:45.0511 0x1340 LENOVO.TPKNRRES - ok
09:35:45.0591 0x1340 [ 320681DF28D82CDCA7E3EED0846625DB, 7F709ADFB0FE36BEC857A928E9CB29BB5B6C0BAD98824D0302C7BB7185100CB9 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
09:35:45.0631 0x1340 AdobeAAMUpdater-1.0 - ok
09:35:45.0671 0x1340 [ 50358FE4EE8F08B5F5785BA4D6747E69, BA45DDB6134AC5FE222A7F8D1B5F9B9E1AD3156195619A0D73BC57C291F50B4C ] C:\Windows\system32\igfxtray.exe
09:35:45.0691 0x1340 IgfxTray - ok
09:35:45.0701 0x1340 [ 3E7C1322633001E2140A0ACFC9E4397A, 35A23CA35A291695D36DF897E975F1923BDF5A668D298BAB18CF9A9A707919AE ] C:\Windows\system32\hkcmd.exe
09:35:45.0721 0x1340 HotKeysCmds - ok
09:35:45.0741 0x1340 [ 2A5AD11A7FBEC34B0D9F09B7157F516A, 80B569E2140DEF4F2919AA83B6757F026D8FA5E61D5050051BCB7FFB0604CE34 ] C:\Windows\system32\igfxpers.exe
09:35:45.0761 0x1340 Persistence - ok
09:35:45.0791 0x1340 Snipping Tool Plus - ok
09:35:45.0801 0x1340 PWMTRV - ok
09:35:45.0831 0x1340 [ 3B376496187AB240FAC6ECD7BD1251F6, 2E8C5EEAB01261301260FFE4FC82DAA69344D1FE538D60895AF22AEFECED5C89 ] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
09:35:45.0841 0x1340 Message Center Plus - ok
09:35:45.0941 0x1340 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:35:46.0001 0x1340 Sidebar - ok
09:35:46.0031 0x1340 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:35:46.0061 0x1340 mctadmin - ok
09:35:46.0101 0x1340 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:35:46.0141 0x1340 Sidebar - ok
09:35:46.0151 0x1340 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:35:46.0171 0x1340 mctadmin - ok
09:35:46.0533 0x1340 [ F67AC258A97573CD2901BC4FDB39F504, C7072F9C43DEA299EFBEE009D1ECD1225138FEC79CCB30077A00C59F5C65F903 ] C:\Program Files (x86)\Synology Data Replicator 3\Backup.exe
09:35:46.0903 0x1340 Data Replicator 3 - detected UnsignedFile.Multi.Generic ( 1 )
09:35:56.0999 0x1340 Data Replicator 3 ( UnsignedFile.Multi.Generic ) - warning
09:35:56.0999 0x1340 Force sending object to P2P due to detect: C:\Program Files (x86)\Synology Data Replicator 3\Backup.exe
09:36:00.0665 0x1340 Object send P2P result: true
09:36:03.0239 0x1340 [ 528C31AC57D7DC707DACD2F1EE28D4C6, 5B07E7228B8A4543C04CC7758A2B34C494C57E6C5CDABB251241EA2866382D8C ] C:\Program Files (x86)\Ditto\Ditto.exe
09:36:03.0286 0x1340 Ditto - detected UnsignedFile.Multi.Generic ( 1 )
09:36:05.0782 0x1340 Detect skipped due to KSN trusted
09:36:05.0782 0x1340 Ditto - ok
09:36:05.0922 0x1340 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
09:36:05.0953 0x1340 Google Update - ok
09:36:05.0953 0x1340 Waiting for KSN requests completion. In queue: 1
09:36:06.0967 0x1340 Waiting for KSN requests completion. In queue: 1
09:36:07.0981 0x1340 Waiting for KSN requests completion. In queue: 1
09:36:09.0073 0x1340 AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( ), 0x41000 ( enabled : updated )
09:36:09.0104 0x1340 Win FW state via NFP2: enabled
09:36:11.0554 0x1340 ============================================================
09:36:11.0554 0x1340 Scan finished
09:36:11.0554 0x1340 ============================================================
09:36:11.0569 0x02d8 Detected object count: 1
09:36:11.0569 0x02d8 Actual detected object count: 1
09:36:53.0939 0x02d8 Data Replicator 3 ( UnsignedFile.Multi.Generic ) - skipped by user
09:36:53.0939 0x02d8 Data Replicator 3 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
02.09.2014, 19:27
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7: FTP-Passwörter geknackt hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.09.2014, 20:32
| #5 |
| | Windows 7: FTP-Passwörter geknackt Combofix Logfile: Code:
ATTFilter ComboFix 14-08-31.01 - ***** 02.09.2014 21:04:18.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3992.1890 [GMT 2:00]
ausgeführt von:: c:\users\*****\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\MLPS\apps\CBEd\CBE\ACTIVATION_104\_desktop.ini
c:\program files\MLPS\apps\CBEd\CBE\ACTIVATION_104\BIN\_desktop.ini
c:\users\*****\g2mdlhlpx.exe
c:\users\Public\sdelevURL.tmp
c:\windows\assembly\tmp\U
c:\windows\IsUn0407.exe
E:\AUTORUN.INF
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-08-02 bis 2014-09-02 ))))))))))))))))))))))))))))))
.
.
2014-09-02 19:14 . 2014-09-02 19:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-02 06:46 . 2014-09-02 08:09 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-09-02 06:46 . 2014-09-02 07:14 128728 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-02 06:42 . 2014-09-02 07:13 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-01 20:51 . 2014-09-01 20:53 -------- d-----w- C:\FRST
2014-08-29 06:31 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-29 06:31 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-29 06:31 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-26 22:38 . 2014-08-26 22:38 -------- d-----w- c:\users\*****\AppData\Roaming\MPEG Streamclip
2014-08-25 07:22 . 2014-08-25 07:22 -------- d-----w- c:\program files\iPod
2014-08-25 07:22 . 2014-08-25 07:22 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-25 07:22 . 2014-08-25 07:22 -------- d-----w- c:\program files\iTunes
2014-08-19 12:43 . 2014-08-19 14:05 -------- d-----w- c:\programdata\HitmanPro
2014-08-19 03:50 . 2013-09-20 08:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2014-08-19 03:49 . 2014-08-19 03:59 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-08-16 11:52 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-16 11:52 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-16 11:52 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-16 11:52 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-16 11:52 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-16 11:52 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-16 11:50 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-16 11:50 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-12 17:12 . 2014-07-25 12:08 597504 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-08-12 17:11 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-12 17:11 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-08 19:11 . 2014-08-08 19:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-08-08 19:10 . 2014-08-08 19:10 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-05 17:20 . 2014-08-05 17:20 227728 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\nppdf32.dll
2014-08-05 17:20 . 2014-08-05 17:20 227728 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-13 13:25 . 2011-04-04 14:01 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-07-31 09:04 . 2011-11-04 10:46 733184 ----a-w- c:\windows\system32\Snipping Tool Plus.exe
2014-07-08 22:41 . 2012-04-29 21:35 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-08 22:41 . 2011-05-20 11:21 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-18 02:18 . 2014-07-10 07:47 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-10 07:47 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-06 10:10 . 2014-07-10 07:46 624128 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-10 07:46 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-10 07:44 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-10 07:44 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-10 07:44 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Data Replicator 3"="c:\program files (x86)\Synology Data Replicator 3\Backup.exe" [2013-06-28 11590528]
"Ditto"="c:\program files (x86)\Ditto\Ditto.exe" [2010-12-23 831488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-05-16 5941344]
"Message Center Plus"="c:\program files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-18 3890208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-08-01 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AQFileRestore;AQFileRestore;c:\windows\system32\DRIVERS\AQFileRestore.sys;c:\windows\SYSNATIVE\DRIVERS\AQFileRestore.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1018unic.sys [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 AWRScheduler;Advanced Web Ranking Scheduler;c:\program files (x86)\Caphyon\Advanced Web Ranking\Scheduler.exe;c:\program files (x86)\Caphyon\Advanced Web Ranking\Scheduler.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 SynoDrService;SynoDrService;c:\program files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe;c:\program files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 UsbClientService;UsbClientService;c:\program files (x86)\Synology\Assistant\UsbClientService.exe;c:\program files (x86)\Synology\Assistant\UsbClientService.exe [x]
S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys;c:\windows\SYSNATIVE\DRIVERS\busenum.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\DRIVERS\tp4track.sys;c:\windows\SYSNATIVE\DRIVERS\tp4track.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 22:41]
.
2014-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4095381569-4012469814-2939302448-1000Core.job
- c:\users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30 07:49]
.
2014-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4095381569-4012469814-2939302448-1000UA.job
- c:\users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30 07:49]
.
2014-08-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
2014-08-29 c:\windows\Tasks\Synology Data Replicator 3-Thinktank-*****.job
- c:\program files (x86)\Synology Data Replicator 3\Backup.exe [2013-06-28 09:35]
.
2014-09-02 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 164760 ----a-w- c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-26 22:25 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2014-03-14 63832]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-01-16 44096]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-12-06 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-12-06 386840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-12-06 417560]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/adsense/?hl=de
FF - prefs.js: keyword.URL - www.google.com/search?q
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
Toolbar-Locked - (no file)
HKLM-Run-TrackPointSrv - c:\program files (x86)\Lenovo\TrackPoint\tp4serv.exe
HKLM-Run-Snipping Tool Plus - c:\users\*****\Desktop\Snipping Tool Plus.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-09-02 21:23:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-09-02 19:23
.
Vor Suchlauf: 12 Verzeichnis(se), 118.530.822.144 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 118.338.711.552 Bytes frei
.
- - End Of File - - E9EB7AAA33B64BA195845B01982E4E4F
70A8A069808E30A224B4CD20263DFFCC |
|
03.09.2014, 14:03
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7: FTP-Passwörter geknackt Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Windows 7: FTP-Passwörter geknackt |
|
03.09.2014, 16:32
| #7 |
| | Windows 7: FTP-Passwörter geknackt Weiter geht's... Malwarebytes Anti-Malware Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 03.09.2014 Suchlauf-Zeit: 15:42:01 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.09.03.04 Rootkit Datenbank: v2014.08.21.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: ***** Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 328814 Verstrichene Zeit: 15 Min, 43 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 2 PUP.Optional.InstallCore.A, HKU\S-1-5-21-4095381569-4012469814-2939302448-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [a59bb633215ac373d2065fd94cb860a0], PUP.Optional.Softonic.A, HKU\S-1-5-21-4095381569-4012469814-2939302448-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [211f5f8af8830432d1ccb160d033c53b], Registrierungswerte: 1 PUP.Optional.InstallCore.A, HKU\S-1-5-21-4095381569-4012469814-2939302448-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0Z1T1U1L2W1TtGyEtF1W, In Quarantäne, [a59bb633215ac373d2065fd94cb860a0] Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 4 PUP.Optional.OpenCandy, C:\Users\*****\Downloads\MyPhoneExplorer_Setup_1.8.4.exe, In Quarantäne, [4ef26089d7a4d16577ffd63b3fc68878], PUP.Optional.OpenCandy, C:\Users\*****\Downloads\veetle-0.9.18.exe, In Quarantäne, [0f3126c37cffe2545a1c61b06d9844bc], PUP.Optional.Softonic, C:\Users\*****\Downloads\SoftonicDownloader_for_xenus-link-sleuth.exe, In Quarantäne, [08389a4fa7d42f07533055bd35ccac54], PUP.Optional.Conduit.A, C:\Users\*****\Downloads\HSS-2.04-install-anchorfree-244-ask4.exe, In Quarantäne, [c27ead3cd3a87cba0081ff555da4649c], Physische Sektoren: 0 (No malicious items detected) (end) AdwCleaner AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.309 - Bericht erstellt am 03/09/2014 um 16:55:54
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : ***** - THINKTANK
# Gestartet von : C:\Users\*****\Desktop\adwcleaner_3.309.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Program Files (x86)\vShare.tv plugin
Ordner Gelöscht : C:\Windows\SysWOW64\hotspot shield
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\user.js
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_freemind_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_freemind_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_super_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_super_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\vShare.tv
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShare.tv plugin
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17239
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.defaultengine", "Web Search");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
Zeile gelöscht : user_pref("browser.search.order.1", "Web Search");
-\\ Google Chrome v
[ Datei : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [4878 octets] - [03/09/2014 16:50:35]
AdwCleaner[R1].txt - [4938 octets] - [03/09/2014 16:55:05]
AdwCleaner[S0].txt - [4570 octets] - [03/09/2014 16:55:54]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4630 octets] ##########
[/CODE] Junkware Removal Tool Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by ***** on 03.09.2014 at 17:08:11,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-4095381569-4012469814-2939302448-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6D0687E1-170A-4BC6-9B30-C0E863DDAE84}
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\rd8c9pzz.default\prefs.js
user_pref("extensions.seoquake.disable-baidu", true);
user_pref("extensions.seoquake.params.0.icon", "AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/0227/+Tzvb/9vv5/97
Emptied folder: C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\rd8c9pzz.default\minidumps [249 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.09.2014 at 17:17:28,20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by ***** (administrator) on THINKTANK on 03-09-2014 17:20:07
Running from C:\Users\*****\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Caphyon) C:\Program Files (x86)\Caphyon\Advanced Web Ranking\Scheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Rocket Division Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
() C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Ditto\Ditto.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo.) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TrackPointSrv] => C:\Program Files\Lenovo\TrackPoint\tp4serv.exe [138784 2011-11-01] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [44096 2012-01-16] (Lenovo Group Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Snipping Tool Plus] => C:\Users\*****\Desktop\Snipping Tool Plus.exe /h
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Message Center Plus] => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-28] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2010-03-02] (CANON INC.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-02] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4095381569-4012469814-2939302448-1000\...\Run: [Data Replicator 3] => C:\Program Files (x86)\Synology Data Replicator 3\Backup.exe [11590528 2013-06-28] (Synology Inc.)
