|
Log-Analyse und Auswertung: Viren und Malware gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
11.09.2014, 08:38 | #1 |
| Viren und Malware gefunden Hallo, nachdem sich ein Rechner ungewöhnlich verhalten hat (Langsam, Abstürze, Absturzmeldungen des Browsers, Bluescreen) habe ich den Rechner unter die Lupe genommen. Folgendes habe ich unternommen: 1) Desinfec't 2014 auf den Rechner angesetzt. Ergebnis: AVIRA hat 3 Viren gemeldet und renamed. BITDEFENDER hat danach kein weiteres Virus u.ä. gefunden. Kaspersky ist hängengeblieben und hat keine Befunde gemeldet. ClamAV hat keine weiteren Viren u.ä. gefunden. 2) Neustart des Rechners unter Windows, anschließend Maximalscan mittels AVAST. AVAST hat drei weitere Probleme erkannt und in den Container verschoben. Dessen Einträge habe ich in Form eines Textfiles im Anhang angehängt. 3) Malwarebytes Komplettsuche Malwarebytes hat weitere Probleme gefunden - ich habe das LOG im Anhang angefügt. 4) Anleitung im Trojander-Board gelesen und befolgt - die LOGfiles von Defogger, FRST und GMER finden sich im Anhang. Es handelt sich bei dem Rechner um ein Medion-Notebook mit Windows7. Windows wird regelmäßig auf den neuesten Stand gebracht. Ebenso die weiteren Programme - hierzu läuft auch SecuniaPSI. Als Virenschutz läuft AVAST. Der Rechner hatte schon früher mal Probleme - woraufhin ich auch hier im Forum tätig war. Nach Abschluss schien der Rechner aber wieder Problemfrei zu sein. Einen unmittelbaren Zusammenhang mit der letzten Aktion sehe ich nicht - bei der letzten Aktion hier im Forum wurde im Wesentlichen Malware gemeldet, die die Browsernutzung betraf. Ich vermute deshalb eine Neuinfektion. Die LOG´s habe ich im Anhang hochgeladen, da die Gesamtgröße der Logs für einen Post zu groß war. Weitere Infos gerne. Vielen Dank für die Hilfe schon mal Vorab und viele Grüße |
11.09.2014, 08:59 | #2 |
/// TB-Ausbilder | Viren und Malware gefundenSo funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Logs einfach auf mehrere Antworten aufteilen !
__________________ |
11.09.2014, 16:26 | #3 |
| Viren und Malware gefunden Ok, hier das Log von Malwarebytes:
__________________Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 05.09.2014 Suchlauf-Zeit: 01:01:03 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.09.04.11 Rootkit Datenbank: v2014.08.21.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Clara Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 387975 Verstrichene Zeit: 15 Min, 15 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 3 PUP.Optional.Babylon.A, HKU\S-1-5-21-2971180534-3307857154-2361156270-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [466542a7a8d38bab332c4c2fb151669a], PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, In Quarantäne, [8c1f9d4ccdaebb7ba26a8f7917ec47b9], PUP.Optional.Softonic.A, HKU\S-1-5-21-2971180534-3307857154-2361156270-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [9417836626552b0be218e52ea1628d73], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 4 PUP.Optional.HolaSearch.A, C:\Users\Clara\AppData\Local\Temp\mt_ffx\holasearch, In Quarantäne, [e2c9995093e8f83e460398421ce6c937], PUP.Optional.HolaSearch.A, C:\Users\Clara\AppData\Local\Temp\mt_ffx\holasearch\holasearch, In Quarantäne, [e2c9995093e8f83e460398421ce6c937], PUP.Optional.HolaSearch.A, C:\Users\Clara\AppData\Local\Temp\mt_ffx\holasearch\holasearch\1.8.16.16, In Quarantäne, [e2c9995093e8f83e460398421ce6c937], PUP.Optional.Updater.A, C:\Users\Clara\AppData\Roaming\DSite\UpdateProc, In Quarantäne, [5e4dfaef5a2160d65e9fb62fc1417c84], Dateien: 4 PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, In Quarantäne, [3774faeffe7d91a5937133ee43bd59a7], PUP.Optional.DealPly.A, C:\Windows\System32\Tasks\DealPly, In Quarantäne, [7635fdec33482e080c05f111a16219e7], PUP.Optional.Updater.A, C:\Users\Clara\AppData\Roaming\DSite\UpdateProc\config.dat, In Quarantäne, [5e4dfaef5a2160d65e9fb62fc1417c84], PUP.Optional.Delta.A, C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "startup_urls": [ "hxxp://www2.delta-search.com/?affID=119357&tt=gc_&babsrc=HP_ss&mntrId=94874C8093373337" ],), Ersetzt,[4764c722ccaf57dfa61866bb8481827e] Physische Sektoren: 0 (No malicious items detected) (end) Und hier meine Sammlung der Funde von AVAST (sind im Quarantäneordner): Code:
ATTFilter Name ursprünglicher Ort Beschreibung happyland131_install.exe C:\Users\Clara\Downloads\Happylanders Win32:Rootkit-gen Hardcore RELOADED\.Hardcore RELOADED.exe C:\Users\Clara\Downloads\Hardcore RELOADEDv3_9.rar Win32:Malware-gen Hardcore RELOADED\metin2client.bin C:\Users\Clara\Downloads\Hardcore RELOADEDv3_9.rar Win32:Malware-gen Und damit dann zu den geforderten Logs: 1) Defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 23:51 on 09/09/2014 (Clara) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- 2) FRST - LOG Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02 Ran by Clara (administrator) on CLARA-COMPUTER on 09-09-2014 23:52:54 Running from C:\Users\Clara\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files (x86)\PHotkey\AsLdrSrv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Program Files (x86)\PHotkey\PHotkey.exe () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files (x86)\PHotkey\Atouch64.exe () C:\Program Files (x86)\PHotkey\PVDesktop.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files (x86)\PHotkey\PVDAgent.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe () C:\Program Files (x86)\PHotkey\POsd.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Dropbox, Inc.) C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2832168 2011-09-30] (Synaptics Incorporated) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.) HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-16] (Intel(R) Corporation) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-22] (Alcor Micro Corp.) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-18] (AVAST Software) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2971180534-3307857154-2361156270-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\S-1-5-21-2971180534-3307857154-2361156270-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-2971180534-3307857154-2361156270-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-2971180534-3307857154-2361156270-1002\...\Run: [Google Update] => C:\Users\Clara\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-01-14] (Google Inc.) AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-10-27] (NVIDIA Corporation) AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-10-27] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [141336 2013-10-27] (NVIDIA Corporation) AppInit_DLLs-x32: ,C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-10-27] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.) Startup: C:\Users\Clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD772B8DAD3AACB01 SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {7588CA44-A7C9-4C51-B5D7-CEED47966EC7} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=ed430307-4fed-422f-8007-a11f58815132&apn_sauid=7600C93F-1E78-4AF9-8816-C9D604CD91DD SearchScopes: HKCU - {ED1B9BF1-9BD4-4078-BA2E-924AB654916F} URL = hxxp://www.google.de/search?q={searchTerms} BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Clara\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Clara\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-30] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.de/ CHR DefaultSearchKeyword: Default -> 2236F588FBD4DECFC6F2A89BA645A8EB43EC22E1FB7C4088F43684CAE8F0FF11 CHR DefaultSearchURL: Default -> 088438C5D04F0212CFBE5FF554A4BD6C83440BDA68F400E4A40B9046864B7E1E CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Google Update) - C:\Users\Clara\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Profile: C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05] CHR Extension: (SmoothScroll) - C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Extensions\cccpiddacjljmfbbgeimpelpndgpoknn [2014-04-26] CHR Extension: (avast! SafePrice) - C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-09-02] CHR Extension: (iCloud-Lesezeichen) - C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2013-11-02] CHR Extension: (avast! Online Security) - C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-07-21] CHR Extension: (Smooth Scrollerator) - C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmicgfcegednlkdhgbhgickcgndjeeig [2014-04-26] CHR Extension: (Google Wallet) - C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] CHR HKCU\...\Chrome\Extension: [ndkkhdppcfchlghnlhifennhcadbnfld] - C:\Users\Clara\AppData\Local\CRE\ndkkhdppcfchlghnlhifennhcadbnfld.crx [] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-18] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-18] CHR HKLM-x32\...\Chrome\Extension: [ndkkhdppcfchlghnlhifennhcadbnfld] - C:\Users\Clara\AppData\Local\CRE\ndkkhdppcfchlghnlhifennhcadbnfld.crx [2014-08-18] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-19] () R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-18] (AVAST Software) R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-05-19] (Intel Corporation) [File not signed] S3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1335360 2011-05-19] (Intel Corporation) [File not signed] R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-05-19] (Intel Corporation) [File not signed] R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed] R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [156672 2011-10-14] () [File not signed] S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-16] () S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4609416 2013-11-06] (INCA Internet Co., Ltd.) [File not signed] R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288768 2011-03-09] (WDC) [File not signed] R2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] () R2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] () R2 nsi; %systemroot%\system32\nsisvc.dll [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-18] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-18] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-18] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-18] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-18] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-18] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-18] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2014-01-22] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-18] () R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-07-03] () R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-07-03] () R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-12] (PEGATRON) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 clwvd; system32\DRIVERS\clwvd.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-09 23:52 - 2014-09-09 23:54 - 00026279 _____ () C:\Users\Clara\Desktop\FRST.txt 2014-09-09 23:52 - 2014-09-09 23:52 - 00000000 ____D () C:\FRST 2014-09-09 23:51 - 2014-09-09 23:51 - 00000472 _____ () C:\Users\Clara\Desktop\defogger_disable.log 2014-09-09 23:51 - 2014-09-09 23:51 - 00000000 _____ () C:\Users\Clara\defogger_reenable 2014-09-09 23:16 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-09 23:16 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-09 23:16 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-09 23:16 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-09 23:16 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-09 23:16 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-09 23:16 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-09 23:16 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-09 23:16 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-09 23:16 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-09 23:16 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-09 23:16 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-09 23:16 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-09 23:16 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-09 23:16 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-09 23:16 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-09 23:16 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-09 23:16 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-09 23:16 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-09 23:16 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-09 23:16 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-09 23:16 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-09 23:16 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-09 23:16 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-09 23:16 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-09 23:16 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-09 23:16 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-09-09 23:16 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-09 23:16 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-09 23:16 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-09 23:16 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-09 23:16 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-09 23:16 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-09 23:16 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-09 23:16 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-09 23:16 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-09-09 23:16 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-09 23:16 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-09 23:16 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-09 23:16 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-09 23:16 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-09 23:16 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-09 23:16 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-09 23:16 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-09 23:16 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-09 23:16 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-09 23:16 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-09 23:16 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-09 