HKU\S-1-5-21-4095381569-4012469814-2939302448-1000\...\Run: [Ditto] => C:\Program Files (x86)\Ditto\Ditto.exe [831488 2010-12-23] ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x448E6756E48ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default
FF Homepage: https://www.google.com/adsense/?hl=de
FF Keyword.URL: www.google.com/search?q
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\*****\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\*****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FireShot - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-07-26]
FF Extension: SeoQuake - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2014-09-03]
FF Extension: Live HTTP Headers - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2013-10-16]
FF Extension: Page Speed - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2014-04-22]
FF Extension: Firebug - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\firebug@software.joehewitt.com.xpi [2011-04-04]
FF Extension: KGen - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\kgen@elitwork.com.xpi [2011-04-04]
FF Extension: MozBar - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\toolbar@seomoz.org.xpi [2013-10-16]
FF Extension: Screengrab - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{02450954-cdd9-410f-b1da-db804e18c671}.xpi [2011-04-04]
FF Extension: SISTRIX Toolbar - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{08eaf605-03f5-44b1-a86d-e1ce89872ac3}.xpi [2011-09-30]
FF Extension: All-in-One Sidebar - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2012-10-30]
FF Extension: Flagfox - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-08]
FF Extension: LinkChecker - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{49f3fc85-dcfe-4e42-9301-226ebe658509}.xpi [2013-10-16]
FF Extension: MeasureIt - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2011-04-04]
FF Extension: Web Developer - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2011-04-04]
FF Extension: SearchStatus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi [2011-04-04]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-31]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-04-24]
Chrome:
=======
CHR HomePage: Default -> https://www.google.com/adsense/?hl=de
CHR DefaultSearchKeyword: Default -> google#
CHR DefaultSearchProvider: Default -> Google#
CHR DefaultSearchURL: Default -> hxxp://www.google.de/search?q={searchTerms}&pws=0
CHR DefaultSuggestURL: Default ->
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\*****\AppData\Local\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\*****\AppData\Local\Google\Chrome\Application\37.0.2062.103\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\*****\AppData\Local\Google\Chrome\Application\37.0.2062.103\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (vShare.tv plug-in) - C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll No File
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\*****\AppData\Roaming\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\*****\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03]
CHR Extension: (avast! Online Security) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-03]
CHR Extension: (Skype Click to Call) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-01-13]
CHR Extension: (Scraper) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbigbapnjcgaffohmbkdlecaccepngjd [2013-10-16]
CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (SEO for Chrome) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj [2011-11-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-02]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-12-06] (Adobe Systems) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-02] (AVAST Software)
R2 AWRScheduler; C:\Program Files (x86)\Caphyon\Advanced Web Ranking\Scheduler.exe [166304 2014-04-16] (Caphyon)
R3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-16] (Lenovo.)
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-13] (Brio) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2011-05-06] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynoDrService; C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe [381312 2013-06-28] () [File not signed]
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-06] (Lenovo Group Limited)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2013-11-14] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AQFileRestore; C:\Windows\System32\DRIVERS\AQFileRestore.sys [21040 2012-01-13] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-02] ()
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2011-05-09] (Duplex Secure Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-17] (Anchorfree Inc.)
R3 Tp4Track; C:\Windows\System32\DRIVERS\tp4track.sys [29992 2011-11-01] (Lenovo Group Limited)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-07-02] (Lenovo (United States) Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\WNt500x64\Sandra.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-03 17:19 - 2014-09-03 17:19 - 00001990 _____ () C:\Users\*****\Desktop\20140903_JRT.TXT
2014-09-03 17:17 - 2014-09-03 17:17 - 00001990 _____ () C:\Users\*****\Desktop\JRT.txt
2014-09-03 17:08 - 2014-09-03 17:08 - 00000000 ____D () C:\Windows\ERUNT
2014-09-03 17:06 - 2014-09-03 17:06 - 00004722 _____ () C:\Users\*****\Desktop\20140903_AdwCleaner.TXT
2014-09-03 16:50 - 2014-09-03 16:56 - 00000000 ____D () C:\AdwCleaner
2014-09-03 16:33 - 2014-09-03 16:46 - 00002233 _____ () C:\Users\*****\Desktop\mbam.txt
2014-09-03 15:40 - 2014-09-03 15:40 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-03 15:39 - 2014-09-03 15:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-03 15:39 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-03 15:25 - 2014-09-03 15:25 - 01016261 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2014-09-03 15:24 - 2014-09-03 15:24 - 01370483 _____ () C:\Users\*****\Desktop\adwcleaner_3.309.exe
2014-09-02 21:38 - 2014-09-02 21:38 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-02 21:25 - 2014-09-02 21:25 - 00029311 _____ () C:\Users\*****\Desktop\combofix.txt
2014-09-02 21:23 - 2014-09-02 21:23 - 00029311 _____ () C:\Users\*****\Desktop\ComboFix_Original.txt
2014-09-02 21:02 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-02 21:02 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-02 21:02 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-02 21:02 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-02 21:02 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-02 21:02 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-02 21:02 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-02 21:02 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-02 20:34 - 2014-09-02 21:23 - 00000000 ____D () C:\Qoobox
2014-09-02 20:28 - 2014-09-02 20:29 - 05576326 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2014-09-02 18:19 - 2014-09-02 18:20 - 16319576 _____ (Geek Software GmbH ) C:\Users\*****\Desktop\pdf24-creator-6.7.0.exe
2014-09-02 14:10 - 2014-09-02 14:24 - 00000000 ____D () C:\Users\*****\Desktop\Richard Graf
2014-09-02 09:42 - 2014-09-02 09:42 - 00118112 _____ () C:\Users\*****\Desktop\20140902_TDSSKiller.TXT
2014-09-02 08:56 - 2014-09-02 08:56 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\*****\Desktop\tdsskiller.exe
2014-09-02 08:46 - 2014-09-03 16:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-02 08:46 - 2014-09-02 10:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-02 08:42 - 2014-09-02 09:30 - 00000000 ____D () C:\Users\*****\Desktop\mbar
2014-09-02 08:42 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-02 08:38 - 2014-09-02 08:38 - 14349744 _____ (Malwarebytes Corp.) C:\Users\*****\Desktop\mbar-1.07.0.1012.exe
2014-09-02 00:36 - 2014-09-02 00:36 - 00017685 _____ () C:\Users\*****\Desktop\Gmer.zip
2014-09-02 00:08 - 2014-09-02 00:11 - 00364840 _____ () C:\Users\*****\Desktop\Gmer.txt
2014-09-01 23:21 - 2014-09-01 23:21 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2014-09-01 22:53 - 2014-09-01 23:17 - 00049319 _____ () C:\Users\*****\Desktop\Addition.txt
2014-09-01 22:51 - 2014-09-03 17:20 - 00026690 _____ () C:\Users\*****\Desktop\FRST.txt
2014-09-01 22:51 - 2014-09-03 17:20 - 00000000 ____D () C:\FRST
2014-09-01 22:50 - 2014-09-01 22:50 - 02104832 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-09-01 22:44 - 2014-09-01 23:10 - 00000582 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-09-01 22:44 - 2014-09-01 22:44 - 00000020 _____ () C:\Users\*****\defogger_reenable
2014-09-01 22:38 - 2014-09-01 22:38 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-09-01 17:50 - 2014-09-01 17:50 - 00000105 _____ () C:\Users\*****\Desktop\T-Shirts
2014-09-01 17:42 - 2014-09-01 17:42 - 00001010 _____ () C:\Users\*****\Desktop\Moni.lnk
2014-08-29 08:31 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 08:31 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-29 08:31 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-28 16:48 - 2014-08-28 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-08-28 16:46 - 2014-08-28 16:47 - 07327904 _____ () C:\Users\*****\Downloads\MyPhoneExplorer_Setup_1.8.6.exe
2014-08-27 00:38 - 2014-08-27 00:38 - 00000000 ____D () C:\Users\*****\AppData\Roaming\MPEG Streamclip
2014-08-26 23:16 - 2014-08-26 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Poker
2014-08-25 09:22 - 2014-08-25 09:22 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Program Files\iTunes
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Program Files\iPod
2014-08-19 16:18 - 2009-06-10 23:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140819-161813.backup
2014-08-19 14:43 - 2014-08-19 16:05 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-19 14:42 - 2014-08-19 14:43 - 11188736 _____ (SurfRight B.V.) C:\Users\*****\Downloads\hitmanpro_x64.exe
2014-08-19 05:50 - 2014-08-19 05:50 - 00001406 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-19 05:50 - 2014-08-19 05:50 - 00001394 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-19 05:50 - 2014-08-19 05:50 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-19 05:50 - 2014-08-19 05:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-19 05:50 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-08-19 05:49 - 2014-08-19 05:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-19 05:47 - 2014-08-19 05:47 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\*****\Downloads\spybot-2.4.exe
2014-08-19 05:34 - 2014-08-19 05:34 - 06052529 _____ (Tim Kosse) C:\Users\*****\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-18 03:04 - 2014-08-18 03:04 - 00323600 _____ (Dropbox, Inc.) C:\Users\*****\Downloads\DropboxInstaller.exe
2014-08-16 13:52 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 13:52 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 13:52 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 13:52 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 13:52 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 13:52 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 13:50 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 13:50 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-12 19:14 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-12 19:14 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-12 19:13 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-12 19:13 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-12 19:13 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-12 19:13 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-12 19:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-12 19:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-12 19:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-12 19:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-12 19:13 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-12 19:13 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-12 19:13 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-12 19:13 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-12 19:13 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-12 19:13 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-12 19:13 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-12 19:13 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-12 19:12 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-12 19:12 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-12 19:12 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-12 19:12 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-12 19:12 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-12 19:12 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-12 19:12 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-12 19:12 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-12 19:12 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-12 19:12 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-12 19:12 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-12 19:12 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-12 19:12 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-12 19:12 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-12 19:12 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-12 19:12 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-12 19:12 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-12 19:12 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-12 19:12 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-12 19:12 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-12 19:12 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-12 19:12 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-12 19:12 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-12 19:12 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-12 19:12 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-12 19:12 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-12 19:12 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-12 19:12 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-12 19:12 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-12 19:12 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-12 19:12 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-12 19:12 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-12 19:12 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-12 19:12 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-12 19:12 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-12 19:12 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-12 19:12 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-12 19:12 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-12 19:12 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-12 19:12 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-12 19:12 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-12 19:12 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-12 19:12 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-12 19:12 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-12 19:12 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-12 19:12 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-12 19:12 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-12 19:12 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-12 19:12 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-12 19:12 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-12 19:12 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-12 19:12 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-12 19:12 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-12 19:12 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-12 19:12 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-12 19:12 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-12 19:11 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-12 19:11 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-12 19:11 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-11 21:50 - 2014-08-11 21:51 - 06004615 _____ (Tim Kosse) C:\Users\*****\Downloads\FileZilla_3.9.0.2_win32-setup.exe
2014-08-11 21:50 - 2014-08-11 21:50 - 05981830 _____ (Tim Kosse) C:\Users\*****\Downloads\FileZilla_3.9.0.1_win32-setup.exe
2014-08-09 16:33 - 2014-08-09 16:33 - 00006166 _____ () C:\Users\*****\Downloads\Logins digitalagenten.xlsx
2014-08-08 21:10 - 2014-08-08 21:10 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-08 21:10 - 2014-08-08 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-03 17:20 - 2014-09-01 22:51 - 00026690 _____ () C:\Users\*****\Desktop\FRST.txt
2014-09-03 17:20 - 2014-09-01 22:51 - 00000000 ____D () C:\FRST
2014-09-03 17:20 - 2011-05-06 13:39 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Ditto
2014-09-03 17:19 - 2014-09-03 17:19 - 00001990 _____ () C:\Users\*****\Desktop\20140903_JRT.TXT
2014-09-03 17:17 - 2014-09-03 17:17 - 00001990 _____ () C:\Users\*****\Desktop\JRT.txt
2014-09-03 17:08 - 2014-09-03 17:08 - 00000000 ____D () C:\Windows\ERUNT
2014-09-03 17:06 - 2014-09-03 17:06 - 00004722 _____ () C:\Users\*****\Desktop\20140903_AdwCleaner.TXT
2014-09-03 17:04 - 2009-07-14 06:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-03 17:04 - 2009-07-14 06:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-03 16:57 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-03 16:56 - 2014-09-03 16:50 - 00000000 ____D () C:\AdwCleaner
2014-09-03 16:56 - 2011-04-07 11:13 - 00326354 _____ () C:\Windows\PFRO.log
2014-09-03 16:56 - 2011-03-30 10:32 - 02062651 _____ () C:\Windows\WindowsUpdate.log
2014-09-03 16:56 - 2009-07-14 06:51 - 00232825 _____ () C:\Windows\setupact.log
2014-09-03 16:47 - 2014-09-02 08:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 16:46 - 2014-09-03 16:33 - 00002233 _____ () C:\Users\*****\Desktop\mbam.txt
2014-09-03 16:43 - 2011-04-04 15:26 - 00000000 ____D () C:\Users\*****\AppData\Local\Adobe
2014-09-03 16:41 - 2012-10-11 14:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-03 16:36 - 2011-05-04 12:06 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-09-03 16:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-09-03 16:29 - 2011-11-30 09:49 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4095381569-4012469814-2939302448-1000UA.job
2014-09-03 15:50 - 2013-10-07 11:26 - 00007602 _____ () C:\Users\*****\AppData\Local\Resmon.ResmonCfg
2014-09-03 15:48 - 2011-04-07 11:58 - 00000000 ____D () C:\Users\*****\Documents\Outlook-Dateien
2014-09-03 15:40 - 2014-09-03 15:40 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-03 15:40 - 2014-09-03 15:39 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-03 15:40 - 2012-04-24 16:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 15:33 - 2011-05-03 13:14 - 00000000 ____D () C:\Users\*****\Documents\Allgemeines
2014-09-03 15:25 - 2014-09-03 15:25 - 01016261 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2014-09-03 15:24 - 2014-09-03 15:24 - 01370483 _____ () C:\Users\*****\Desktop\adwcleaner_3.309.exe
2014-09-03 12:45 - 2012-01-21 19:34 - 00000000 ____D () C:\Users\*****\AppData\Roaming\TweetAdder3
2014-09-03 09:00 - 2012-01-13 10:40 - 00030274 _____ () C:\Windows\system32\lvcoinst.log
2014-09-03 09:00 - 2011-05-04 12:06 - 00003494 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-09-03 09:00 - 2011-05-04 12:06 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-09-02 21:38 - 2014-09-02 21:38 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-02 21:38 - 2014-04-27 00:25 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-02 21:38 - 2013-12-29 13:26 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-09-02 21:38 - 2013-03-07 13:38 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-02 21:38 - 2013-03-07 13:38 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-02 21:38 - 2012-07-06 10:47 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-02 21:38 - 2012-04-24 14:49 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-09-02 21:38 - 2012-04-24 14:49 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-02 21:38 - 2012-04-24 14:49 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-02 21:38 - 2012-04-24 14:49 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-02 21:38 - 2012-04-24 14:49 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-02 21:25 - 2014-09-02 21:25 - 00029311 _____ () C:\Users\*****\Desktop\combofix.txt
2014-09-02 21:23 - 2014-09-02 21:23 - 00029311 _____ () C:\Users\*****\Desktop\ComboFix_Original.txt
2014-09-02 21:23 - 2014-09-02 20:34 - 00000000 ____D () C:\Qoobox
2014-09-02 21:23 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-02 21:21 - 2012-04-24 15:10 - 00000000 ____D () C:\Windows\ERDNT
2014-09-02 21:16 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-02 21:15 - 2009-07-14 04:34 - 83099648 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-09-02 21:15 - 2009-07-14 04:34 - 21233664 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-09-02 21:15 - 2009-07-14 04:34 - 04980736 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-09-02 21:15 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-09-02 21:15 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-09-02 21:13 - 2011-04-04 14:26 - 00000000 ____D () C:\Users\*****
2014-09-02 20:29 - 2014-09-02 20:28 - 05576326 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2014-09-02 19:29 - 2011-11-30 09:49 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4095381569-4012469814-2939302448-1000Core.job
2014-09-02 18:20 - 2014-09-02 18:19 - 16319576 _____ (Geek Software GmbH ) C:\Users\*****\Desktop\pdf24-creator-6.7.0.exe
2014-09-02 15:16 - 2011-04-04 15:35 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Adobe
2014-09-02 14:24 - 2014-09-02 14:10 - 00000000 ____D () C:\Users\*****\Desktop\Richard Graf
2014-09-02 10:09 - 2014-09-02 08:46 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-02 09:42 - 2014-09-02 09:42 - 00118112 _____ () C:\Users\*****\Desktop\20140902_TDSSKiller.TXT
2014-09-02 09:30 - 2014-09-02 08:42 - 00000000 ____D () C:\Users\*****\Desktop\mbar
2014-09-02 09:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\IME
2014-09-02 08:56 - 2014-09-02 08:56 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\*****\Desktop\tdsskiller.exe
2014-09-02 08:38 - 2014-09-02 08:38 - 14349744 _____ (Malwarebytes Corp.) C:\Users\*****\Desktop\mbar-1.07.0.1012.exe
2014-09-02 00:36 - 2014-09-02 00:36 - 00017685 _____ () C:\Users\*****\Desktop\Gmer.zip
2014-09-02 00:11 - 2014-09-02 00:08 - 00364840 _____ () C:\Users\*****\Desktop\Gmer.txt
2014-09-01 23:21 - 2014-09-01 23:21 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2014-09-01 23:17 - 2014-09-01 22:53 - 00049319 _____ () C:\Users\*****\Desktop\Addition.txt
2014-09-01 23:10 - 2014-09-01 22:44 - 00000582 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-09-01 22:53 - 2011-03-30 11:04 - 00708030 _____ () C:\Windows\system32\perfh007.dat
2014-09-01 22:53 - 2011-03-30 11:04 - 00153336 _____ () C:\Windows\system32\perfc007.dat
2014-09-01 22:53 - 2009-07-14 07:13 - 01643024 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-01 22:50 - 2014-09-01 22:50 - 02104832 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-09-01 22:45 - 2011-03-30 10:22 - 00000000 ____D () C:\Program Files\Lenovo
2014-09-01 22:44 - 2014-09-01 22:44 - 00000020 _____ () C:\Users\*****\defogger_reenable
2014-09-01 22:38 - 2014-09-01 22:38 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-09-01 17:50 - 2014-09-01 17:50 - 00000105 _____ () C:\Users\*****\Desktop\T-Shirts
2014-09-01 17:44 - 2012-01-21 19:43 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-01 17:42 - 2014-09-01 17:42 - 00001010 _____ () C:\Users\*****\Desktop\Moni.lnk
2014-09-01 17:41 - 2011-09-05 09:24 - 00000000 ____D () C:\Users\*****\Documents\ebay
2014-09-01 17:40 - 2011-05-03 14:35 - 00000000 ____D () C:\Users\*****\Documents\Software
2014-09-01 17:32 - 2013-06-26 15:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\vlc
2014-09-01 14:20 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-01 13:15 - 2011-03-30 10:29 - 00000000 ____D () C:\swshare
2014-09-01 12:12 - 2011-04-29 00:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\FileZilla
2014-09-01 11:30 - 2011-05-03 11:01 - 00000295 _____ () C:\Users\*****\Desktop\Konzerte.TXT
2014-08-30 15:47 - 2011-05-03 15:27 - 00000000 ____D () C:\Users\*****\AppData\Roaming\BOM
2014-08-29 12:58 - 2011-08-21 14:18 - 00000000 ____D () C:\Users\*****\Documents\My Photos
2014-08-29 10:00 - 2013-05-24 00:55 - 00000298 _____ () C:\Windows\Tasks\Synology Data Replicator 3-Thinktank-*****.job
2014-08-29 08:40 - 2009-07-14 06:45 - 04916184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 16:48 - 2014-08-28 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-08-28 16:48 - 2013-02-01 00:20 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer
2014-08-28 16:47 - 2014-08-28 16:46 - 07327904 _____ () C:\Users\*****\Downloads\MyPhoneExplorer_Setup_1.8.6.exe
2014-08-27 00:38 - 2014-08-27 00:38 - 00000000 ____D () C:\Users\*****\AppData\Roaming\MPEG Streamclip
2014-08-27 00:35 - 2011-05-03 15:54 - 00000000 ____D () C:\Users\*****\Documents\Sonstiges_Sortieren
2014-08-26 23:16 - 2014-08-26 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Poker
2014-08-26 23:16 - 2013-10-16 13:54 - 00001489 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\bwin Poker.lnk
2014-08-26 23:16 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-26 21:44 - 2014-07-31 11:06 - 00000000 ____D () C:\Users\*****\AppData\Local\www.rene-zeidler.de
2014-08-26 09:23 - 2011-05-04 12:06 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-08-25 13:00 - 2011-05-04 12:06 - 00004234 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-08-25 09:22 - 2014-08-25 09:22 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Program Files\iTunes
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Program Files\iPod
2014-08-25 09:22 - 2011-07-03 18:53 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-24 10:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-23 21:41 - 2013-07-01 17:24 - 00000000 ____D () C:\Users\*****\Documents\_FILM_nicht_sichern
2014-08-23 04:07 - 2014-08-29 08:31 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-29 08:31 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-29 08:31 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 16:55 - 2011-06-09 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-08-19 16:55 - 2011-04-05 15:29 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-08-19 16:15 - 2011-05-03 15:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-19 16:05 - 2014-08-19 14:43 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-19 14:43 - 2014-08-19 14:42 - 11188736 _____ (SurfRight B.V.) C:\Users\*****\Downloads\hitmanpro_x64.exe
2014-08-19 05:59 - 2014-08-19 05:49 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-19 05:50 - 2014-08-19 05:50 - 00001406 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-19 05:50 - 2014-08-19 05:50 - 00001394 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-19 05:50 - 2014-08-19 05:50 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-19 05:50 - 2014-08-19 05:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-19 05:49 - 2011-05-03 15:24 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-08-19 05:47 - 2014-08-19 05:47 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\*****\Downloads\spybot-2.4.exe