23:16 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-09 23:16 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-09 23:16 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-09-09 23:16 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-09 23:16 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-09 23:16 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-09 23:16 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-09 23:16 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-09-09 23:00 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-09 23:00 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-09 22:56 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-09 22:56 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-09 22:56 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-09 22:56 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-09 22:56 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-09 22:56 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-09 22:56 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-09 22:56 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-09-09 22:56 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-09-09 22:55 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-09 22:55 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-09 22:55 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-09 22:55 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-09 22:42 - 2014-09-05 00:08 - 00050477 _____ () C:\Users\Clara\Desktop\Defogger (1).exe 2014-09-09 22:42 - 2014-09-05 00:07 - 00380416 _____ () C:\Users\Clara\Desktop\Gmer-19357.exe 2014-09-09 22:42 - 2014-09-05 00:06 - 02104832 _____ (Farbar) C:\Users\Clara\Desktop\FRST64.exe 2014-09-08 23:40 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2014-09-08 23:40 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-09-08 23:40 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-09-08 23:40 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2014-09-08 23:40 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2014-09-08 23:40 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-09-08 23:40 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2014-09-08 23:40 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2014-09-08 23:40 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll 2014-09-08 23:40 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll 2014-09-08 23:40 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2014-09-08 23:40 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2014-09-08 23:40 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2014-09-08 23:40 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-09-08 23:40 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2014-09-08 23:40 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-09-08 23:37 - 2014-09-08 23:37 - 00001468 _____ () C:\Users\Public\Desktop\LibreOffice 4.2.lnk 2014-09-08 23:37 - 2014-09-08 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2 2014-09-08 23:35 - 2014-09-08 23:37 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4 2014-09-08 23:33 - 2014-09-08 23:33 - 00001074 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-09-08 23:22 - 2014-09-08 23:27 - 220827648 _____ () C:\Users\Clara\Downloads\LibreOffice_4.2.6-secfix_Win_x86.msi 2014-09-08 23:17 - 2014-09-08 23:17 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-09-08 23:17 - 2014-09-08 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-09-08 23:15 - 2014-09-08 23:17 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-09-08 23:15 - 2014-09-08 23:17 - 00000000 ____D () C:\Program Files\iTunes 2014-09-08 23:15 - 2014-09-08 23:17 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-09-08 23:15 - 2014-09-08 23:15 - 00000000 ____D () C:\Program Files\iPod 2014-09-08 22:48 - 2014-09-08 22:48 - 00000000 ____D () C:\Windows\en 2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\nl 2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\it 2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\hu 2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\fr 2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\es 2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\de 2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\da 2014-09-08 22:46 - 2014-09-08 22:46 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2014-09-08 22:46 - 2014-09-08 22:46 - 00000000 ____D () C:\Windows\sl 2014-09-08 22:42 - 2014-09-08 22:42 - 00000000 ____D () C:\Program Files\Windows Live 2014-09-08 20:15 - 2014-09-09 22:34 - 00000000 ____D () C:\Windows\SysWOW64\NV 2014-09-08 20:15 - 2014-09-09 22:34 - 00000000 ____D () C:\Windows\system32\NV 2014-09-05 01:34 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-09-05 01:34 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-09-05 01:34 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-09-05 01:34 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-09-05 01:34 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-09-05 01:34 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL 2014-09-05 01:34 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL 2014-09-05 01:34 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL 2014-09-05 01:34 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL 2014-09-05 01:34 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL 2014-09-05 01:34 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-09-05 01:34 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls 2014-09-05 01:00 - 2014-09-05 01:28 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-05 01:00 - 2014-09-05 01:00 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-05 01:00 - 2014-09-05 01:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-05 01:00 - 2014-09-05 01:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-05 01:00 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-05 01:00 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-30 21:57 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-30 21:57 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-30 21:57 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-30 20:54 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-30 20:54 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-30 20:54 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2014-08-30 20:54 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2014-08-30 20:53 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-30 20:53 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2014-08-30 20:52 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-08-30 20:52 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-18 17:34 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-18 17:34 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-08-18 17:34 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-08-18 17:34 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-08-18 17:33 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-18 17:33 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-18 17:33 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-18 17:33 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-18 17:33 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-08-18 17:33 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-08-18 17:33 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-08-18 17:32 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-18 17:29 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-18 17:29 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-08-18 17:17 - 2014-08-18 17:17 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-08-18 17:16 - 2014-08-18 17:16 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-08-18 17:15 - 2014-08-18 17:15 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-09 23:54 - 2014-09-09 23:52 - 00026279 _____ () C:\Users\Clara\Desktop\FRST.txt 2014-09-09 23:52 - 2014-09-09 23:52 - 00000000 ____D () C:\FRST 2014-09-09 23:51 - 2014-09-09 23:51 - 00000472 _____ () C:\Users\Clara\Desktop\defogger_disable.log 2014-09-09 23:51 - 2014-09-09 23:51 - 00000000 _____ () C:\Users\Clara\defogger_reenable 2014-09-09 23:51 - 2012-02-16 21:43 - 00000000 ____D () C:\Users\Clara 2014-09-09 23:46 - 2013-01-14 01:38 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2971180534-3307857154-2361156270-1002UA.job 2014-09-09 23:39 - 2012-02-16 21:35 - 01603559 _____ () C:\Windows\WindowsUpdate.log 2014-09-09 23:37 - 2009-07-14 06:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-09 23:37 - 2009-07-14 06:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-09 23:34 - 2012-05-24 20:19 - 00000000 ___RD () C:\Users\Clara\Dropbox 2014-09-09 23:33 - 2013-07-14 19:34 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-09 23:33 - 2012-05-24 20:17 - 00000000 ____D () C:\Users\Clara\AppData\Roaming\Dropbox 2014-09-09 23:30 - 2013-04-01 15:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-09 23:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-09 23:29 - 2013-03-12 07:48 - 00450554 _____ () C:\Windows\PFRO.log 2014-09-09 23:29 - 2013-02-13 18:08 - 00013450 _____ () C:\Windows\setupact.log 2014-09-09 23:29 - 2011-11-10 21:16 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-09-09 23:28 - 2013-04-01 15:03 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-09 23:28 - 2012-05-28 07:24 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-09 23:28 - 2011-11-07 18:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-09 23:14 - 2012-02-16 23:59 - 01596516 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-09 23:14 - 2011-11-04 03:51 - 00700134 _____ () C:\Windows\system32\perfh007.dat 2014-09-09 23:14 - 2011-11-04 03:51 - 00149984 _____ () C:\Windows\system32\perfc007.dat 2014-09-09 23:14 - 2009-07-14 07:13 - 01596516 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-09 23:13 - 2013-07-21 13:34 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-09 23:09 - 2013-07-14 19:34 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-09 23:04 - 2013-03-30 13:43 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-09-09 23:02 - 2011-11-03 22:34 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-09 22:59 - 2014-05-07 07:00 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-09 22:47 - 2013-01-14 01:38 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2971180534-3307857154-2361156270-1002Core.job 2014-09-09 22:34 - 2014-09-08 20:15 - 00000000 ____D () C:\Windows\SysWOW64\NV 2014-09-09 22:34 - 2014-09-08 20:15 - 00000000 ____D () C:\Windows\system32\NV 2014-09-09 22:34 - 2012-02-19 00:06 - 00000000 ____D () C:\Users\Clara\AppData\Roaming\Skype 2014-09-09 22:34 - 2012-02-16 21:44 - 00107320 _____ () C:\Users\Clara\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-09 22:31 - 2009-07-14 06:45 - 00421544 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-08 23:37 - 2014-09-08 23:37 - 00001468 _____ () C:\Users\Public\Desktop\LibreOffice 4.2.lnk 2014-09-08 23:37 - 2014-09-08 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2 2014-09-08 23:37 - 2014-09-08 23:35 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4 2014-09-08 23:33 - 2014-09-08 23:33 - 00001074 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-09-08 23:27 - 2014-09-08 23:22 - 220827648 _____ () C:\Users\Clara\Downloads\LibreOffice_4.2.6-secfix_Win_x86.msi 2014-09-08 23:17 - 2014-09-08 23:17 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-09-08 23:17 - 2014-09-08 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-09-08 23:17 - 2014-09-08 23:15 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-09-08 23:17 - 2014-09-08 23:15 - 00000000 ____D () C:\Program Files\iTunes 2014-09-08 23:17 - 2014-09-08 23:15 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-09-08 23:15 - 2014-09-08 23:15 - 00000000 ____D () C:\Program Files\iPod 2014-09-08 22:49 - 2012-05-15 07:14 - 00000000 ____D () C:\Users\Clara\Tracing 2014-09-08 22:48 - 2014-09-08 22:48 - 00000000 ____D () C:\Windows\en 2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\nl 2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\it 2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\hu 2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\fr 2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\es 2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\de 2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\da 2014-09-08 22:46 - 2014-09-08 22:46 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2014-09-08 22:46 - 2014-09-08 22:46 - 00000000 ____D () C:\Windows\sl 2014-09-08 22:46 - 2013-04-01 21:48 - 00001378 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2014-09-08 22:45 - 2012-05-15 07:02 - 00001494 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk 2014-09-08 22:43 - 2011-11-07 17:57 - 00002538 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk 2014-09-08 22:42 - 2014-09-08 22:42 - 00000000 ____D () C:\Program Files\Windows Live 2014-09-08 22:42 - 2011-11-07 17:56 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-09-08 22:40 - 2013-04-01 21:40 - 00302312 _____ () C:\Windows\DirectX.log 2014-09-08 22:39 - 2014-04-15 18:53 - 00002208 _____ () C:\Users\Clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2014-09-08 22:08 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-09-05 04:10 - 2014-09-09 22:56 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-05 04:05 - 2014-09-09 22:56 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-05 01:47 - 2012-06-16 17:02 - 00000000 ____D () C:\Temp 2014-09-05 01:47 - 2011-11-10 21:16 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-09-05 01:47 - 2011-11-10 21:16 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-09-05 01:42 - 2011-11-10 21:16 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-09-05 01:28 - 2014-09-05 01:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-05 01:17 - 2013-05-09 08:39 - 00000000 ____D () C:\Users\Clara\AppData\Roaming\DSite 2014-09-05 01:00 - 2014-09-05 01:00 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-05 01:00 - 2014-09-05 01:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-05 01:00 - 2014-09-05 01:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-05 01:00 - 2012-02-18 23:39 - 00000000 ____D () C:\Users\Clara\AppData\Roaming\Malwarebytes 2014-09-05 01:00 - 2012-02-18 23:39 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-05 00:08 - 2014-09-09 22:42 - 00050477 _____ () C:\Users\Clara\Desktop\Defogger (1).exe 2014-09-05 00:07 - 2014-09-09 22:42 - 00380416 _____ () C:\Users\Clara\Desktop\Gmer-19357.exe 2014-09-05 00:06 - 2014-09-09 22:42 - 02104832 _____ (Farbar) C:\Users\Clara\Desktop\FRST64.exe 2014-09-04 21:50 - 2013-07-14 19:35 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-09-04 20:59 - 2012-05-24 20:18 - 00000000 ____D () C:\Users\Clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-09-02 23:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-08-25 06:53 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-08-23 04:07 - 2014-08-30 21:57 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 03:45 - 2014-08-30 21:57 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-23 02:59 - 2014-08-30 21:57 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-19 20:05 - 2014-09-09 23:16 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-19 19:39 - 2014-09-09 23:16 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-08-19 01:01 - 2014-09-09 23:16 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-19 00:29 - 2014-09-09 23:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-19 00:29 - 2014-09-09 23:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-08-19 00:26 - 2014-09-09 23:16 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-08-19 00:20 - 2014-09-09 23:16 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-19 00:19 - 2014-09-09 23:16 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-19 00:15 - 2014-09-09 23:16 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-19 00:15 - 2014-09-09 23:16 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-19 00:14 - 2014-09-09 23:16 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-08-19 00:14 - 2014-09-09 23:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-08-19 00:08 - 2014-09-09 23:16 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-08-19 00:08 - 2014-09-09 23:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-19 00:08 - 2014-09-09 23:16 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-19 00:05 - 2014-09-09 23:16 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-19 00:03 - 2014-09-09 23:16 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-08-19 00:03 - 2014-09-09 23:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-19 00:03 - 2014-09-09 23:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-08-18 23:57 - 2014-09-09 23:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-08-18 23:56 - 2014-09-09 23:16 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-08-18 23:51 - 2014-09-09 23:16 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-18 23:46 - 2014-09-09 23:16 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-08-18 23:45 - 2014-09-09 23:16 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-08-18 23:45 - 2014-09-09 23:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-08-18 23:44 - 2014-09-09 23:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-08-18 23:44 - 2014-09-09 23:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-08-18 23:42 - 2014-09-09 23:16 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-08-18 23:40 - 2014-09-09 23:16 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-18 23:39 - 2014-09-09 23:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-18 23:39 - 2014-09-09 23:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-08-18 23:39 - 2014-09-09 23:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-08-18 23:38 - 2014-09-09 23:16 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-18 23:37 - 2014-09-09 23:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-08-18 23:36 - 2014-09-09 23:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-08-18 23:35 - 2014-09-09 23:16 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-08-18 23:27 - 2014-09-09 23:16 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-08-18 23:25 - 2014-09-09 23:16 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-18 23:25 - 2014-09-09 23:16 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-18 23:23 - 2014-09-09 23:16 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-18 23:23 - 2014-09-09 23:16 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-08-18 23:22 - 2014-09-09 23:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-08-18 23:19 - 2014-09-09 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-08-18 23:17 - 2014-09-09 23:16 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-08-18 23:17 - 2014-09-09 23:16 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-08-18 23:16 - 2014-09-09 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-18 23:15 - 2014-09-09 23:16 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-08-18 23:15 - 2014-09-09 23:16 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-18 23:09 - 2014-09-09 23:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-08-18 23:08 - 2014-09-09 23:16 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-08-18 23:07 - 2014-09-09 23:16 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-08-18 22:55 - 2014-09-09 23:16 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-18 22:46 - 2014-09-09 23:16 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-08-18 22:38 - 2014-09-09 23:16 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-08-18 22:38 - 2014-09-09 23:16 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-08-18 22:36 - 2014-09-09 23:16 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-08-18 17:17 - 2014-08-18 17:17 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-08-18 17:16 - 2014-08-18 17:16 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-08-18 17:16 - 2014-02-04 22:05 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-08-18 17:16 - 2013-03-30 13:43 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-08-18 17:16 - 2013-03-30 13:43 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-08-18 17:16 - 2013-03-30 13:43 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-08-18 17:16 - 2013-03-30 13:43 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-08-18 17:16 - 2013-03-30 13:43 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-08-18 17:16 - 2013-03-30 13:43 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-08-18 17:15 - 2014-08-18 17:15 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-08-18 17:15 - 2013-03-30 13:43 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys Some content of TEMP: ==================== C:\Users\Clara\AppData\Local\Temp\AskSLib.dll C:\Users\Clara\AppData\Local\Temp\AutoRun.exe C:\Users\Clara\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Clara\AppData\Local\Temp\drm_dyndata_7320010.dll C:\Users\Clara\AppData\Local\Temp\drm_dyndata_7330014.dll C:\Users\Clara\AppData\Local\Temp\drm_dyndata_7330016.dll C:\Users\Clara\AppData\Local\Temp\drm_dyndata_7360010.dll C:\Users\Clara\AppData\Local\Temp\drm_dyndata_7380011.dll C:\Users\Clara\AppData\Local\Temp\drm_dyndata_7400009.dll C:\Users\Clara\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjbmqem.dll C:\Users\Clara\AppData\Local\Temp\eauninstall.exe C:\Users\Clara\AppData\Local\Temp\javagiac0.27780967731029715.dll C:\Users\Clara\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Clara\AppData\Local\Temp\PicasaUpdater_2f4e.exe C:\Users\Clara\AppData\Local\Temp\PicasaUpdater_3dc5.exe C:\Users\Clara\AppData\Local\Temp\PicasaUpdater_4304.exe C:\Users\Clara\AppData\Local\Temp\project1.exe C:\Users\Clara\AppData\Local\Temp\secuniasi660455209832508344.dll C:\Users\Clara\AppData\Local\Temp\SkypeSetup.exe C:\Users\Clara\AppData\Local\Temp\The Sims 2 Deluxe_uninst.exe C:\Users\Clara\AppData\Local\Temp\uninst1.exe C:\Users\Clara\AppData\Local\Temp\vlc-2.0.7-win32.exe C:\Users\Clara\AppData\Local\Temp\VP6Install.exe C:\Users\Clara\AppData\Local\Temp\VP6VFW.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-31 18:35 |
11.09.2014, 16:28 | #4 |
| Viren und Malware gefunden Weiter gehts mit FRST - Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 02 Ran by Clara at 2014-09-09 23:54:41 Running from C:\Users\Clara\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) 7-Zip 9.30 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0930-000001000000}) (Version: 9.30.00.0 - Igor Pavlov) ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY) ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.8.1217.36096 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 1.8.1217.36096 - Alcor Micro Corp.) Hidden AMI VR-pulse OS Switcher (HKLM\...\{EC1369CF-15BD-4FAF-BA84-65E4788C682E}) (Version: 1.1 - American Megatrends Inc.) Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ashampoo Burning Studio (HKLM-x32\...\Ashampoo Burning Studio_is1) (Version: 10.0.10 - Ashampoo GmbH & Co. KG) Ashampoo Photo Commander (HKLM-x32\...\Ashampoo Photo Commander_is1) (Version: 9.2.0 - Ashampoo GmbH & Co. KG) Ashampoo Photo Optimizer (HKLM-x32\...\Ashampoo Photo Optimizer_is1) (Version: 4.0.0 - Ashampoo GmbH & Co. KG) Ashampoo Snap (HKLM-x32\...\Ashampoo Snap_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.35 - Atheros Communications Inc.) Audials (HKLM-x32\...\{2E5052A2-8E3D-4229-A5EB-2465B260D917}) (Version: 8.0.54900.0 - RapidSolution Software AG) Audials TV (HKLM-x32\...\{24EE4523-711A-4BD1-95EA-F73A8A6950D3}) (Version: 1.3.10803.300 - RapidSolution Software AG) avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software) Benutzerhandbuch - Grundlagen EPSON XP-302 303 305 306 Series (HKLM-x32\...\EPSON XP-302 303 305 306 Series Bog) (Version: - ) Benutzerhandbuch EPSON XP-302 303 305 306 Series (HKLM-x32\...\EPSON XP-302 303 305 306 Series Useg) (Version: - ) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.14.50 - Conexant) Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation) Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden CorelDRAW Essentials X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Essentials X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Essentials X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Essentials X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Essentials X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Essentials X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Essentials X5 - Extra Content (HKLM-x32\...\_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}) (Version: - Corel Corporation) CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Essentials X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Essentials X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Essentials X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Essentials X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Essentials X5 - WT (x32 Version: 15.3 - Corel Corporation) Hidden CorelDRAW Essentials X5 (HKLM-x32\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.2.0.686 - Corel Corporation) CorelDRAW Essentials X5 (x32 Version: 15.3 - Corel Corporation) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Deponia (HKLM-x32\...\Deponia) (Version: 1.0 - Daedalic Entertainment) Die Sims™ 2 Deluxe (HKLM-x32\...\{9C244239-ED8E-40f1-937F-51C706CD2160}) (Version: - ) Die Sims™ 2 Gute Reise (HKLM-x32\...\{F248ADFA-64E0-4b03-8A83-059078BED6A0}) (Version: - Electronic Arts) Die Sims™ 2 Haustiere (HKLM-x32\...\{4817189D-1785-4627-A33C-39FD90919300}) (Version: - ) Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires (HKLM-x32\...\{6522C636-B04C-4333-9BEB-9E0C0B6350D6}) (Version: - Electronic Arts) Die Sims™ 2 Teen Style-Accessoires (HKLM-x32\...\{5C648FDB-0138-4619-B66E-230EF53E8E2C}) (Version: - Electronic Arts) dm Digi Foto (HKLM-x32\...\dm Digi Foto) (Version: 2.3.0.93 - Imaxel Lab S.L) Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.4 - Dolby Laboratories Inc) Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION) Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.) Druckerdeinstallation für EPSON XP-302 303 305 306 Series (HKLM\...\EPSON XP-302 303 305 306 Series) (Version: - SEIKO EPSON Corporation) Edna & Harvey: Harvey's New Eyes (HKLM-x32\...\Steam App 219910) (Version: - Daedalic Entertainment) Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION) Epson Easy Photo Print 2 (HKLM-x32\...\{30E01116-5666-4807-8EF1-D80E9FF16717}) (Version: 2.3.2.0 - SEIKO EPSON CORPORATION) Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2) Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION) Fashion Factory (HKLM-x32\...\{BAE02E8D-9B2C-4C71-AB30-DADD141849D4}) (Version: 1.00.0000 - GedonSoft) Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Fotogalerija (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden FOTOParadies (HKLM-x32\...\{FD838798-E2CB-45FA-AF79-6011519031E2}}_is1) (Version: 3.5.7.1 - Foto Online Service GmbH) Fotótár (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Free Pascal 2.6.2 (HKLM-x32\...\FreePascal_is1) (Version: - Free Pascal Team) Free YouTube to MP3 Converter version 3.10.15.1228 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: - DVDVideoSoft Ltd.) Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Gameforge Live 2.0.0 "Baby Genius" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.0 - Gameforge) GeoGebra 4.4 (HKLM-x32\...\GeoGebra 4.4) (Version: 4.4.10.0 - International GeoGebra Institute) GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team) Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.) Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) Grand Fantasia (HKLM-x32\...\Grand Fantasia) (Version: - ) iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.) Icy Tower v1.5 (HKLM-x32\...\Icy Tower v1.5_is1) (Version: - Free Lunch Design) Intel PROSet Wireless (Version: - ) Hidden Intel PROSet Wireless (x32 Version: - ) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.2.0.0587 - Intel Corporation) Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation) Intel(R) WiDi (HKLM-x32\...