2014-08-19 05:34 - 2014-08-19 05:34 - 06052529 _____ (Tim Kosse) C:\Users\*****\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-18 03:06 - 2011-05-06 13:22 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Dropbox
2014-08-18 03:06 - 2011-05-03 15:55 - 00000000 ___RD () C:\Users\*****\Documents\My Dropbox
2014-08-18 03:05 - 2011-05-06 13:29 - 00001030 _____ () C:\Users\*****\Desktop\Dropbox.lnk
2014-08-18 03:05 - 2011-05-06 13:22 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-18 03:04 - 2014-08-18 03:04 - 00323600 _____ (Dropbox, Inc.) C:\Users\*****\Downloads\DropboxInstaller.exe
2014-08-13 19:01 - 2011-05-03 15:38 - 00000000 ____D () C:\Users\*****\Documents\AWR User Data
2014-08-13 19:01 - 2011-05-03 15:38 - 00000000 ____D () C:\Users\*****\AppData\Local\Caphyon
2014-08-13 15:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 15:49 - 2011-04-07 10:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 15:32 - 2013-07-17 18:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 15:25 - 2011-04-04 16:01 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-11 21:51 - 2014-08-11 21:50 - 06004615 _____ (Tim Kosse) C:\Users\*****\Downloads\FileZilla_3.9.0.2_win32-setup.exe
2014-08-11 21:50 - 2014-08-11 21:50 - 05981830 _____ (Tim Kosse) C:\Users\*****\Downloads\FileZilla_3.9.0.1_win32-setup.exe
2014-08-09 16:33 - 2014-08-09 16:33 - 00006166 _____ () C:\Users\*****\Downloads\Logins digitalagenten.xlsx
2014-08-08 21:11 - 2013-10-16 15:34 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-08 21:10 - 2014-08-08 21:10 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-08 21:10 - 2014-08-08 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-08 21:10 - 2011-03-30 10:33 - 00000000 ____D () C:\Program Files (x86)\Java
ZeroAccess:
C:\Users\*****\AppData\Local\fc25d5a8
C:\Users\*****\AppData\Local\fc25d5a8\@
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-28 16:14
==================== End Of Log ============================
|
|
04.09.2014, 11:31
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7: FTP-Passwörter geknacktESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.09.2014, 22:28
| #9 |
| | Windows 7: FTP-Passwörter geknackt Die Frage, ob es noch Probleme gibt, kann ich nicht zweifelsfrei beantworten da ich bis jetzt noch nicht verstanden habe, wie bzw. warum per FTP Schadcode auf den Homepages verbreitet werden konnte. Geben die diversen Logfiles denn hier "Auskunft" bzw. kann man sagen, dass dafür ein bestimmter oder mehrere Trojaner dahinter stecken? Hier jedenfalls die neuen Logs: ESET Online Scanner Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=426cc19a128d544ea10f03aafabce21e
# engine=19998
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-04 04:01:45
# local_time=2014-09-04 06:01:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 121279 174266995 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 34807 161476355 0 0
# scanned=550440
# found=19
# cleaned=0
# scan_time=16076
sh=FDF652F803592E6840E076A89A19BF655686B8A8 ft=1 fh=de76e936397b25d2 vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll.vir"
sh=FF845FE37828470911D106733E222D071880F00B ft=1 fh=e038bfdb57a9e139 vn="Win32/InstallMonetizer.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EK41XVJD\20140828105185[1].exe"
sh=0A12774E4D19A9867069C8D3CD3E380D7CB2F59C ft=1 fh=c950eacd9b1cc265 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G5QWU3FE\WajamChecker[1].exe"
sh=5028FC8F8BD2CA286274254AA7EE66ED222AAFAA ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB Trojaner" ac=I fn="C:\Users\*****\Documents\Homepages\detektei-suchmaschine\20121013_Status_Server\wp\wp-content\themes\carrington-blog\theme.php"
sh=085DF67C30A3C682F7C5A29927F8F2555202ECA7 ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB Trojaner" ac=I fn="C:\Users\*****\Documents\Homepages\detektei-suchmaschine\20121013_Status_Server\wp\wp-content\uploads\carrington-blog.zip"
sh=085DF67C30A3C682F7C5A29927F8F2555202ECA7 ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB Trojaner" ac=I fn="C:\Users\*****\Documents\Homepages\detektei-suchmaschine\20121013_Status_Server\wp\wp-content\uploads\carrington-blog1.zip"
sh=085DF67C30A3C682F7C5A29927F8F2555202ECA7 ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB Trojaner" ac=I fn="C:\Users\*****\Documents\Homepages\detektei-suchmaschine\20121013_Status_Server\wp\wp-content\uploads\carrington-blog2.zip"
sh=04EA5B356FCC949AD24B5058B7E9BCD14CBCA61D ft=0 fh=0000000000000000 vn="PHP/TrojanDownloader.Agent.AJ Trojaner" ac=I fn="C:\Users\*****\Documents\Homepages\detektei-suchmaschine\20140324_Redaxo_VERSEUCHT\rex\index.php"
sh=5AC22BDF2BB2EB21D833A7FEC4CA7A47D81529A5 ft=0 fh=0000000000000000 vn="PHP/TrojanDownloader.Agent.AJ Trojaner" ac=I fn="C:\Users\*****\Documents\Homepages\detektei-suchmaschine\20140324_Redaxo_VERSEUCHT\rex\redaxo\index.php"
sh=9B0548C3BD40BCB71F64332DA3D6EEF2539E1CEE ft=0 fh=0000000000000000 vn="JS/TrojanDownloader.Iframe.NKE Trojaner" ac=I fn="C:\Users\*****\Documents\Homepages\hoeferjungnitsch\index_120431.html"
sh=8C60E7EFBD55AEDAFF58BFE26EB41409D873599F ft=0 fh=0000000000000000 vn="PHP/TrojanDownloader.Agent.AJ Trojaner" ac=I fn="C:\Users\*****\Documents\Projekte\get-team\20140901_Logs\gantry_VIRUS_php_trojan_2.UNOFFICIAL_index.php"
sh=A3926785ED3AD71D0B818E7D700AB89F6A460E3B ft=0 fh=0000000000000000 vn="PHP/TrojanDownloader.Agent.AJ Trojaner" ac=I fn="C:\Users\*****\Documents\Projekte\get-team\20140901_Logs\VIRUS_php_trojan_03.UNOFFICIAL_index.php"
sh=9B787342B5163114C137203D5E466372E7441C7B ft=0 fh=0000000000000000 vn="PHP/TrojanDownloader.Agent.AJ Trojaner" ac=I fn="C:\Users\*****\Documents\Projekte\get-team\20140901_Logs\VIRUS_php_trojan_2.UNOFFICIAL_index.php"
sh=3779A8D5418B0CF7B378458BB4155FC14D4E540F ft=0 fh=0000000000000000 vn="PHP/Agent.NBF Trojaner" ac=I fn="C:\Users\*****\Documents\Projekte\get-team\Homepage_20121001\joomla\images\post.php"
sh=3779A8D5418B0CF7B378458BB4155FC14D4E540F ft=0 fh=0000000000000000 vn="PHP/Agent.NBF Trojaner" ac=I fn="C:\Users\*****\Documents\Projekte\get-team\Homepage_20121014_Virenfrei\joomla\images\post.php"
sh=3779A8D5418B0CF7B378458BB4155FC14D4E540F ft=0 fh=0000000000000000 vn="PHP/Agent.NBF Trojaner" ac=I fn="C:\Users\*****\Documents\Projekte\get-team\Homepage_Jupgrade_20130305\jupgrade\images\post.php"
sh=02626CD30AD07B329B4DA263226113C356A08939 ft=0 fh=0000000000000000 vn="PHP/WebShell.NBS Trojaner" ac=I fn="C:\Users\*****\Documents\Projekte\get-team\Logs\logs\VIRUS_PHP.Shell-38_version.php"
sh=EAE2784C9115FE9CFA44A116B74E72C1BCCFA7F6 ft=1 fh=2e79e77116fe19c4 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\Downloads\MyPhoneExplorer_Setup_1.8.5.exe"
sh=5DE4084222A4AF0D57FF89E0A8F32D7654EEA9F5 ft=1 fh=20b3f2bda540ff2c vn="Win32/TopMedia.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\*****\Downloads\vshare-plugin.exe"
Security Check Code:
ATTFilter Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Secunia PSI (3.0.0.9016)
Java 7 Update 67
Adobe Flash Player 14.0.0.145
Adobe Reader 9
Adobe Reader XI
Mozilla Firefox (31.0)
Google Chrome 36.0.1985.143
Google Chrome 37.0.2062.103
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVAST Software Avast AvastSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by ***** (administrator) on THINKTANK on 04-09-2014 23:19:42
Running from C:\Users\*****\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Caphyon) C:\Program Files (x86)\Caphyon\Advanced Web Ranking\Scheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Rocket Division Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
() C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Lenovo.) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
(TweetAdder.com) C:\Program Files (x86)\TweetAdder4\TweetAdder4.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(IDM Computer Solutions, Inc.) C:\Program Files (x86)\UltraEdit-32\uedit32.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TrackPointSrv] => C:\Program Files\Lenovo\TrackPoint\tp4serv.exe [138784 2011-11-01] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [44096 2012-01-16] (Lenovo Group Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Snipping Tool Plus] => C:\Users\*****\Desktop\Snipping Tool Plus.exe /h
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Message Center Plus] => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-28] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2010-03-02] (CANON INC.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-02] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4095381569-4012469814-2939302448-1000\...\Run: [Data Replicator 3] => C:\Program Files (x86)\Synology Data Replicator 3\Backup.exe [11590528 2013-06-28] (Synology Inc.)
HKU\S-1-5-21-4095381569-4012469814-2939302448-1000\...\Run: [Ditto] => C:\Program Files (x86)\Ditto\Ditto.exe [831488 2010-12-23] ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x448E6756E48ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default
FF Homepage: https://www.google.com/adsense/?hl=de
FF Keyword.URL: www.google.com/search?q
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\*****\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\*****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FireShot - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-07-26]
FF Extension: SeoQuake - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2014-09-03]
FF Extension: Live HTTP Headers - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2013-10-16]
FF Extension: Page Speed - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2014-04-22]
FF Extension: Firebug - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\firebug@software.joehewitt.com.xpi [2011-04-04]
FF Extension: KGen - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\kgen@elitwork.com.xpi [2011-04-04]
FF Extension: MozBar - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\toolbar@seomoz.org.xpi [2013-10-16]
FF Extension: Screengrab - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{02450954-cdd9-410f-b1da-db804e18c671}.xpi [2011-04-04]
FF Extension: SISTRIX Toolbar - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{08eaf605-03f5-44b1-a86d-e1ce89872ac3}.xpi [2011-09-30]
FF Extension: All-in-One Sidebar - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2012-10-30]
FF Extension: Flagfox - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-08]
FF Extension: LinkChecker - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{49f3fc85-dcfe-4e42-9301-226ebe658509}.xpi [2013-10-16]
FF Extension: MeasureIt - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2011-04-04]
FF Extension: Web Developer - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2011-04-04]
FF Extension: SearchStatus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi [2011-04-04]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-31]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-04-24]
Chrome:
=======
CHR HomePage: Default -> https://www.google.com/adsense/?hl=de
CHR DefaultSearchKeyword: Default -> google#
CHR DefaultSearchProvider: Default -> Google#
CHR DefaultSearchURL: Default -> hxxp://www.google.de/search?q={searchTerms}&pws=0
CHR DefaultSuggestURL: Default ->
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\*****\AppData\Local\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\*****\AppData\Local\Google\Chrome\Application\37.0.2062.103\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\*****\AppData\Local\Google\Chrome\Application\37.0.2062.103\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (vShare.tv plug-in) - C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll No File
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\*****\AppData\Roaming\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\*****\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03]
CHR Extension: (avast! Online Security) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-03]
CHR Extension: (Skype Click to Call) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-01-13]
CHR Extension: (Scraper) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbigbapnjcgaffohmbkdlecaccepngjd [2013-10-16]
CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (SEO for Chrome) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj [2011-11-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-02]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-12-06] (Adobe Systems) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-02] (AVAST Software)
R2 AWRScheduler; C:\Program Files (x86)\Caphyon\Advanced Web Ranking\Scheduler.exe [166304 2014-04-16] (Caphyon)
R3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-16] (Lenovo.)
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-13] (Brio) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2011-05-06] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynoDrService; C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe [381312 2013-06-28] () [File not signed]
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-06] (Lenovo Group Limited)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2013-11-14] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AQFileRestore; C:\Windows\System32\DRIVERS\AQFileRestore.sys [21040 2012-01-13] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-02] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-02] ()
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2011-05-09] (Duplex Secure Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-17] (Anchorfree Inc.)
R3 Tp4Track; C:\Windows\System32\DRIVERS\tp4track.sys [29992 2011-11-01] (Lenovo Group Limited)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-07-02] (Lenovo (United States) Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\WNt500x64\Sandra.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-04 23:20 - 2014-09-04 23:20 - 00000947 _____ () C:\Users\*****\Desktop\SecurityCheck.TXT
2014-09-04 21:37 - 2014-09-04 21:37 - 00004937 _____ () C:\Users\*****\Desktop\eset.TXT
2014-09-04 13:31 - 2014-09-04 13:31 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-04 13:27 - 2014-09-04 13:27 - 02347384 _____ (ESET) C:\Users\*****\Desktop\esetsmartinstaller_deu.exe
2014-09-04 13:27 - 2014-09-04 13:27 - 00854417 _____ () C:\Users\*****\Desktop\SecurityCheck.exe
2014-09-03 17:22 - 2014-09-03 17:22 - 00060904 _____ () C:\Users\*****\Desktop\20140903_FRST.TXT
2014-09-03 17:19 - 2014-09-03 17:19 - 00001990 _____ () C:\Users\*****\Desktop\20140903_JRT.TXT
2014-09-03 17:17 - 2014-09-03 17:17 - 00001990 _____ () C:\Users\*****\Desktop\JRT.txt
2014-09-03 17:08 - 2014-09-03 17:08 - 00000000 ____D () C:\Windows\ERUNT
2014-09-03 17:06 - 2014-09-03 17:06 - 00004722 _____ () C:\Users\*****\Desktop\20140903_AdwCleaner.TXT
2014-09-03 16:50 - 2014-09-03 16:56 - 00000000 ____D () C:\AdwCleaner
2014-09-03 16:33 - 2014-09-03 16:46 - 00002233 _____ () C:\Users\*****\Desktop\mbam.txt
2014-09-03 15:40 - 2014-09-03 15:40 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-03 15:39 - 2014-09-03 15:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-03 15:39 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-03 15:25 - 2014-09-03 15:25 - 01016261 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2014-09-03 15:24 - 2014-09-03 15:24 - 01370483 _____ () C:\Users\*****\Desktop\adwcleaner_3.309.exe
2014-09-02 21:38 - 2014-09-02 21:38 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-02 21:25 - 2014-09-02 21:25 - 00029311 _____ () C:\Users\*****\Desktop\combofix.txt
2014-09-02 21:23 - 2014-09-02 21:23 - 00029311 _____ () C:\Users\*****\Desktop\ComboFix_Original.txt
2014-09-02 21:02 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-02 21:02 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-02 21:02 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-02 21:02 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-02 21:02 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-02 21:02 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-02 21:02 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-02 21:02 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-02 20:34 - 2014-09-02 21:23 - 00000000 ____D () C:\Qoobox
2014-09-02 20:28 - 2014-09-02 20:29 - 05576326 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2014-09-02 18:19 - 2014-09-02 18:20 - 16319576 _____ (Geek Software GmbH ) C:\Users\*****\Desktop\pdf24-creator-6.7.0.exe
2014-09-02 14:10 - 2014-09-02 14:24 - 00000000 ____D () C:\Users\*****\Desktop\Richard Graf
2014-09-02 09:42 - 2014-09-02 09:42 - 00118112 _____ () C:\Users\*****\Desktop\20140902_TDSSKiller.TXT
2014-09-02 08:56 - 2014-09-02 08:56 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\*****\Desktop\tdsskiller.exe
2014-09-02 08:46 - 2014-09-03 16:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-02 08:46 - 2014-09-02 10:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-02 08:42 - 2014-09-02 09:30 - 00000000 ____D () C:\Users\*****\Desktop\mbar
2014-09-02 08:42 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-02 08:38 - 2014-09-02 08:38 - 14349744 _____ (Malwarebytes Corp.) C:\Users\*****\Desktop\mbar-1.07.0.1012.exe
2014-09-02 00:36 - 2014-09-02 00:36 - 00017685 _____ () C:\Users\*****\Desktop\Gmer.zip
2014-09-02 00:08 - 2014-09-02 00:11 - 00364840 _____ () C:\Users\*****\Desktop\Gmer.txt
2014-09-01 23:21 - 2014-09-01 23:21 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2014-09-01 22:53 - 2014-09-01 23:17 - 00049319 _____ () C:\Users\*****\Desktop\Addition.txt
2014-09-01 22:51 - 2014-09-04 23:20 - 00027714 _____ () C:\Users\*****\Desktop\FRST.txt
2014-09-01 22:51 - 2014-09-04 23:19 - 00000000 ____D () C:\FRST
2014-09-01 22:50 - 2014-09-01 22:50 - 02104832 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-09-01 22:44 - 2014-09-01 23:10 - 00000582 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-09-01 22:44 - 2014-09-01 22:44 - 00000020 _____ () C:\Users\*****\defogger_reenable
2014-09-01 22:38 - 2014-09-01 22:38 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-09-01 17:50 - 2014-09-01 17:50 - 00000105 _____ () C:\Users\*****\Desktop\T-Shirts
2014-09-01 17:42 - 2014-09-01 17:42 - 00001010 _____ () C:\Users\*****\Desktop\Moni.lnk
2014-08-29 08:31 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 08:31 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-29 08:31 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-28 16:48 - 2014-08-28 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-08-28 16:46 - 2014-08-28 16:47 - 07327904 _____ () C:\Users\*****\Downloads\MyPhoneExplorer_Setup_1.8.6.exe
2014-08-27 00:38 - 2014-08-27 00:38 - 00000000 ____D () C:\Users\*****\AppData\Roaming\MPEG Streamclip
2014-08-26 23:16 - 2014-08-26 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Poker
2014-08-25 09:22 - 2014-08-25 09:22 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Program Files\iTunes
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Program Files\iPod
2014-08-19 16:18 - 2009-06-10 23:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140819-161813.backup
2014-08-19 14:43 - 2014-08-19 16:05 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-19 05:50 - 2014-08-19 05:50 - 00001406 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-19 05:50 - 2014-08-19 05:50 - 00001394 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-19 05:50 - 2014-08-19 05:50 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-19 05:50 - 2014-08-19 05:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-19 05:50 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-08-19 05:49 - 2014-08-19 05:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-19 05:34 - 2014-08-19 05:34 - 06052529 _____ (Tim Kosse) C:\Users\*****\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-18 03:04 - 2014-08-18 03:04 - 00323600 _____ (Dropbox, Inc.) C:\Users\*****\Downloads\DropboxInstaller.exe
2014-08-16 13:52 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 13:52 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 13:52 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 13:52 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 13:52 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 13:52 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 13:50 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 13:50 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-12 19:14 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-12 19:14 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-12 19:13 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-12 19:13 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-12 19:13 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-12 19:13 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-12 19:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-12 19:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-12 19:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-12 19:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-12 19:13 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-12 19:13 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-12 19:13 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-12 19:13 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-12 19:13 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-12 19:13 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-12 19:13 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-12 19:13 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-12 19:12 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-12 19:12 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-12 19:12 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-12 19:12 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-12 19:12 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-12 19:12 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-12 19:12 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-12 19:12 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-12 19:12 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-12 19:12 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-12 19:12 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-12 19:12 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-12 19:12 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-12 19:12 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-12 19:12 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-12 19:12 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-12 19:12 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-12 19:12 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-12 19:12 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-12 19:12 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-12 19:12 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-12 19:12 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-12 19:12 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-12 19:12 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-12 19:12 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-12 19:12 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-12 19:12 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-12 19:12 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-12 19:12 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-12 19:12 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-12 19:12 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-12 19:12 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-12 19:12 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-12 19:12 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-12 19:12 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-12 19:12 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-12 19:12 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-12 19:12 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-12 19:12 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-12 19:12 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-12 19:12 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-12 19:12 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-12 19:12 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-12 19:12 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-12 19:12 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-12 19:12 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-12 19:12 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-12 19:12 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-12 19:12 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-12 19:12 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-12 19:12 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-12 19:12 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-12 19:12 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-12 19:12 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-12 19:12 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-12 19:12 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-12 19:11 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-12 19:11 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-12 19:11 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-09 16:33 - 2014-08-09 16:33 - 00006166 _____ () C:\Users\*****\Downloads\Logins digitalagenten.xlsx
2014-08-08 21:10 - 2014-08-08 21:10 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-08 21:10 - 2014-08-08 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-04 23:20 - 2014-09-04 23:20 - 00000947 _____ () C:\Users\*****\Desktop\SecurityCheck.TXT
2014-09-04 23:20 - 2014-09-01 22:51 - 00027714 _____ () C:\Users\*****\Desktop\FRST.txt
2014-09-04 23:20 - 2011-04-07 11:58 - 00000000 ____D () C:\Users\*****\Documents\Outlook-Dateien
2014-09-04 23:19 - 2014-09-01 22:51 - 00000000 ____D () C:\FRST
2014-09-04 22:57 - 2011-03-30 10:32 - 01122265 _____ () C:\Windows\WindowsUpdate.log
2014-09-04 22:41 - 2012-10-11 14:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-04 22:31 - 2011-11-30 09:49 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4095381569-4012469814-2939302448-1000UA.job
2014-09-04 21:37 - 2014-09-04 21:37 - 00004937 _____ () C:\Users\*****\Desktop\eset.TXT
2014-09-04 19:29 - 2011-11-30 09:49 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4095381569-4012469814-2939302448-1000Core.job
2014-09-04 13:31 - 2014-09-04 13:31 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-04 13:27 - 2014-09-04 13:27 - 02347384 _____ (ESET) C:\Users\*****\Desktop\esetsmartinstaller_deu.exe
2014-09-04 13:27 - 2014-09-04 13:27 - 00854417 _____ () C:\Users\*****\Desktop\SecurityCheck.exe
2014-09-04 13:24 - 2011-05-06 13:39 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Ditto
2014-09-04 10:00 - 2013-05-24 00:55 - 00000298 _____ () C:\Windows\Tasks\Synology Data Replicator 3-Thinktank-*****.job
2014-09-04 09:33 - 2011-04-29 00:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\FileZilla
2014-09-04 09:25 - 2011-04-04 14:26 - 00000000 ____D () C:\Users\*****
2014-09-04 09:00 - 2012-01-13 10:40 - 00030870 _____ () C:\Windows\system32\lvcoinst.log
2014-09-04 09:00 - 2011-05-04 12:06 - 00003494 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-09-04 09:00 - 2011-05-04 12:06 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-09-04 09:00 - 2011-05-04 12:06 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-09-04 08:42 - 2012-01-21 19:34 - 00000000 ____D () C:\Users\*****\AppData\Roaming\TweetAdder3
2014-09-04 08:11 - 2009-07-14 06:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-04 08:11 - 2009-07-14 06:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-04 08:03 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-04 08:03 - 2009-07-14 06:51 - 00232937 _____ () C:\Windows\setupact.log
2014-09-03 19:30 - 2011-03-30 11:04 - 00708030 _____ () C:\Windows\system32\perfh007.dat