\{E1B934BB-6AFA-429F-98E4-76F9CBC72BF6}) (Version: 2.2.14.0 - Intel Corporation) Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - ) iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden KeePass Password Safe 2.27 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.27 - Dominik Reichl) KODAK Create@Home Software (für dm) (HKLM-x32\...\{098E5A44-AB95-428B-BA4C-A263C693E1AC}) (Version: 6.0.8392 - Digilabs) Lazarus 1.0.14 (HKLM\...\Lazarus_is1) (Version: 1.0.14 - Lazarus Team) LibreOffice 3.6 Help Pack (German) (HKLM-x32\...\{C77157BC-EC21-422F-8901-64B3D34ED67D}) (Version: 3.6.4.3 - The Document Foundation) LibreOffice 4.2.6.3 (HKLM-x32\...\{14DB1822-00B5-4820-86B5-EF893CA46B53}) (Version: 4.2.6.3 - The Document Foundation) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7943 - Memeo Inc.) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Mathematics (64-Bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) My Horse and Me (HKLM-x32\...\InstallShield_{6B86AB79-5FC2-4746-94D7-9CA8D3C91170}) (Version: 1.00.0000 - W! Games) My Horse and Me (x32 Version: 1.00.0000 - W! Games) Hidden Netzwerkhandbuch EPSON XP-302 303 305 306 Series (HKLM-x32\...\EPSON XP-302 303 305 306 Series Netg) (Version: - ) NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation) NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden NVIDIA Optimus 1.15.2 (Version: 1.15.2 - NVIDIA Corporation) Hidden NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 9.4.12.2807 - Electronic Arts, Inc.) PCSUITE SHREDDER (HKLM-x32\...\PCSUITE_SHREDDER_PRO_is1) (Version: - Markement GmbH) Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games) phase-6 2.3.2b (HKLM-x32\...\phase-6) (Version: 2.3.2b - phase-6) PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0045 - Pegatron Corporation) Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Portal (HKLM-x32\...\Steam App 400) (Version: - Valve) Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve) Portal 2 Publishing Tool (HKLM-x32\...\Steam App 644) (Version: - ) Pošta Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Raccolta foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.16.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.16.0 - Renesas Electronics Corporation) Hidden Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.27.1 - Synaptics Incorporated) Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve) The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) WD SmartWare (HKLM\...\{07179D37-D5FE-4373-90D9-A25B992EFB3E}) (Version: 1.4.5.5 - Western Digital) Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Clara\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Clara\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Clara\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Clara\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Clara\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Clara\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Clara\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Clara\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Clara\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Clara\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Clara\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Clara\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Clara\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Clara\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Clara\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Clara\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2971180534-3307857154-2361156270-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Clara\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 02-09-2014 21:18:53 Windows Update 04-09-2014 23:35:37 Windows Update 08-09-2014 18:25:06 Windows Update 08-09-2014 20:37:43 Windows Live Essentials 08-09-2014 20:40:24 DirectX wurde installiert 08-09-2014 20:40:53 DirectX wurde installiert 08-09-2014 20:41:50 WLSetup 08-09-2014 21:10:50 Installed iTunes 08-09-2014 21:28:57 Installed LibreOffice 4.2.6.3 08-09-2014 21:38:04 Windows Update 09-09-2014 20:57:44 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2013-03-29 17:33 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {20DFC9C0-A1D3-4230-AF81-8DA9ACC0FAF0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-18] (AVAST Software) Task: {42B946E9-114B-44C3-8A25-FAF7763EE29B} - System32\Tasks\DSite => C:\Users\Clara\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {4A306C99-ACC0-420F-A7B7-92CF3FD63683} - \DealPly No Task File <==== ATTENTION Task: {AD9D9278-89A5-4888-A7A2-6314E2AD264F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {B506B27E-9412-43DC-98AD-72D5769DEE45} - System32\Tasks\{ABC52F34-3B10-4182-842B-10A59CFA82A1} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.1.0.104&LastError=404 Task: {C538C7C3-D158-4D17-9FD4-84554833738B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2971180534-3307857154-2361156270-1002UA => C:\Users\Clara\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-14] (Google Inc.) Task: {DED55E6E-7C1F-48B6-BB4C-577CA530A861} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-14] (Google Inc.) Task: {E54EEBDA-B88A-4FDE-8EF9-AD8670F488B3} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION Task: {EDBFD3A7-21E6-4CB5-A009-B5EE279F5585} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {F572A1FA-AD53-48CB-868E-0DE7EB49AFEA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2971180534-3307857154-2361156270-1002Core => C:\Users\Clara\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-14] (Google Inc.) Task: {F67B7B9F-C6E6-4138-BF0B-CD4A5A370669} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-14] (Google Inc.) Task: {FB545AD8-C41E-42DD-9190-EA6B702D8B0F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DSite.job => C:\Users\Clara\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2971180534-3307857154-2361156270-1002Core.job => C:\Users\Clara\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2971180534-3307857154-2361156270-1002UA.job => C:\Users\Clara\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-09-16 03:46 - 2011-09-16 03:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2011-11-10 22:15 - 2009-12-19 01:40 - 00104968 _____ () C:\Program Files (x86)\PHotkey\ASLDRSrv.exe 2011-11-10 22:15 - 2011-10-14 00:38 - 00156672 _____ () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe 2011-03-09 11:41 - 2011-03-09 11:41 - 01066896 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe 2011-03-09 11:41 - 2011-03-09 11:41 - 00491920 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe 2011-11-10 21:16 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2011-11-10 22:15 - 2011-10-14 21:06 - 00818688 _____ () C:\Program Files (x86)\PHotkey\PHotkey.exe 2011-11-10 22:15 - 2010-01-13 03:36 - 00117256 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe 2011-11-10 22:15 - 2010-01-13 03:36 - 00121864 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe 2011-11-10 22:15 - 2010-12-18 00:04 - 00449032 _____ () C:\Program Files (x86)\PHotkey\ATouch64.exe 2011-11-10 22:15 - 2010-12-28 00:14 - 00776200 _____ () C:\Program Files (x86)\PHotkey\PVDesktop.exe 2011-11-10 22:15 - 2011-04-13 00:32 - 00483336 _____ () C:\Program Files (x86)\PHotkey\PVDAgent.exe 2011-09-16 03:46 - 2011-09-16 03:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll 2011-11-10 01:32 - 2011-09-26 00:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2011-11-10 22:15 - 2011-10-24 23:59 - 03420160 _____ () C:\Program Files (x86)\PHotkey\POSD.exe 2014-08-18 17:15 - 2014-08-18 17:15 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-09-09 22:33 - 2014-09-09 22:33 - 02847744 _____ () C:\Program Files\AVAST Software\Avast\defs\14090902\algo.dll 2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2010-03-05 09:24 - 2010-03-05 09:24 - 00886272 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll 2011-11-10 22:15 - 2009-12-19 01:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll 2011-11-10 22:15 - 2009-12-19 01:41 - 00129544 _____ () C:\Program Files (x86)\PHotkey\GFNEX.dll 2013-09-14 07:51 - 2013-09-14 07:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll 2013-09-14 07:50 - 2013-09-14 07:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll 2014-08-18 17:15 - 2014-08-18 17:15 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-09-09 23:33 - 2014-09-09 23:33 - 00043008 _____ () c:\users\clara\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjbmqem.dll 2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Clara\AppData\Roaming\Dropbox\bin\libcef.dll 2011-11-10 20:17 - 2011-05-20 20:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2014-09-04 21:45 - 2014-08-30 04:49 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libglesv2.dll 2014-09-04 21:44 - 2014-08-30 04:49 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libegl.dll 2014-09-04 21:45 - 2014-08-30 04:49 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll 2014-09-04 21:47 - 2014-08-30 04:49 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll 2014-09-04 21:44 - 2014-08-30 04:49 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Clara\AppData\Local\Akamai\netsession_win.exe" MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp MSCONFIG\startupreg: EPLTarget => MSCONFIG\startupreg: Google Update => "C:\Users\Clara\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/09/2014 11:30:35 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (09/09/2014 10:32:01 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (09/08/2014 11:10:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AppleMobileDeviceService.exe, Version: 17.327.4.35, Zeitstempel: 0x52fa24ee Name des fehlerhaften Moduls: AppleMobileDeviceService_main.dll, Version: 17.327.4.35, Zeitstempel: 0x539a62a9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00009ae0 ID des fehlerhaften Prozesses: 0xa0c Startzeit der fehlerhaften Anwendung: 0xAppleMobileDeviceService.exe0 Pfad der fehlerhaften Anwendung: AppleMobileDeviceService.exe1 Pfad des fehlerhaften Moduls: AppleMobileDeviceService.exe2 Berichtskennung: AppleMobileDeviceService.exe3 Error: (09/08/2014 10:40:19 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files (x86)\Common Files\Windows Live\.cache\825495cf1ce2f1003\DXSETUP.exe Files (x86)\Common Files\Windows Live\.cache\825495cf1ce2f1003\DXSETUP.exe" /silent ; Beschreibung = DirectX wurde installiert; Fehler = 0x80042319). Error: (09/08/2014 10:39:15 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Clara-Computer) Description: Die Anwendung oder der Dienst "Windows Search" konnte nicht heruntergefahren werden. Error: (09/08/2014 08:26:09 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)" Error: (09/05/2014 01:35:24 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Nur zur Information. Error: Falscher Parameter. ErrorCode: 14007(0x36b7). Error: (09/05/2014 01:23:10 AM) (Source: MsiInstaller) (EventID: 1023) (User: Clara-Computer) Description: Produkt: Adobe Reader XI (11.0.07) - Update "{AC76BA86-7AD7-0000-2550-7A8C40011008}" konnte nicht installiert werden. Fehlercode 1625. Weitere Informationen sind in der Protokolldatei C:\Users\Clara\AppData\Local\Temp\MSI3d2d8.LOG enthalten. Error: (09/05/2014 01:20:08 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (09/04/2014 09:10:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: WDFME.exe, Version: 1.4.5.2, Zeitstempel: 0x4d77d26b Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161, Zeitstempel: 0x4dace5b9 Ausnahmecode: 0xc0000417 Fehleroffset: 0x0006ccd5 ID des fehlerhaften Prozesses: 0xf40 Startzeit der fehlerhaften Anwendung: 0xWDFME.exe0 Pfad der fehlerhaften Anwendung: WDFME.exe1 Pfad des fehlerhaften Moduls: WDFME.exe2 Berichtskennung: WDFME.exe3 System errors: ============= Error: (09/09/2014 11:37:53 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {9E6E74C7-0E85-4D14-8851-7635E2C1C528} Error: (09/09/2014 11:27:39 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (09/09/2014 10:32:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "WD File Management Shadow Engine" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (09/09/2014 10:32:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst WD File Management Shadow Engine erreicht. Error: (09/09/2014 10:31:46 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 08.09.2014 um 23:44:36 unerwartet heruntergefahren. Error: (09/08/2014 10:36:43 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error: (09/08/2014 10:36:42 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden. Error: (09/08/2014 08:29:31 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597 (Definition 1.183.1682.0) Error: (09/08/2014 08:23:04 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet. Error: (09/08/2014 08:16:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "MemeoBackgroundService" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Microsoft Office Sessions: ========================= Error: (09/09/2014 11:30:35 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (09/09/2014 10:32:01 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (09/08/2014 11:10:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: AppleMobileDeviceService.exe17.327.4.3552fa24eeAppleMobileDeviceService_main.dll17.327.4.35539a62a9c000000500009ae0a0c01cfcb90dd43cdf0C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll7dd3ca03-379c-11e4-a27a-4c809337333a Error: (09/08/2014 10:40:19 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: C:\Program Files (x86)\Common Files\Windows Live\.cache\825495cf1ce2f1003\DXSETUP.exe Files (x86)\Common Files\Windows Live\.cache\825495cf1ce2f1003\DXSETUP.exe" /silent DirectX wurde installiert0x80042319 Error: (09/08/2014 10:39:15 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Clara-Computer) Description: 1SearchIndexer.exeWindows Search0302621614360 Error: (09/08/2014 08:26:09 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: F:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006) Error: (09/05/2014 01:35:24 AM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Error: Falscher Parameter. ErrorCode: 14007(0x36b7). Error: (09/05/2014 01:23:10 AM) (Source: MsiInstaller) (EventID: 1023) (User: Clara-Computer) Description: Adobe Reader XI (11.0.07){AC76BA86-7AD7-0000-2550-7A8C40011008}1625C:\Users\Clara\AppData\Local\Temp\MSI3d2d8.LOG(NULL)(NULL) Error: (09/05/2014 01:20:08 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (09/04/2014 09:10:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: WDFME.exe1.4.5.24d77d26bMSVCR90.dll9.0.30729.61614dace5b9c00004170006ccd5f4001cfc871a2853f2cC:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll2d285f25-3467-11e4-a7f5-4c809337333a CodeIntegrity Errors: =================================== Date: 2013-03-29 16:29:01.287 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-03-29 16:29:01.240 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz Percentage of memory in use: 57% Total physical RAM: 4007.05 MB Available physical RAM: 1702.46 MB Total Pagefile: 8012.29 MB Available Pagefile: 5393.26 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (Boot) (Fixed) (Total:404.66 GB) (Free:63.64 GB) NTFS Drive d: (Recover) (Fixed) (Total:60 GB) (Free:29.93 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 2BD2C32A) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=404.