2014-09-03 19:30 - 2011-03-30 11:04 - 00153336 _____ () C:\Windows\system32\perfc007.dat
2014-09-03 19:30 - 2009-07-14 07:13 - 01643024 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-03 17:32 - 2011-05-24 10:25 - 00000000 ____D () C:\Users\*****\Downloads\DesktopOK251_x64
2014-09-03 17:22 - 2014-09-03 17:22 - 00060904 _____ () C:\Users\*****\Desktop\20140903_FRST.TXT
2014-09-03 17:19 - 2014-09-03 17:19 - 00001990 _____ () C:\Users\*****\Desktop\20140903_JRT.TXT
2014-09-03 17:17 - 2014-09-03 17:17 - 00001990 _____ () C:\Users\*****\Desktop\JRT.txt
2014-09-03 17:08 - 2014-09-03 17:08 - 00000000 ____D () C:\Windows\ERUNT
2014-09-03 17:06 - 2014-09-03 17:06 - 00004722 _____ () C:\Users\*****\Desktop\20140903_AdwCleaner.TXT
2014-09-03 16:56 - 2014-09-03 16:50 - 00000000 ____D () C:\AdwCleaner
2014-09-03 16:56 - 2011-04-07 11:13 - 00326354 _____ () C:\Windows\PFRO.log
2014-09-03 16:47 - 2014-09-02 08:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 16:46 - 2014-09-03 16:33 - 00002233 _____ () C:\Users\*****\Desktop\mbam.txt
2014-09-03 16:43 - 2011-04-04 15:26 - 00000000 ____D () C:\Users\*****\AppData\Local\Adobe
2014-09-03 16:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-09-03 15:50 - 2013-10-07 11:26 - 00007602 _____ () C:\Users\*****\AppData\Local\Resmon.ResmonCfg
2014-09-03 15:40 - 2014-09-03 15:40 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-03 15:40 - 2014-09-03 15:39 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-03 15:40 - 2012-04-24 16:28 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Malwarebytes
2014-09-03 15:40 - 2012-04-24 16:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 15:33 - 2011-05-03 13:14 - 00000000 ____D () C:\Users\*****\Documents\Allgemeines
2014-09-03 15:25 - 2014-09-03 15:25 - 01016261 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2014-09-03 15:24 - 2014-09-03 15:24 - 01370483 _____ () C:\Users\*****\Desktop\adwcleaner_3.309.exe
2014-09-02 21:38 - 2014-09-02 21:38 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-02 21:38 - 2014-04-27 00:25 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-02 21:38 - 2013-12-29 13:26 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-09-02 21:38 - 2013-03-07 13:38 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-02 21:38 - 2013-03-07 13:38 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-02 21:38 - 2012-07-06 10:47 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-02 21:38 - 2012-04-24 14:49 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-09-02 21:38 - 2012-04-24 14:49 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-02 21:38 - 2012-04-24 14:49 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-02 21:38 - 2012-04-24 14:49 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-02 21:38 - 2012-04-24 14:49 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-02 21:25 - 2014-09-02 21:25 - 00029311 _____ () C:\Users\*****\Desktop\combofix.txt
2014-09-02 21:23 - 2014-09-02 21:23 - 00029311 _____ () C:\Users\*****\Desktop\ComboFix_Original.txt
2014-09-02 21:23 - 2014-09-02 20:34 - 00000000 ____D () C:\Qoobox
2014-09-02 21:23 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-02 21:21 - 2012-04-24 15:10 - 00000000 ____D () C:\Windows\ERDNT
2014-09-02 21:16 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-02 21:15 - 2009-07-14 04:34 - 83099648 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-09-02 21:15 - 2009-07-14 04:34 - 21233664 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-09-02 21:15 - 2009-07-14 04:34 - 04980736 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-09-02 21:15 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-09-02 21:15 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-09-02 20:29 - 2014-09-02 20:28 - 05576326 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2014-09-02 18:20 - 2014-09-02 18:19 - 16319576 _____ (Geek Software GmbH ) C:\Users\*****\Desktop\pdf24-creator-6.7.0.exe
2014-09-02 15:16 - 2011-04-04 15:35 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Adobe
2014-09-02 14:24 - 2014-09-02 14:10 - 00000000 ____D () C:\Users\*****\Desktop\Richard Graf
2014-09-02 10:09 - 2014-09-02 08:46 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-02 09:42 - 2014-09-02 09:42 - 00118112 _____ () C:\Users\*****\Desktop\20140902_TDSSKiller.TXT
2014-09-02 09:30 - 2014-09-02 08:42 - 00000000 ____D () C:\Users\*****\Desktop\mbar
2014-09-02 09:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\IME
2014-09-02 08:56 - 2014-09-02 08:56 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\*****\Desktop\tdsskiller.exe
2014-09-02 08:38 - 2014-09-02 08:38 - 14349744 _____ (Malwarebytes Corp.) C:\Users\*****\Desktop\mbar-1.07.0.1012.exe
2014-09-02 00:36 - 2014-09-02 00:36 - 00017685 _____ () C:\Users\*****\Desktop\Gmer.zip
2014-09-02 00:11 - 2014-09-02 00:08 - 00364840 _____ () C:\Users\*****\Desktop\Gmer.txt
2014-09-01 23:21 - 2014-09-01 23:21 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2014-09-01 23:17 - 2014-09-01 22:53 - 00049319 _____ () C:\Users\*****\Desktop\Addition.txt
2014-09-01 23:10 - 2014-09-01 22:44 - 00000582 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-09-01 22:50 - 2014-09-01 22:50 - 02104832 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-09-01 22:45 - 2011-03-30 10:22 - 00000000 ____D () C:\Program Files\Lenovo
2014-09-01 22:44 - 2014-09-01 22:44 - 00000020 _____ () C:\Users\*****\defogger_reenable
2014-09-01 22:38 - 2014-09-01 22:38 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-09-01 17:50 - 2014-09-01 17:50 - 00000105 _____ () C:\Users\*****\Desktop\T-Shirts
2014-09-01 17:44 - 2012-01-21 19:43 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-01 17:42 - 2014-09-01 17:42 - 00001010 _____ () C:\Users\*****\Desktop\Moni.lnk
2014-09-01 17:41 - 2011-09-05 09:24 - 00000000 ____D () C:\Users\*****\Documents\ebay
2014-09-01 17:40 - 2011-05-03 14:35 - 00000000 ____D () C:\Users\*****\Documents\Software
2014-09-01 17:32 - 2013-06-26 15:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\vlc
2014-09-01 14:20 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-01 13:15 - 2011-03-30 10:29 - 00000000 ____D () C:\swshare
2014-09-01 11:30 - 2011-05-03 11:01 - 00000295 _____ () C:\Users\*****\Desktop\Konzerte.TXT
2014-08-30 15:47 - 2011-05-03 15:27 - 00000000 ____D () C:\Users\*****\AppData\Roaming\BOM
2014-08-29 12:58 - 2011-08-21 14:18 - 00000000 ____D () C:\Users\*****\Documents\My Photos
2014-08-29 08:40 - 2009-07-14 06:45 - 04916184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 16:48 - 2014-08-28 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-08-28 16:48 - 2013-02-01 00:20 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer
2014-08-28 16:47 - 2014-08-28 16:46 - 07327904 _____ () C:\Users\*****\Downloads\MyPhoneExplorer_Setup_1.8.6.exe
2014-08-27 00:38 - 2014-08-27 00:38 - 00000000 ____D () C:\Users\*****\AppData\Roaming\MPEG Streamclip
2014-08-27 00:35 - 2011-05-03 15:54 - 00000000 ____D () C:\Users\*****\Documents\Sonstiges_Sortieren
2014-08-26 23:16 - 2014-08-26 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Poker
2014-08-26 23:16 - 2013-10-16 13:54 - 00001489 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\bwin Poker.lnk
2014-08-26 23:16 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-26 21:44 - 2014-07-31 11:06 - 00000000 ____D () C:\Users\*****\AppData\Local\www.rene-zeidler.de
2014-08-26 09:23 - 2011-05-04 12:06 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-08-25 13:00 - 2011-05-04 12:06 - 00004234 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-08-25 09:22 - 2014-08-25 09:22 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Program Files\iTunes
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Program Files\iPod
2014-08-25 09:22 - 2011-07-03 18:53 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-25 06:53 - 2011-04-04 14:44 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-24 10:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-23 21:41 - 2013-07-01 17:24 - 00000000 ____D () C:\Users\*****\Documents\_FILM_nicht_sichern
2014-08-23 04:07 - 2014-08-29 08:31 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-29 08:31 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-29 08:31 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 16:55 - 2011-06-09 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-08-19 16:55 - 2011-04-05 15:29 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-08-19 16:15 - 2011-05-03 15:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-19 16:05 - 2014-08-19 14:43 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-19 05:59 - 2014-08-19 05:49 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-19 05:50 - 2014-08-19 05:50 - 00001406 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-19 05:50 - 2014-08-19 05:50 - 00001394 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-19 05:50 - 2014-08-19 05:50 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-19 05:50 - 2014-08-19 05:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-19 05:49 - 2011-05-03 15:24 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-08-19 05:34 - 2014-08-19 05:34 - 06052529 _____ (Tim Kosse) C:\Users\*****\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-18 03:06 - 2011-05-06 13:22 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Dropbox
2014-08-18 03:06 - 2011-05-03 15:55 - 00000000 ___RD () C:\Users\*****\Documents\My Dropbox
2014-08-18 03:05 - 2011-05-06 13:29 - 00001030 _____ () C:\Users\*****\Desktop\Dropbox.lnk
2014-08-18 03:05 - 2011-05-06 13:22 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-18 03:04 - 2014-08-18 03:04 - 00323600 _____ (Dropbox, Inc.) C:\Users\*****\Downloads\DropboxInstaller.exe
2014-08-13 19:01 - 2011-05-03 15:38 - 00000000 ____D () C:\Users\*****\Documents\AWR User Data
2014-08-13 19:01 - 2011-05-03 15:38 - 00000000 ____D () C:\Users\*****\AppData\Local\Caphyon
2014-08-13 15:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 15:49 - 2011-04-07 10:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 15:32 - 2013-07-17 18:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 15:25 - 2011-04-04 16:01 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-09 16:33 - 2014-08-09 16:33 - 00006166 _____ () C:\Users\*****\Downloads\Logins digitalagenten.xlsx
2014-08-08 21:11 - 2013-10-16 15:34 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-08 21:10 - 2014-08-08 21:10 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-08 21:10 - 2014-08-08 21:10 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-08 21:10 - 2014-08-08 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-08 21:10 - 2011-03-30 10:33 - 00000000 ____D () C:\Program Files (x86)\Java
ZeroAccess:
C:\Users\*****\AppData\Local\fc25d5a8
C:\Users\*****\AppData\Local\fc25d5a8\@
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-28 16:14
==================== End Of Log ============================
--- --- --- |
|
05.09.2014, 20:06
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7: FTP-Passwörter geknackt Schau mal in die ESET Funde, das sollte das schon erklären. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ZeroAccess:
C:\Users\*****\AppData\Local\fc25d5a8
C:\Users\*****\AppData\Local\fc25d5a8\@
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.09.2014, 23:11
| #11 |
| | Windows 7: FTP-Passwörter geknackt O.K. Bei den meisten Funden handelt es sich "verseuchte" Versionen, die lokal abgespeichert wurden bevor ein Backup eingespielt wurde.... Klingt jetzt naiv, aber können diese Dateien trotzdem Schaden anrichten? Hier das Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2014 02
Ran by ***** at 2014-09-06 00:00:13 Run:2
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
ZeroAccess:
C:\Users\*****\AppData\Local\fc25d5a8
C:\Users\*****\AppData\Local\fc25d5a8\@
*****************
ZeroAccess: => Error: No automatic fix found for this entry.
C:\Users\*****\AppData\Local\fc25d5a8 => Moved successfully.
"C:\Users\*****\AppData\Local\fc25d5a8\@" => File/Directory not found.
==== End of Fixlog ====
|
|
06.09.2014, 18:58
| #12 |
| /// the machine /// TB-Ausbilder | Windows 7: FTP-Passwörter geknackt Wenn die nie wieder angefasst werden und nur da rumliegen, nein. Frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.09.2014, 08:02
| #13 |
| | Windows 7: FTP-Passwörter geknackt O.K., Danke. Aktuell keine Probleme wobei erst die Zeit zeigen wird, ob jetzt wieder "alles gut" ist, denn der unautorisierte Zugriff und das Aufspielen von Malware o.ä. kann ja zu jedem späteren Zeitpunkt erfolgen.... Die Passwörter werden jedenfalls jetzt noch einmal erneuert und dann bleibt zu hoffen, dass es sich wirklich erledigt hat. Vielen Dank jedenfalls schon mal für die schnelle Hilfe!!! Hast Du evtl. noch eine Empfehlung bzgl. Virenscanner & Co.? Avast o.k. oder darfs noch etwas mehr sein? FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by ***** (administrator) on THINKTANK on 08-09-2014 08:52:32
Running from C:\Users\*****\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Caphyon) C:\Program Files (x86)\Caphyon\Advanced Web Ranking\Scheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Rocket Division Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
() C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Ditto\Ditto.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(TweetAdder.com) C:\Program Files (x86)\TweetAdder4\TweetAdder4.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Lenovo.) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [TrackPointSrv] => C:\Program Files\Lenovo\TrackPoint\tp4serv.exe [138784 2011-11-01] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [44096 2012-01-16] (Lenovo Group Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Snipping Tool Plus] => C:\Users\*****\Desktop\Snipping Tool Plus.exe /h
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Message Center Plus] => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-28] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2010-03-02] (CANON INC.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-02] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4095381569-4012469814-2939302448-1000\...\Run: [Data Replicator 3] => C:\Program Files (x86)\Synology Data Replicator 3\Backup.exe [11590528 2013-06-28] (Synology Inc.)
HKU\S-1-5-21-4095381569-4012469814-2939302448-1000\...\Run: [Ditto] => C:\Program Files (x86)\Ditto\Ditto.exe [831488 2010-12-23] ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x448E6756E48ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default
FF Homepage: https://www.google.com/adsense/?hl=de
FF Keyword.URL: www.google.com/search?q
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\*****\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\*****\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\*****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\*****\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: FireShot - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-07-26]
FF Extension: SeoQuake - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2014-09-03]
FF Extension: Live HTTP Headers - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2013-10-16]
FF Extension: Page Speed - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2014-04-22]
FF Extension: Firebug - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\firebug@software.joehewitt.com.xpi [2011-04-04]
FF Extension: KGen - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\kgen@elitwork.com.xpi [2011-04-04]
FF Extension: MozBar - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\toolbar@seomoz.org.xpi [2013-10-16]
FF Extension: Screengrab - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{02450954-cdd9-410f-b1da-db804e18c671}.xpi [2011-04-04]
FF Extension: SISTRIX Toolbar - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{08eaf605-03f5-44b1-a86d-e1ce89872ac3}.xpi [2011-09-30]
FF Extension: All-in-One Sidebar - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2012-10-30]
FF Extension: Flagfox - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-08]
FF Extension: LinkChecker - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{49f3fc85-dcfe-4e42-9301-226ebe658509}.xpi [2013-10-16]
FF Extension: MeasureIt - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2011-04-04]
FF Extension: Web Developer - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2011-04-04]
FF Extension: SearchStatus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\rd8c9pzz.default\Extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi [2011-04-04]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-31]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-04-24]
Chrome:
=======
CHR HomePage: Default -> https://www.google.com/adsense/?hl=de
CHR DefaultSearchKeyword: Default -> google#
CHR DefaultSearchProvider: Default -> Google#
CHR DefaultSearchURL: Default -> hxxp://www.google.de/search?q={searchTerms}&pws=0
CHR DefaultSuggestURL: Default ->
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\*****\AppData\Local\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\*****\AppData\Local\Google\Chrome\Application\37.0.2062.103\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\*****\AppData\Local\Google\Chrome\Application\37.0.2062.103\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (vShare.tv plug-in) - C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll No File
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\*****\AppData\Roaming\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\*****\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03]
CHR Extension: (avast! Online Security) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-03]
CHR Extension: (Skype Click to Call) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-01-13]
CHR Extension: (Scraper) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbigbapnjcgaffohmbkdlecaccepngjd [2013-10-16]
CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (SEO for Chrome) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj [2011-11-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-02]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-12-06] (Adobe Systems) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-02] (AVAST Software)
R2 AWRScheduler; C:\Program Files (x86)\Caphyon\Advanced Web Ranking\Scheduler.exe [166304 2014-04-16] (Caphyon)
R3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-16] (Lenovo.)
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-13] (Brio) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2011-05-06] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software) [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynoDrService; C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe [381312 2013-06-28] () [File not signed]
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-06] (Lenovo Group Limited)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2013-11-14] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AQFileRestore; C:\Windows\System32\DRIVERS\AQFileRestore.sys [21040 2012-01-13] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-02] ()
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2011-05-09] (Duplex Secure Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-17] (Anchorfree Inc.)
R3 Tp4Track; C:\Windows\System32\DRIVERS\tp4track.sys [29992 2011-11-01] (Lenovo Group Limited)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-07-02] (Lenovo (United States) Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\WNt500x64\Sandra.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-08 08:52 - 2014-09-08 08:52 - 00000000 ____D () C:\Users\*****\Desktop\FRST-OlderVersion
2014-09-04 23:22 - 2014-09-04 23:22 - 00062432 _____ () C:\Users\*****\Desktop\20140904_FRST.TXT
2014-09-04 23:20 - 2014-09-04 23:20 - 00000947 _____ () C:\Users\*****\Desktop\SecurityCheck.TXT
2014-09-04 21:37 - 2014-09-04 21:37 - 00004937 _____ () C:\Users\*****\Desktop\eset.TXT
2014-09-04 13:31 - 2014-09-04 13:31 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-04 13:27 - 2014-09-04 13:27 - 02347384 _____ (ESET) C:\Users\*****\Desktop\esetsmartinstaller_deu.exe
2014-09-04 13:27 - 2014-09-04 13:27 - 00854417 _____ () C:\Users\*****\Desktop\SecurityCheck.exe
2014-09-03 17:22 - 2014-09-03 17:22 - 00060904 _____ () C:\Users\*****\Desktop\20140903_FRST.TXT
2014-09-03 17:19 - 2014-09-03 17:19 - 00001990 _____ () C:\Users\*****\Desktop\20140903_JRT.TXT
2014-09-03 17:17 - 2014-09-03 17:17 - 00001990 _____ () C:\Users\*****\Desktop\JRT.txt
2014-09-03 17:08 - 2014-09-03 17:08 - 00000000 ____D () C:\Windows\ERUNT
2014-09-03 17:06 - 2014-09-03 17:06 - 00004722 _____ () C:\Users\*****\Desktop\20140903_AdwCleaner.TXT
2014-09-03 16:50 - 2014-09-03 16:56 - 00000000 ____D () C:\AdwCleaner
2014-09-03 16:33 - 2014-09-03 16:46 - 00002233 _____ () C:\Users\*****\Desktop\mbam.txt
2014-09-03 15:40 - 2014-09-03 15:40 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-03 15:39 - 2014-09-03 15:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-03 15:39 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-03 15:25 - 2014-09-03 15:25 - 01016261 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2014-09-03 15:24 - 2014-09-03 15:24 - 01370483 _____ () C:\Users\*****\Desktop\adwcleaner_3.309.exe
2014-09-02 21:38 - 2014-09-02 21:38 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-02 21:25 - 2014-09-02 21:25 - 00029311 _____ () C:\Users\*****\Desktop\combofix.txt
2014-09-02 21:23 - 2014-09-02 21:23 - 00029311 _____ () C:\Users\*****\Desktop\ComboFix_Original.txt
2014-09-02 21:02 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-02 21:02 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-02 21:02 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-02 21:02 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-02 21:02 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-02 21:02 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-02 21:02 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-02 21:02 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-02 20:34 - 2014-09-02 21:23 - 00000000 ____D () C:\Qoobox
2014-09-02 20:28 - 2014-09-02 20:29 - 05576326 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2014-09-02 18:19 - 2014-09-02 18:20 - 16319576 _____ (Geek Software GmbH ) C:\Users\*****\Desktop\pdf24-creator-6.7.0.exe
2014-09-02 14:10 - 2014-09-02 14:24 - 00000000 ____D () C:\Users\*****\Desktop\Richard Graf
2014-09-02 09:42 - 2014-09-02 09:42 - 00118112 _____ () C:\Users\*****\Desktop\20140902_TDSSKiller.TXT
2014-09-02 08:56 - 2014-09-02 08:56 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\*****\Desktop\tdsskiller.exe
2014-09-02 08:46 - 2014-09-03 16:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-02 08:46 - 2014-09-02 10:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-02 08:42 - 2014-09-02 09:30 - 00000000 ____D () C:\Users\*****\Desktop\mbar
2014-09-02 08:42 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-02 08:38 - 2014-09-02 08:38 - 14349744 _____ (Malwarebytes Corp.) C:\Users\*****\Desktop\mbar-1.07.0.1012.exe
2014-09-02 00:36 - 2014-09-02 00:36 - 00017685 _____ () C:\Users\*****\Desktop\Gmer.zip
2014-09-02 00:08 - 2014-09-02 00:11 - 00364840 _____ () C:\Users\*****\Desktop\Gmer.txt
2014-09-01 23:21 - 2014-09-01 23:21 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2014-09-01 22:53 - 2014-09-01 23:17 - 00049319 _____ () C:\Users\*****\Desktop\Addition.txt
2014-09-01 22:51 - 2014-09-08 08:52 - 00027678 _____ () C:\Users\*****\Desktop\FRST.txt
2014-09-01 22:51 - 2014-09-08 08:52 - 00000000 ____D () C:\FRST
2014-09-01 22:50 - 2014-09-08 08:52 - 02105344 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-09-01 22:44 - 2014-09-01 23:10 - 00000582 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-09-01 22:44 - 2014-09-01 22:44 - 00000020 _____ () C:\Users\*****\defogger_reenable
2014-09-01 22:38 - 2014-09-01 22:38 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-09-01 17:50 - 2014-09-01 17:50 - 00000105 _____ () C:\Users\*****\Desktop\T-Shirts
2014-09-01 17:42 - 2014-09-01 17:42 - 00001010 _____ () C:\Users\*****\Desktop\Moni.lnk
2014-08-29 08:31 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 08:31 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-29 08:31 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-28 16:48 - 2014-08-28 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-08-28 16:46 - 2014-08-28 16:47 - 07327904 _____ () C:\Users\*****\Downloads\MyPhoneExplorer_Setup_1.8.6.exe
2014-08-27 00:38 - 2014-08-27 00:38 - 00000000 ____D () C:\Users\*****\AppData\Roaming\MPEG Streamclip
2014-08-26 23:16 - 2014-08-26 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Poker
2014-08-25 09:22 - 2014-08-25 09:22 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Program Files\iTunes
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Program Files\iPod
2014-08-19 16:18 - 2009-06-10 23:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140819-161813.backup
2014-08-19 14:43 - 2014-08-19 16:05 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-19 05:50 - 2014-08-19 05:50 - 00001406 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-19 05:50 - 2014-08-19 05:50 - 00001394 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-19 05:50 - 2014-08-19 05:50 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-19 05:50 - 2014-08-19 05:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-19 05:50 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-08-19 05:49 - 2014-08-19 05:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-19 05:34 - 2014-08-19 05:34 - 06052529 _____ (Tim Kosse) C:\Users\*****\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-18 03:04 - 2014-08-18 03:04 - 00323600 _____ (Dropbox, Inc.) C:\Users\*****\Downloads\DropboxInstaller.exe
2014-08-16 13:52 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 13:52 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 13:52 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 13:52 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 13:52 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 13:52 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 13:50 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 13:50 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-12 19:14 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-12 19:14 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-12 19:13 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-12 19:13 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-12 19:13 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-12 19:13 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-12 19:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-12 19:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-12 19:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-12 19:13 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-12 19:13 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-12 19:13 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-12 19:13 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-12 19:13 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-12 19:13 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-12 19:13 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-12 19:13 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-12 19:13 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-12 19:13 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-12 19:12 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-12 19:12 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-12 19:12 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-12 19:12 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-12 19:12 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-12 19:12 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-12 19:12 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-12 19:12 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-12 19:12 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-12 19:12 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-12 19:12 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-12 19:12 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-12 19:12 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-12 19:12 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-12 19:12 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-12 19:12 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-12 19:12 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-12 19:12 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-12 19:12 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-12 19:12 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-12 19:12 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-12 19:12 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-12 19:12 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-12 19:12 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-12 19:12 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-12 19:12 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-12 19:12 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-12 19:12 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-12 19:12 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-12 19:12 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-12 19:12 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-12 19:12 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-12 19:12 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-12 19:12 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-12 19:12 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-12 19:12 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-12 19:12 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-12 19:12 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-12 19:12 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-12 19:12 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-12 19:12 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-12 19:12 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-12 19:12 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-12 19:12 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-12 19:12 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-12 19:12 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-12 19:12 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-12 19:12 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-12 19:12 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-12 19:12 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-12 19:12 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-12 19:12 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-12 19:12 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-12 19:12 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-12 19:12 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-12 19:12 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-12 19:11 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-12 19:11 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-12 19:11 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-09 16:33 - 2014-08-09 16:33 - 00006166 _____ () C:\Users\*****\Downloads\Logins digitalagenten.xlsx