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=60 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=1 GB) - (Type=12) Und nun noch GMER Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-09-10 00:13:26 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0002 465,76GB Running: Gmer-19357.exe; Driver: C:\Users\Clara\AppData\Local\Temp\kwldykoc.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002ffd000 45 bytes [00, 10, 00, 00, 00, 00, 00, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff80002ffd02f 23 bytes [00, 00, 10, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\winlogon.exe[696] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bfef8d 1 byte [62] .text C:\Windows\System32\svchost.exe[540] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bfef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[768] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bfef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1272] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bfef8d 1 byte [62] .text C:\Windows\system32\WLANExt.exe[1448] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bfef8d 1 byte [62] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1196] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[2192] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2484] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bfef8d 1 byte [62] .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2952] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe[3316] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Windows\System32\svchost.exe[3800] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bfef8d 1 byte [62] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4016] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4344] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3396] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bfef8d 1 byte [62] .text C:\Windows\Explorer.EXE[3152] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bfef8d 1 byte [62] .text C:\Program Files (x86)\PHotkey\PHotkey.exe[4596] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075fe1f0e 7 bytes JMP 0000000166fc168b .text C:\Program Files (x86)\PHotkey\PHotkey.exe[4596] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075fe5bad 7 bytes JMP 0000000166fc11a4 .text C:\Program Files (x86)\PHotkey\PHotkey.exe[4596] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075ff1409 7 bytes JMP 0000000166fc1280 .text C:\Program Files (x86)\PHotkey\PHotkey.exe[4596] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075ffea45 7 bytes JMP 0000000166fc123a .text C:\Program Files (x86)\PHotkey\PHotkey.exe[4596] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Program Files (x86)\PHotkey\PHotkey.exe[4596] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007600b21b 5 bytes JMP 0000000166fc15a0 .text C:\Program Files (x86)\PHotkey\PHotkey.exe[4596] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076088e24 7 bytes JMP 0000000166fc132f .text C:\Program Files (x86)\PHotkey\PHotkey.exe[4596] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076088ea9 5 bytes JMP 0000000166fc16cc .text C:\Program Files (x86)\PHotkey\PHotkey.exe[4596] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000760891ff 1 byte JMP 0000000166fc1703 .text C:\Program Files (x86)\PHotkey\PHotkey.exe[4596] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2 0000000076089201 3 bytes {JMP 0xfffffffff0f38504} .text C:\Program Files (x86)\PHotkey\PHotkey.exe[4596] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074c28a29 5 bytes JMP 0000000166fc171c .text C:\Program Files (x86)\PHotkey\PHotkey.exe[4596] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074c34572 5 bytes JMP 0000000166fc10a0 .text C:\Program Files (x86)\PHotkey\PHotkey.exe[4596] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074c4e567 5 bytes JMP 0000000166fc140b .text C:\Program Files (x86)\PHotkey\PHotkey.exe[4596] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074c87a5c 5 bytes JMP 0000000166fc15c8 .text C:\Program Files (x86)\PHotkey\PHotkey.exe[4596] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074a85ea5 5 bytes JMP 0000000166fc15f0 .text C:\Program Files (x86)\PHotkey\PHotkey.exe[4596] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074ab9d0b 5 bytes JMP 0000000166fc1217 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5288] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bfef8d 1 byte [62] .text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[5420] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bfef8d 1 byte [62] .text C:\Program Files\Windows Sidebar\sidebar.exe[5588] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bfef8d 1 byte [62] .text C:\Program Files (x86)\PHotkey\HCSynApi.exe[5732] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074a85ea5 5 bytes JMP 0000000166fc15f0 .text C:\Program Files (x86)\PHotkey\HCSynApi.exe[5732] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074ab9d0b 5 bytes JMP 0000000166fc1217 .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5840] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075fe1f0e 7 bytes JMP 0000000166fc168b .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5840] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075fe5bad 7 bytes JMP 0000000166fc11a4 .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5840] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075ff1409 7 bytes JMP 0000000166fc1280 .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5840] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075ffea45 7 bytes JMP 0000000166fc123a .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5840] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5840] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007600b21b 5 bytes JMP 0000000166fc15a0 .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5840] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076088e24 7 bytes JMP 0000000166fc132f .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5840] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076088ea9 5 bytes JMP 0000000166fc16cc .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5840] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000760891ff 1 byte JMP 0000000166fc1703 .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5840] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2 0000000076089201 3 bytes {JMP 0xfffffffff0f38504} .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5840] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074c28a29 5 bytes JMP 0000000166fc171c .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5840] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074c34572 5 bytes JMP 0000000166fc10a0 .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5840] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074c4e567 5 bytes JMP 0000000166fc140b .text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[5840] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074c87a5c 5 bytes JMP 0000000166fc15c8 .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075fe1f0e 7 bytes JMP 0000000166fc168b .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075fe5bad 7 bytes JMP 0000000166fc11a4 .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075ff1409 7 bytes JMP 0000000166fc1280 .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075ffea45 7 bytes JMP 0000000166fc123a .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007600b21b 5 bytes JMP 0000000166fc15a0 .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076088e24 7 bytes JMP 0000000166fc132f .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076088ea9 5 bytes JMP 0000000166fc16cc .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000760891ff 1 byte JMP 0000000166fc1703 .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2 0000000076089201 3 bytes {JMP 0xfffffffff0f38504} .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000760f1d29 5 bytes JMP 0000000166fc11bd .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000760f1dd7 5 bytes JMP 0000000166fc1014 .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000760f2ab1 5 bytes JMP 0000000166fc154b .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000760f2d17 5 bytes JMP 0000000166fc1267 .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074c28a29 5 bytes JMP 0000000166fc171c .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074c34572 5 bytes JMP 0000000166fc10a0 .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074c4e567 5 bytes JMP 0000000166fc140b .text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[5876] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074c87a5c 5 bytes JMP 0000000166fc15c8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4328] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bfef8d 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[6224] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bfef8d 1 byte [62] .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[6244] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075fe1f0e 7 bytes JMP 0000000166fc168b .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[6244] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075fe5bad 7 bytes JMP 0000000166fc11a4 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[6244] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075ff1409 7 bytes JMP 0000000166fc1280 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[6244] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075ffea45 7 bytes JMP 0000000166fc123a .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[6244] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[6244] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007600b21b 5 bytes JMP 0000000166fc15a0 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[6244] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076088e24 7 bytes JMP 0000000166fc132f .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[6244] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076088ea9 5 bytes JMP 0000000166fc16cc .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[6244] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000760891ff 1 byte JMP 0000000166fc1703 .text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[6244] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2 0000000076089201 3 bytes {JMP 0xfffffffff0f38504} .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[6644] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075fe1f0e 7 bytes JMP 0000000166fc168b .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[6644] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075fe5bad 7 bytes JMP 0000000166fc11a4 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[6644] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075fe8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[6644] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075ff1409 7 bytes JMP 0000000166fc1280 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[6644] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075ffea45 7 bytes JMP 0000000166fc123a .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[6644] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[6644] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007600b21b 5 bytes JMP 0000000166fc15a0 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[6644] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076088e24 7 bytes JMP 0000000166fc132f .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[6644] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076088ea9 5 bytes JMP 0000000166fc16cc .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[6644] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000760891ff 1 byte JMP 0000000166fc1703 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[6644] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2 0000000076089201 3 bytes {JMP 0xfffffffff0f38504} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6660] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075fe1f0e 7 bytes JMP 0000000166fc168b .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6660] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075fe5bad 7 bytes JMP 0000000166fc11a4 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6660] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075ff1409 7 bytes JMP 0000000166fc1280 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6660] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075ffea45 7 bytes JMP 0000000166fc123a .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6660] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6660] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007600b21b 5 bytes JMP 0000000166fc15a0 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6660] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076088e24 7 bytes JMP 0000000166fc132f .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6660] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076088ea9 5 bytes JMP 0000000166fc16cc .