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-08 08:53 - 2014-09-01 22:51 - 00027678 _____ () C:\Users\*****\Desktop\FRST.txt
2014-09-08 08:52 - 2014-09-08 08:52 - 00000000 ____D () C:\Users\*****\Desktop\FRST-OlderVersion
2014-09-08 08:52 - 2014-09-01 22:51 - 00000000 ____D () C:\FRST
2014-09-08 08:52 - 2014-09-01 22:50 - 02105344 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-09-08 08:52 - 2011-04-07 11:58 - 00000000 ____D () C:\Users\*****\Documents\Outlook-Dateien
2014-09-08 08:50 - 2011-05-06 13:39 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Ditto
2014-09-08 08:41 - 2012-10-11 14:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-08 08:29 - 2011-11-30 09:49 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4095381569-4012469814-2939302448-1000UA.job
2014-09-08 08:27 - 2012-01-13 10:40 - 00032062 _____ () C:\Windows\system32\lvcoinst.log
2014-09-08 08:27 - 2011-05-04 12:06 - 00003494 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-09-08 08:27 - 2011-05-04 12:06 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-09-08 08:27 - 2011-05-04 12:06 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-09-08 08:21 - 2012-01-21 19:34 - 00000000 ____D () C:\Users\*****\AppData\Roaming\TweetAdder3
2014-09-08 08:21 - 2011-03-30 10:32 - 01191825 _____ () C:\Windows\WindowsUpdate.log
2014-09-08 08:20 - 2011-04-04 15:26 - 00000000 ____D () C:\Users\*****\AppData\Local\Adobe
2014-09-08 08:13 - 2009-07-14 06:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-08 08:13 - 2009-07-14 06:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-08 08:11 - 2011-03-30 11:04 - 00708030 _____ () C:\Windows\system32\perfh007.dat
2014-09-08 08:11 - 2011-03-30 11:04 - 00153336 _____ () C:\Windows\system32\perfc007.dat
2014-09-08 08:11 - 2009-07-14 07:13 - 01643024 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-08 08:03 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-08 08:03 - 2009-07-14 06:51 - 00233049 _____ () C:\Windows\setupact.log
2014-09-06 01:30 - 2011-05-03 15:27 - 00000000 ____D () C:\Users\*****\AppData\Roaming\BOM
2014-09-05 19:29 - 2011-11-30 09:49 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4095381569-4012469814-2939302448-1000Core.job
2014-09-05 11:26 - 2011-04-29 00:19 - 00000000 ____D () C:\Users\*****\AppData\Roaming\FileZilla
2014-09-04 23:22 - 2014-09-04 23:22 - 00062432 _____ () C:\Users\*****\Desktop\20140904_FRST.TXT
2014-09-04 23:20 - 2014-09-04 23:20 - 00000947 _____ () C:\Users\*****\Desktop\SecurityCheck.TXT
2014-09-04 21:37 - 2014-09-04 21:37 - 00004937 _____ () C:\Users\*****\Desktop\eset.TXT
2014-09-04 13:31 - 2014-09-04 13:31 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-04 13:27 - 2014-09-04 13:27 - 02347384 _____ (ESET) C:\Users\*****\Desktop\esetsmartinstaller_deu.exe
2014-09-04 13:27 - 2014-09-04 13:27 - 00854417 _____ () C:\Users\*****\Desktop\SecurityCheck.exe
2014-09-04 10:00 - 2013-05-24 00:55 - 00000298 _____ () C:\Windows\Tasks\Synology Data Replicator 3-Thinktank-*****.job
2014-09-04 09:25 - 2011-04-04 14:26 - 00000000 ____D () C:\Users\*****
2014-09-03 17:32 - 2011-05-24 10:25 - 00000000 ____D () C:\Users\*****\Downloads\DesktopOK251_x64
2014-09-03 17:22 - 2014-09-03 17:22 - 00060904 _____ () C:\Users\*****\Desktop\20140903_FRST.TXT
2014-09-03 17:19 - 2014-09-03 17:19 - 00001990 _____ () C:\Users\*****\Desktop\20140903_JRT.TXT
2014-09-03 17:17 - 2014-09-03 17:17 - 00001990 _____ () C:\Users\*****\Desktop\JRT.txt
2014-09-03 17:08 - 2014-09-03 17:08 - 00000000 ____D () C:\Windows\ERUNT
2014-09-03 17:06 - 2014-09-03 17:06 - 00004722 _____ () C:\Users\*****\Desktop\20140903_AdwCleaner.TXT
2014-09-03 16:56 - 2014-09-03 16:50 - 00000000 ____D () C:\AdwCleaner
2014-09-03 16:56 - 2011-04-07 11:13 - 00326354 _____ () C:\Windows\PFRO.log
2014-09-03 16:47 - 2014-09-02 08:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 16:46 - 2014-09-03 16:33 - 00002233 _____ () C:\Users\*****\Desktop\mbam.txt
2014-09-03 16:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2014-09-03 15:50 - 2013-10-07 11:26 - 00007602 _____ () C:\Users\*****\AppData\Local\Resmon.ResmonCfg
2014-09-03 15:40 - 2014-09-03 15:40 - 00001117 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-03 15:40 - 2014-09-03 15:39 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-03 15:40 - 2012-04-24 16:28 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Malwarebytes
2014-09-03 15:40 - 2012-04-24 16:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-03 15:33 - 2011-05-03 13:14 - 00000000 ____D () C:\Users\*****\Documents\Allgemeines
2014-09-03 15:25 - 2014-09-03 15:25 - 01016261 _____ (Thisisu) C:\Users\*****\Desktop\JRT.exe
2014-09-03 15:24 - 2014-09-03 15:24 - 01370483 _____ () C:\Users\*****\Desktop\adwcleaner_3.309.exe
2014-09-02 21:38 - 2014-09-02 21:38 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-02 21:38 - 2014-04-27 00:25 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-02 21:38 - 2013-12-29 13:26 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-09-02 21:38 - 2013-03-07 13:38 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-02 21:38 - 2013-03-07 13:38 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-02 21:38 - 2012-07-06 10:47 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-02 21:38 - 2012-04-24 14:49 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-09-02 21:38 - 2012-04-24 14:49 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-02 21:38 - 2012-04-24 14:49 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-02 21:38 - 2012-04-24 14:49 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-02 21:38 - 2012-04-24 14:49 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-02 21:25 - 2014-09-02 21:25 - 00029311 _____ () C:\Users\*****\Desktop\combofix.txt
2014-09-02 21:23 - 2014-09-02 21:23 - 00029311 _____ () C:\Users\*****\Desktop\ComboFix_Original.txt
2014-09-02 21:23 - 2014-09-02 20:34 - 00000000 ____D () C:\Qoobox
2014-09-02 21:23 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-02 21:21 - 2012-04-24 15:10 - 00000000 ____D () C:\Windows\ERDNT
2014-09-02 21:16 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-02 21:15 - 2009-07-14 04:34 - 83099648 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-09-02 21:15 - 2009-07-14 04:34 - 21233664 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-09-02 21:15 - 2009-07-14 04:34 - 04980736 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-09-02 21:15 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-09-02 21:15 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-09-02 20:29 - 2014-09-02 20:28 - 05576326 ____R (Swearware) C:\Users\*****\Desktop\ComboFix.exe
2014-09-02 18:20 - 2014-09-02 18:19 - 16319576 _____ (Geek Software GmbH ) C:\Users\*****\Desktop\pdf24-creator-6.7.0.exe
2014-09-02 15:16 - 2011-04-04 15:35 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Adobe
2014-09-02 14:24 - 2014-09-02 14:10 - 00000000 ____D () C:\Users\*****\Desktop\Richard Graf
2014-09-02 10:09 - 2014-09-02 08:46 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-02 09:42 - 2014-09-02 09:42 - 00118112 _____ () C:\Users\*****\Desktop\20140902_TDSSKiller.TXT
2014-09-02 09:30 - 2014-09-02 08:42 - 00000000 ____D () C:\Users\*****\Desktop\mbar
2014-09-02 09:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\IME
2014-09-02 08:56 - 2014-09-02 08:56 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\*****\Desktop\tdsskiller.exe
2014-09-02 08:38 - 2014-09-02 08:38 - 14349744 _____ (Malwarebytes Corp.) C:\Users\*****\Desktop\mbar-1.07.0.1012.exe
2014-09-02 00:36 - 2014-09-02 00:36 - 00017685 _____ () C:\Users\*****\Desktop\Gmer.zip
2014-09-02 00:11 - 2014-09-02 00:08 - 00364840 _____ () C:\Users\*****\Desktop\Gmer.txt
2014-09-01 23:21 - 2014-09-01 23:21 - 00380416 _____ () C:\Users\*****\Desktop\Gmer-19357.exe
2014-09-01 23:17 - 2014-09-01 22:53 - 00049319 _____ () C:\Users\*****\Desktop\Addition.txt
2014-09-01 23:10 - 2014-09-01 22:44 - 00000582 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-09-01 22:45 - 2011-03-30 10:22 - 00000000 ____D () C:\Program Files\Lenovo
2014-09-01 22:44 - 2014-09-01 22:44 - 00000020 _____ () C:\Users\*****\defogger_reenable
2014-09-01 22:38 - 2014-09-01 22:38 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-09-01 17:50 - 2014-09-01 17:50 - 00000105 _____ () C:\Users\*****\Desktop\T-Shirts
2014-09-01 17:44 - 2012-01-21 19:43 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-01 17:42 - 2014-09-01 17:42 - 00001010 _____ () C:\Users\*****\Desktop\Moni.lnk
2014-09-01 17:41 - 2011-09-05 09:24 - 00000000 ____D () C:\Users\*****\Documents\ebay
2014-09-01 17:40 - 2011-05-03 14:35 - 00000000 ____D () C:\Users\*****\Documents\Software
2014-09-01 17:32 - 2013-06-26 15:07 - 00000000 ____D () C:\Users\*****\AppData\Roaming\vlc
2014-09-01 14:20 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-01 13:15 - 2011-03-30 10:29 - 00000000 ____D () C:\swshare
2014-09-01 11:30 - 2011-05-03 11:01 - 00000295 _____ () C:\Users\*****\Desktop\Konzerte.TXT
2014-08-29 12:58 - 2011-08-21 14:18 - 00000000 ____D () C:\Users\*****\Documents\My Photos
2014-08-29 08:40 - 2009-07-14 06:45 - 04916184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 16:48 - 2014-08-28 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-08-28 16:48 - 2013-02-01 00:20 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer
2014-08-28 16:47 - 2014-08-28 16:46 - 07327904 _____ () C:\Users\*****\Downloads\MyPhoneExplorer_Setup_1.8.6.exe
2014-08-27 00:38 - 2014-08-27 00:38 - 00000000 ____D () C:\Users\*****\AppData\Roaming\MPEG Streamclip
2014-08-27 00:35 - 2011-05-03 15:54 - 00000000 ____D () C:\Users\*****\Documents\Sonstiges_Sortieren
2014-08-26 23:16 - 2014-08-26 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Poker
2014-08-26 23:16 - 2013-10-16 13:54 - 00001489 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\bwin Poker.lnk
2014-08-26 23:16 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-26 21:44 - 2014-07-31 11:06 - 00000000 ____D () C:\Users\*****\AppData\Local\www.rene-zeidler.de
2014-08-26 09:23 - 2011-05-04 12:06 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-08-25 13:00 - 2011-05-04 12:06 - 00004234 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-08-25 09:22 - 2014-08-25 09:22 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Program Files\iTunes
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Program Files\iPod
2014-08-25 09:22 - 2011-07-03 18:53 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-25 06:53 - 2011-04-04 14:44 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-24 10:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-23 21:41 - 2013-07-01 17:24 - 00000000 ____D () C:\Users\*****\Documents\_FILM_nicht_sichern
2014-08-23 04:07 - 2014-08-29 08:31 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-29 08:31 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-29 08:31 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 16:55 - 2011-06-09 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-08-19 16:55 - 2011-04-05 15:29 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-08-19 16:15 - 2011-05-03 15:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-19 16:05 - 2014-08-19 14:43 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-19 05:59 - 2014-08-19 05:49 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-19 05:50 - 2014-08-19 05:50 - 00001406 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-19 05:50 - 2014-08-19 05:50 - 00001394 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-19 05:50 - 2014-08-19 05:50 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-19 05:50 - 2014-08-19 05:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-19 05:49 - 2011-05-03 15:24 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-08-19 05:34 - 2014-08-19 05:34 - 06052529 _____ (Tim Kosse) C:\Users\*****\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-18 03:06 - 2011-05-06 13:22 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Dropbox
2014-08-18 03:06 - 2011-05-03 15:55 - 00000000 ___RD () C:\Users\*****\Documents\My Dropbox
2014-08-18 03:05 - 2011-05-06 13:29 - 00001030 _____ () C:\Users\*****\Desktop\Dropbox.lnk
2014-08-18 03:05 - 2011-05-06 13:22 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-18 03:04 - 2014-08-18 03:04 - 00323600 _____ (Dropbox, Inc.) C:\Users\*****\Downloads\DropboxInstaller.exe
2014-08-13 19:01 - 2011-05-03 15:38 - 00000000 ____D () C:\Users\*****\Documents\AWR User Data
2014-08-13 19:01 - 2011-05-03 15:38 - 00000000 ____D () C:\Users\*****\AppData\Local\Caphyon
2014-08-13 15:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 15:49 - 2011-04-07 10:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 15:32 - 2013-07-17 18:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 15:25 - 2011-04-04 16:01 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-09 16:33 - 2014-08-09 16:33 - 00006166 _____ () C:\Users\*****\Downloads\Logins digitalagenten.xlsx
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-28 16:14
==================== End Of Log ============================
|
|
08.09.2014, 19:07
| #14 |
| /// the machine /// TB-Ausbilder | Windows 7: FTP-Passwörter geknackt Ich empfehle immer Emsisoft. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.09.2014, 08:01
| #15 |
| | Windows 7: FTP-Passwörter geknackt Erledigt! Alles klar, vielen Dank für den tollen Support! Spende ist unterwegs... |
|
WARNUNG an die MITLESER: 
Linear-Darstellung