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6660] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000760891ff 1 byte JMP 0000000166fc1703 .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[6660] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2 0000000076089201 3 bytes {JMP 0xfffffffff0f38504} .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6748] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074c28a29 5 bytes JMP 0000000166fc171c .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6748] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074c34572 5 bytes JMP 0000000166fc10a0 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6748] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074c4e567 5 bytes JMP 0000000166fc140b .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[6748] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074c87a5c 5 bytes JMP 0000000166fc15c8 .text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[7056] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075fe1f0e 7 bytes JMP 0000000166fc168b .text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[7056] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075fe5bad 7 bytes JMP 0000000166fc11a4 .text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[7056] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075ff1409 7 bytes JMP 0000000166fc1280 .text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[7056] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075ffea45 7 bytes JMP 0000000166fc123a .text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[7056] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[7056] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007600b21b 5 bytes JMP 0000000166fc15a0 .text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[7056] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076088e24 7 bytes JMP 0000000166fc132f .text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[7056] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076088ea9 5 bytes JMP 0000000166fc16cc .text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[7056] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000760891ff 1 byte JMP 0000000166fc1703 .text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[7056] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2 0000000076089201 3 bytes {JMP 0xfffffffff0f38504} .text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[7056] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074c28a29 5 bytes JMP 0000000166fc171c .text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[7056] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074c34572 5 bytes JMP 0000000166fc10a0 .text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[7056] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074c4e567 5 bytes JMP 0000000166fc140b .text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[7056] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074c87a5c 5 bytes JMP 0000000166fc15c8 .text C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe[5772] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075fe1f0e 7 bytes JMP 0000000166fc168b .text C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe[5772] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075fe5bad 7 bytes JMP 0000000166fc11a4 .text C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe[5772] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075ff1409 7 bytes JMP 0000000166fc1280 .text C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe[5772] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075ffea45 7 bytes JMP 0000000166fc123a .text C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe[5772] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe[5772] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007600b21b 5 bytes JMP 0000000166fc15a0 .text C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe[5772] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076088e24 7 bytes JMP 0000000166fc132f .text C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe[5772] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076088ea9 5 bytes JMP 0000000166fc16cc .text C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe[5772] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000760891ff 1 byte JMP 0000000166fc1703 .text C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe[5772] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2 0000000076089201 3 bytes {JMP 0xfffffffff0f38504} .text C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe[5772] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000760f1d29 5 bytes JMP 0000000166fc11bd .text C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe[5772] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000760f1dd7 5 bytes JMP 0000000166fc1014 .text C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe[5772] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000760f2ab1 5 bytes JMP 0000000166fc154b .text C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe[5772] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000760f2d17 5 bytes JMP 0000000166fc1267 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[7472] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[720] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000075fe1f0e 7 bytes JMP 0000000166fc168b .text C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000075fe5bad 7 bytes JMP 0000000166fc11a4 .text C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075ff1409 7 bytes JMP 0000000166fc1280 .text C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000075ffea45 7 bytes JMP 0000000166fc123a .text C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007600a2fd 1 byte [62] .text C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007600b21b 5 bytes JMP 0000000166fc15a0 .text C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076088e24 7 bytes JMP 0000000166fc132f .text C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076088ea9 5 bytes JMP 0000000166fc16cc .text C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000760891ff 1 byte JMP 0000000166fc1703 .text C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW + 2 0000000076089201 3 bytes {JMP 0xfffffffff0f38504} .text C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000760f1d29 5 bytes JMP 0000000166fc11bd .text C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000760f1dd7 5 bytes JMP 0000000166fc1014 .text C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000760f2ab1 5 bytes JMP 0000000166fc154b .text C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000760f2d17 5 bytes JMP 0000000166fc1267 .text C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000762ee96b 5 bytes JMP 0000000166fc15b9 .text C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000762eeba5 5 bytes JMP 0000000166fc1181 .text C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000074c28a29 5 bytes JMP 0000000166fc171c .text C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000074c34572 5 bytes JMP 0000000166fc10a0 .text C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000074c4e567 5 bytes JMP 0000000166fc140b .text C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000074c87a5c 5 bytes JMP 0000000166fc15c8 .text C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000074a85ea5 5 bytes JMP 0000000166fc15f0 .text C:\Users\Clara\Desktop\Gmer-19357.exe[6100] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000074ab9d0b 5 bytes JMP 0000000166fc1217 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [3800:7756] 000007fef2779688 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3696:1556] 0000000075cb7587 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3696:3116] 0000000069c47712 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3696:3312] 0000000076ff2e65 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3696:8028] 0000000074a9d864 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3696:5944] 0000000076ff3e85 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3696:8076] 0000000076ff3e85 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3696:4516] 0000000076ff3e85 ---- Processes - GMER 2.1 ---- Library C:\Users\Clara\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe [5772](2014-08-15 18:46:08) 0000000003c00000 Library c:\users\clara\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjbmqem.dll (*** suspicious ***) @ C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe [5772](2014-09-09 21:33:47) 0000000004110000 Library C:\Users\Clara\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe [5772](2013-08-23 19:01:44) 000000005bd70000 Library C:\Users\Clara\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe [5772] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42) 000000005a240000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00150080283d Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4c809337333a Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4c809337333a@d0176ac84815 0x32 0x90 0x47 0x78 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00150080283d (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4c809337333a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4c809337333a@d0176ac84815 0x32 0x90 0x47 0x78 ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- |
11.09.2014, 19:55 | #5 |
/// TB-Ausbilder | Viren und Malware gefunden Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter CHR HKLM-x32\...\Chrome\Extension: [ndkkhdppcfchlghnlhifennhcadbnfld] - C:\Users\Clara\AppData\Local\CRE\ndkkhdppcfchlghnlhifennhcadbnfld.crx [2014-08-18] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION Task: {42B946E9-114B-44C3-8A25-FAF7763EE29B} - System32\Tasks\DSite => C:\Users\Clara\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {E54EEBDA-B88A-4FDE-8EF9-AD8670F488B3} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION Task: C:\Windows\Tasks\DSite.job => C:\Users\Clara\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Starte noch einmal FRST.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
11.09.2014, 23:32 | #6 |
| Viren und Malware gefunden Zu Schritt 1: FRST Fixlog.txt: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014 Ran by Clara at 2014-09-11 22:04:29 Run:1 Running from C:\Users\Clara\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** CHR HKLM-x32\...\Chrome\Extension: [ndkkhdppcfchlghnlhifennhcadbnfld] - C:\Users\Clara\AppData\Local\CRE\ndkkhdppcfchlghnlhifennhcadbnfld.crx [2014-08-18] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION Task: {42B946E9-114B-44C3-8A25-FAF7763EE29B} - System32\Tasks\DSite => C:\Users\Clara\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {E54EEBDA-B88A-4FDE-8EF9-AD8670F488B3} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION Task: C:\Windows\Tasks\DSite.job => C:\Users\Clara\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION emptytemp: ***************** "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndkkhdppcfchlghnlhifennhcadbnfld" => Key deleted successfully. "C:\Users\Clara\AppData\Local\CRE\ndkkhdppcfchlghnlhifennhcadbnfld.crx" => File/Directory not found. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42B946E9-114B-44C3-8A25-FAF7763EE29B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42B946E9-114B-44C3-8A25-FAF7763EE29B}" => Key deleted successfully. C:\Windows\System32\Tasks\DSite => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E54EEBDA-B88A-4FDE-8EF9-AD8670F488B3}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E54EEBDA-B88A-4FDE-8EF9-AD8670F488B3}" => Key deleted successfully. C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar" => Key deleted successfully. C:\Windows\Tasks\DSite.job => Moved successfully. EmptyTemp: => Removed 7 GB temporary data. The system needed a reboot. ==== End of Fixlog ==== Zu Schritt 2: aswMBR.exe In der Anleitung zu aswMBR.exe steht, dass ich das Antivirusprogramm schließen soll. Bedeutet dies, dass ich AVAST schließen soll? Ich frage lieber zuerst nach, weil du geschrieben hast, dass das Programm danach fragen wird, ob ich mit AVAST das System scannen will... Beim Start von aswMBR taucht folgende Meldung/Frage auf: Code:
ATTFilter This computer supports "Virtualization Technology". Would you like to use it for rootkit detection? Nachdem ich was anklicken musste, habe ich halt NEIN angeklickt und hoffe, das war nicht falsch. Der Suchlauf startete dann .... Hier das Ergebnis: Code:
ATTFilter aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software Run date: 2014-09-11 22:17:43 ----------------------------- 22:17:43.908 OS Version: Windows x64 6.1.7601 Service Pack 1 22:17:43.908 Number of processors: 4 586 0x2A07 22:17:43.909 ComputerName: CLARA-COMPUTER UserName: Clara 22:17:46.111 Initialize success 22:17:46.112 VM: initialized successfully 22:17:46.545 VM: Intel CPU supported virtualized 22:58:07.655 VM: not used 22:58:10.955 AVAST engine defs: 14091101 22:59:45.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 22:59:45.041 Disk 0 Vendor: ST950042 0002 Size: 476940MB BusType: 3 22:59:45.191 Disk 0 MBR read successfully 22:59:45.191 Disk 0 MBR scan 22:59:45.211 Disk 0 unknown MBR code 22:59:45.231 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 22:59:45.241 Disk 0 default boot code 22:59:45.291 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 414372 MB offset 206848 22:59:45.331 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 61440 MB offset 848840704 22:59:45.401 Disk 0 Partition 4 00 12 Compaq diag NTFS 1026 MB offset 974669824 22:59:45.501 Disk 0 scanning C:\Windows\system32\drivers 22:59:55.176 Service scanning 23:00:14.902 Modules scanning 23:00:14.912 Disk 0 trace - called modules: 23:00:14.942 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 23:00:14.942 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800701a060] 23:00:14.952 3 CLASSPNP.SYS[fffff88000c7743f] -> nt!IofCallDriver -> [0xfffffa80047ea550] 23:00:14.952 5 ACPI.sys[fffff88000d757a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80047f0050] 23:00:26.864 AVAST engine scan C:\Windows 23:00:29.074 AVAST engine scan C:\Windows\system32 23:03:21.444 AVAST engine scan C:\Windows\system32\drivers 23:03:35.923 AVAST engine scan C:\Users\Clara 23:52:58.833 AVAST engine scan C:\ProgramData 23:55:29.773 Scan finished successfully 23:57:09.848 Disk 0 MBR has been saved successfully to "C:\Users\Clara\Desktop\MBR.dat" 23:57:09.858 The log file has been saved successfully to "C:\Users\Clara\Desktop\aswMBR.txt" Code:
ATTFilter # AdwCleaner v3.309 - Bericht erstellt am 12/09/2014 um 00:00:01 # Aktualisiert 02/09/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Clara - CLARA-COMPUTER # Gestartet von : C:\Users\Clara\Desktop\adwcleaner_3.309.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\Tarma Installer Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB Ordner Gelöscht : C:\Users\Clara\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\Clara\AppData\Roaming\DSite Ordner Gelöscht : C:\Users\Clara\AppData\Roaming\PerformerSoft Ordner Gelöscht : C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck Datei Gelöscht : C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage Datei Gelöscht : C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage ***** [ Tasks ] ***** Task Gelöscht : Dealply ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\522d6deb33aed48 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_minecraft_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_minecraft_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Schlüssel Gelöscht : HKCU\Software\Ciuvo Schlüssel Gelöscht : HKCU\Software\dsiteproducts Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17280 -\\ Google Chrome v37.0.2062.120 [ Datei : C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\preferences ] Gelöscht [Extension] : eofcbnmajmjmplflapaojjnihcjkigck ************************* AdwCleaner[R0].txt - [5676 octets] - [11/09/2014 23:58:31] AdwCleaner[S0].txt - [5272 octets] - [12/09/2014 00:00:01] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5332 octets] ########## Das JRT hat folgendes LOG geliefert: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by Clara on 12.09.2014 at 0:04:28,08 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2971180534-3307857154-2361156270-1002\Software\sweetim Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7588CA44-A7C9-4C51-B5D7-CEED47966EC7} ~~~ Files Successfully deleted: [File] "C:\Users\Clara\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com" Successfully deleted: [File] C:\Windows\syswow64\sho3492.tmp Successfully deleted: [File] C:\Windows\syswow64\shoC974.tmp ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{009A2206-A0F0-4B0E-9393-59CB196224E1} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{01B9F2C3-2099-4E83-9409-ED4AF0CA3757} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{0603FA30-DE12-485C-9A22-F237A0F16668} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{06EB080B-3D42-4EBE-AA0C-C423C50C0BC6} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{073120C3-63F8-41CE-B062-A841FD45794D} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{09F0510B-B4D5-434B-9876-AE503386927F} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{0AFFB361-C314-4EA9-AEC8-736945A4708B} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{0C5EE800-6F5C-435E-8850-4FBAD5CC0584} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{0D75EA4C-3AC1-4D1D-8931-AE2DD9192D55} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{0D85C060-E76C-4EEF-A7C1-5B032BB08C57} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{0DB28282-C2CF-43C5-BDE8-17ADC4004D94} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{1006218C-0DFF-478A-94BC-33FA10CF4158} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{11229D29-322E-4D7A-90F4-FDB7A4D73420} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{13187573-E1A3-40B2-8102-121274F6F74C} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{156E87E8-5D28-4401-B0CA-EF889050A46A} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{156FD02B-2C24-4B27-99D5-D2723038E1E6} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{18ED9A7D-2934-45CA-8413-0B388C60E285} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{1B154510-3D22-4435-9BAC-899CF57096E8} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{1C14C76D-7045-4F5D-9A78-0C61A6F014D7} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{202D7281-8822-4A84-B9B0-CE9A687AB294} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{2112F2E2-7C80-4632-81EE-16B28281CF4C} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{22394F57-EF86-4B7D-9B11-192C0804A9F3} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{22F4F85B-88E5-4111-B8D8-B6FB0339F56B} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{233C949A-F282-49D2-BE2B-2BFDA07DA108} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{23B9FE0F-C90C-4A54-A46D-B8CF57E80552} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{266F30BB-37FC-4D58-8DC6-6677AA255012} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{29E6642E-668A-46C5-A923-404B7234764B} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{2A046E34-3715-42FF-8241-0B4B7DB846AF} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{2A5B0A29-A82B-4549-A933-3FADCB02D7BC} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{2AF7EA54-8DAD-4B08-BF5E-78855F4BD423} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{2BDB096C-74B2-462A-842E-6297718B8E26} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{2CBD981B-D779-4763-B85B-054DC44D67B4} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{2E0FAB58-C07F-4C5E-8B37-F967587C16D2} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{2FDC3E00-6253-4948-B787-CD189192CF89} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{3027C21A-D0FA-432F-BAAE-73F185003919} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{307B2612-B155-4536-BE26-581E8BBF385D} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{31A71BB0-9C9C-4AA6-B810-CAD61D9DAE50} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{31F575E8-F308-429E-8EBC-1C384911D0C1} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{330EBA12-0690-4FE3-BBFA-F18770381248} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{333B061D-DA57-456F-B4EF-7C2FD8BD5B88} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{336742DF-657D-4A6C-853D-0FB586480A2C} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{35876A6C-C668-4168-A9C9-8EE28C663194} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{36745934-6D02-4F36-A7C3-94AA4DE11704} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{37A5F942-378E-4DA8-B57D-4CEB92B071AE} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{37A74D82-F35B-408A-B30A-BF4A9ACD0FAB} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{380D76B8-4009-4110-AB4D-69E1CAA41991} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{389C58A4-CB22-4F1A-99F1-3DB13F438A1B} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{38C9DB1E-C880-4D3F-B3E8-4AF9BE1F10AC} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{38E398AC-1230-445B-9089-CFD8663AC5BE} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{390DBA71-6767-4687-95F5-0E455207747F} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{3A4E4D6E-F601-4B1D-9AE5-F5FE71BDFD22} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{3A80CDE0-D7A5-4D98-9987-47E814A4436C} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{3BFE0DE6-FD64-450B-8D61-7E03B501EA75} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{3DB1991D-E03E-4A8B-A8DC-4BFE56808F6A} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{3EEBFC0B-846E-4083-8EA2-5B9644657ABB} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{3F5C59FD-E858-40EB-8C34-848365B45663} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{4006307F-C627-49D5-A36A-FDC44D6F1D8E} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{40218299-1F6B-4FE3-BD13-62AFA3AAD3C6} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{40ACD772-7C83-49BC-AA98-4035AEC7BBCE} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{40EECD56-4197-4674-986F-F269FD0D1734} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{41A5C0A6-7A7D-4FAC-8025-5BF0FE8692D8} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{42D07DBD-CD2A-4649-98E3-E0966CE513AB} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{433C1F90-11D2-4605-A0E0-0786D20BEA14} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{44253F49-4032-46F4-949A-2375943C6E6E} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{47EA5FD7-C7D6-4F61-8AB2-D345682D8988} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{49A15AD5-15B8-48B2-9D34-966CFBBA20AF} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{49BAF0C6-4966-42A6-9A0A-458A9FF674FC} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{49E72B05-F95D-4BBC-AE5C-9E047EC6F4CF} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{49F5083F-B904-43CB-96ED-165F04ACACC9} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{4AE811C5-CCF2-4DEA-B757-29D1E0600AF1} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{4B88CDB1-42C4-4358-A5E6-CC98C2074854} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{4CD33C29-5006-48A8-9C8A-8B862F65C8DB} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{4DEC0C55-27EC-4A9E-8129-30CF7D48CE84} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{4EC81A53-BCFE-41C3-90EA-2A3873579DDC} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{51BCFCE7-C2DF-469E-AE0F-0CEC169FC09A} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{526FEC39-861D-460B-B841-6809BF943F6A} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{53BF4F3D-3A87-4436-B293-59A4A6802202} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{5525CE84-F430-4409-B16B-3DE28D5B380F} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{577C4132-68CA-4A2E-908D-45703DD5212E} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{57A54786-BF20-4E2F-A300-AEA64BEBF371} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{58D8574E-66C5-435A-A215-24F5EE2CF3B4} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{5962A4B4-5B21-4E7E-88CA-50F4D4318D46} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{5A3C5A06-5E49-4623-9CC5-CD37019CB9D8} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{5B1EF3A8-5DE5-44AE-AA7E-896A9A524591} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{5B54B299-FE7C-470F-B762-69F0D52B623C} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{5C18FBAC-E9A6-4D93-9E20-F84281EEE6E7} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{5D22EDA8-AFDD-4C4B-B44D-49FB9B3C348B} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{5FB66FB6-A006-4EC8-AD3E-C61CB8B734A9} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{6044F231-2014-419E-B88F-B352ACA0A0BF} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{606D4C66-F97D-44F6-BF3E-78B8B8102496} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{60FF62D4-3835-48BE-A99B-D9414E8F7CC0} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{628E2020-768F-4F6A-9ACC-0AF582E2CCFF} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{62CC6F01-7109-4E1A-9B0A-449A3ED90D43} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{647EE1AE-5803-42C7-9343-9406AE486100} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{65078356-D458-4911-B9A1-B93B6691FDBC} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{6583AD8B-27E7-4D98-91B6-4DF20F449BDF} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{659AA390-A720-465E-BEDA-149388C4D7B2} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{663A66E8-1F1C-4B9A-A499-EE93E94F90C3} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{666F5241-0E70-4A4B-B2E1-DD93E6BFECBE} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{6675626D-6F5A-49F5-9E39-389C982DD993} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{68D7D868-661E-4010-84F6-BE7AC356CE11} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{6926D840-97D0-4A51-82D1-CAF3A4D3AEEB} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{6AED500A-DC87-43F4-9643-0CBD255AC76F} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{6B11DD26-9035-4C24-94E0-15174235F310} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{6D6D5C5F-676C-4A46-94E4-43C5E411E15E} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{6D9A6219-3D23-4E1F-B3CA-73BC3EEED34F} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{6EE20470-0257-4F8D-859F-42EC891ED491} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{6F958560-CB83-4BF1-8427-0488B21DA9A0} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{7223A3EE-BB46-4C0A-A673-A3450A6B890A} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{72CB96C9-FE6E-49DD-AF95-EE1220B5BD4D} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{732D092D-C88D-4476-B83D-B490FF1DB8B6} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{7512F0F5-C144-4F75-93A1-5A64A102CA11} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{75E25C2F-E82F-4A6E-ABA2-A033F16BEF20} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{76991777-17F3-4464-8669-36A85A65839C} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{77A2AD43-9D2D-4130-96FF-4231AD992FF7} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{7904AC4F-1B7E-4608-AD3F-8FA73E90F98F} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{7A80D5CE-0065-4AF6-95B3-A10C187DC798} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{7B318243-C55D-4F08-BF29-4B86E28076E2} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{7C6ADC81-CC02-4636-AAB7-5F035CF9A2E2} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{7C88447E-9734-48B4-9552-EB4B70985493} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{7DF3A433-22AC-457C-8E7E-CD6A71F533F2} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{7E241CC5-956D-4FD8-9059-EA533C5E2ADD} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{7E648CE6-1740-49AB-8547-D57F08CAA98E} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{801D3AD5-ACB2-405E-9E26-85DC306EE9F4} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{80997638-8E20-4B12-8A05-0516365CA0D8} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{81F20E7A-C09F-435B-9C8E-AC8BE9110107} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{827463A8-8B33-443F-9F5D-4C323D1C6BAF} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{8316FE78-BBBE-4F41-BFFF-BA506F7A449B} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{847A643F-3512-479F-AB89-AFBE3FF4C98E} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{863BA964-6925-4BC0-8FCE-84B8739E711D} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{86E27F39-BB21-4A39-8D68-DBD9C1B6B5DF} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{88E5770F-ED17-4A77-A355-7FBE123877C8} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{88ED8E5C-F3BE-4345-8D1C-3A344F752CFA} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{893E013C-C357-40A1-B042-AAA9637F9767} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{8985EFD8-3733-4FB0-8A2F-EE2520DAE988} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{89E252D9-9D16-4A3A-956B-446CF7061A53} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{8AB88FE5-3161-443C-87AE-5A146141BFDF} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{8B4F8B5E-4A8F-45B9-B54C-B0EDDF20D2B1} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{8BD96A71-0FBC-45FF-A383-A48550AC52BB} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{8BEF416E-BD8E-4343-85A0-C03C00921F43} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{8C267985-269E-41CC-B211-948D3EF91334} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{8C77A533-BDBF-4E19-B44A-CC7D999EC772} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{8E0C1FAA-D66C-46B5-9AA0-5E88D9E5A698} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{8EDD7EC9-A9F4-4C0A-BCE3-E8C8341841E2} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{90A44855-6192-4EE3-A772-670A2BB1B537} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{90D5C35D-B450-4313-9FB0-1AA83327ED34} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{91BBFFA0-E51F-46F1-A92B-4AE79C7389BA} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{9332C5FE-00C7-4A37-A92B-2C569FBB7871} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{93A7E491-FDC2-41AA-A140-8CF80E768C64} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{9416B7BF-54A9-4AF2-96BC-133559A72C8E} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{9438C729-DF0C-466F-B640-7EB3D4E38837} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{94E9FEE7-66C9-47A5-996F-078769AA5A5B} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{95172544-9567-493F-B204-23847300A230} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{95BE675E-E578-4724-886E-5D3864A528B0} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{977F7529-D41F-4B29-8C49-AE5DA5D0F644} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{98920C73-EB78-4A12-83DD-0C0AAF5CC342} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{98EC90D4-7245-4A1E-8259-762BE2956D63} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{9920A579-6AC9-4509-8FC6-B4CA4C2361FE} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{9B602520-20E8-45E3-BDCF-4F6C4F8A9F9E} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{9D292320-5875-4E46-96ED-EEC1E6C53769} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{9DB5EBD0-3483-45C0-ABA3-FB3D92246F35} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{9E4BE032-5B16-4E7B-B689-FBA0C02B630F} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{9F0E22E0-8F95-4623-858F-A7F1276B03C6} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{9F403185-CCE7-44B3-A570-F4582A880CBD} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{A1697212-1A57-44DE-A549-FDEB33EA60FC} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{A2335B09-A7A3-4BC3-933E-A8ACFDCC7347} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{A24A26FA-C258-4F0B-9DCB-70AFD4445C87} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{A4338876-A395-43FE-90C9-65722E5A017C} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{A43F3689-50CB-4B7D-B376-596BCFBEA3E0} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{A684A0DB-E942-474C-B0C1-66A8D5641FD2} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{A74B49D8-700B-41E3-B493-A269082F2DF2} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{A768F0BF-2AF3-414C-BFFB-B9B712090C1E} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{A88A8E5D-339B-4C48-B9FC-D72DE94A0E28} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{AC09C4BD-5198-4F64-8193-3514350DEEBA} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{AC7EE15D-BA60-49F3-BCD5-DECB18F09747} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{AD44F3ED-9C3C-41D9-9517-8B78AA11C5DD} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{AD6587DF-9324-45C8-9746-B133619F73C0} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{AF2AC986-AB37-4102-B7BC-F73D14E4D7DA} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{AFF089AC-8984-4D7A-A2B5-B04B2E614C28} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{B0109ABC-6428-4109-AD02-E3AE76B1F38C} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{B13F9480-5DBC-49E7-BA1C-4720230DBA92} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{B15FD3C0-7A9B-4958-8793-0995D6765FFF} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{B1A51B05-CB64-4DEE-9CFC-9647889CE590} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{B2798108-1CC9-45DE-B147-B953FAF3D0F3} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{B2AC7CAD-03E0-4475-9507-C40A115F50A0} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{B398ECA0-44FD-42C5-9E30-6662EAE84CE4} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{B3ACC7DC-35B9-412A-A6B2-3FECC5727924} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{B66CE2CE-83B6-4259-B63B-3B9BE9B4BD60} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{B6FE26F3-6B1D-4A9C-9DF9-943D897EDABD} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{B7AAB16B-DD74-4AE1-82CD-E078F84F651E} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{B7F1B38F-ACCD-4865-A815-C6B6505DB36B} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{B871AD61-EE66-41D4-8E0E-73E0F2552DC9} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{B93493DE-EB81-47BC-A9BB-40A38FF44DCC} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{B94111B1-E149-4DEC-85F4-B6F284D6CA47} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{BA3E5725-B4B5-43FB-A281-743853929F87} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{BB60AEF6-E417-47B7-AD84-FDB5C141435A} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{BD6FAC4F-5D1C-4B17-B8BE-925B721A7F4C} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{BE839CFE-CC6F-4436-95D9-CA4918E59321} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{BFB41238-5EB3-4EB5-A784-B6018C9F125B} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{BFBA70A6-56BB-4D7A-97E7-29B6BA663725} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{C2AFD422-ACB5-4D34-88C0-15C5411FCCCA} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{C412EB44-2518-4282-B1B1-A1389BB342B3} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{C7B74B50-CED2-4CA2-89AB-AD3FACB41AED} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{C9E31710-14B1-4543-AB1A-99E60CACC079} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{CB1D5FA8-C72E-42FC-9118-D496A3B9172B} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{CB57E485-B2A4-440D-B1F6-432C68538503} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{CBC7DC08-8B28-48E8-B592-B1083F429CB4} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{CF1AF5FB-6CFB-4160-8F51-70276DBC32D9} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{CF248F08-FF6B-4CAB-A510-47B82A6BF449} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{D1CDF89A-E3FC-4DAB-8CE4-85202D09B475} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{D1E45328-D634-4387-9FD6-0B12578CD9BF} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{D1F2BF99-80D8-4E10-BBC7-9E373504453C} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{D2A1903A-341C-4632-AD12-5C1047B9F760} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{D363FDF9-4DA9-42F7-9774-EFB4FD6EE3F3} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{D3F65260-541F-4FDC-A52E-B4FBF91A07BE} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{D418AAB6-3F39-4D4F-9C98-81912364D46D} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{D5C536D5-43B9-401A-891C-2B8FAEDFC97B} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{D5F202F5-6F9D-43EF-8EA0-9151EBD88EAB} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{D6AFC53F-E584-49BD-A63C-5DAC04513C8D} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{D70BA13D-0D57-48A4-9739-6E3219BAFE1C} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{D71C9046-70AD-4D1D-8503-BCB710B15F40} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{D82C9937-CAF3-4AEF-A8E7-C652893A3A65} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{D8E8CE61-EC8F-4A43-AFDC-CCEFF0DECCA9} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{DA1FD356-F638-4DC5-89AF-C4E10D049213} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{DE066A33-37C9-4582-9C9D-75D808E3E209} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{DEAED1AC-6A3F-4110-A8A2-8D56FF042E43} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{DFEC00D8-FEB8-4E45-A09F-39C209226D9A} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{E04A3D08-CEE4-435C-86D1-E789B8B304D9} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{E35A4375-1E2F-43A9-867E-D64B64D2AB85} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{E4BF951F-B2E8-492F-8FA6-D4292B3F3772} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{E4F9945B-EA8A-4E47-B0BD-59C2ECCC071D} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{E541CC0F-0512-4201-9B28-86B054E21671} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{E5D286C9-B65D-4522-B190-5B6C884B0234} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{E62FDE09-D6EB-492C-802E-165543B30945} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{E6A53133-2B78-40BA-9CD7-FEBD2D5D06C8} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{E81BF4BA-782C-4093-8ADE-0CFE95C140E6} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{E83456C0-8AD9-4EBC-9516-AC0FD2ABDCF6} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{E8A39DDE-83AB-482C-9047-BE5444B0D36A} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{E9B6093F-A960-40FE-A329-AB56FDDE7CF7} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{EA16C491-A1A6-4B79-AE4A-64C56BE2C7B7} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{EC016359-6F49-44B2-87B9-EA0AC2A0E357} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{EC04F0D4-F079-42DC-88D2-2A08B8F5FA47} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{EC5E4F85-3E47-49F7-8CCB-6D63E99C6A6D} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{EC68FD55-2A94-4242-8BB7-8E9918D40307} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{EEB11602-8DDB-48E5-B584-B04E77BD5437} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{F1479BB2-F73B-4ADE-B596-3109E96CB29E} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{F199E3A9-F421-4F59-81C1-002DD98F8E6D} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{F5CB4457-C0A8-4E75-83F0-343A4C0FE831} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{F6A5E88F-F962-4DE0-ADD5-65157861B856} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{F6D00065-E283-421D-AC40-3B38487CDFE2} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{F753FE5C-72D0-4D38-A946-24A4CAC66D9E} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{F8068ABC-B631-458F-9130-AC7BD42631CE} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{FA21630E-0FEE-4399-BE74-0270BFD7E443} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{FA24226E-8F72-4726-AB7D-C46762F144C4} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{FAA95007-A15B-4588-A2ED-F71A0F451D6B} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{FAAF0130-66DC-4D23-9B34-A051BCFB94E7} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{FBD36F03-054B-45F0-A6DF-41DF1BC0B319} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{FC3203A0-B955-4861-84C3-534668710763} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{FD63F319-86F4-44DE-9B42-03B6E36E684E} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{FD8F3717-51A2-4F00-86EA-F17550BA9CDF} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{FDFD890F-47FC-47FB-BEA5-383F3C1FEBD7} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{FE31F776-AC17-4C20-8A99-24E593A7CC08} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{FEB1289A-ED15-4A4C-AEB6-BDB475BE70A9} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{FEB663D1-8A5E-4870-B713-48034C65BA08} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{FF8D6B0B-468A-496D-8CAC-658445B553E9} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{FF966551-C34C-408F-831B-0D6EE425653E} Successfully deleted: [Empty Folder] C:\Users\Clara\appdata\local\{FF9DAD41-5EDB-40B8-80E7-F31D5E8928E0} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 12.09.2014 at 0:16:30,15 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Und schließlich FRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014 Ran by Clara (administrator) on CLARA-COMPUTER on 12-09-2014 00:17:04 Running from C:\Users\Clara\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Program Files (x86)\PHotkey\AsLdrSrv.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files (x86)\PHotkey\PHotkey.exe () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Dropbox, Inc.) C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe () C:\Program Files (x86)\PHotkey\PVDesktop.exe () C:\Program Files (x86)\PHotkey\PVDAgent.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Program Files (x86)\PHotkey\POsd.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2832168 2011-09-30] (Synaptics Incorporated) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.) HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-16] (Intel(R) Corporation) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-22] (Alcor Micro Corp.) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-18] (AVAST Software) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2971180534-3307857154-2361156270-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\S-1-5-21-2971180534-3307857154-2361156270-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-2971180534-3307857154-2361156270-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-2971180534-3307857154-2361156270-1002\...\Run: [Google Update] => C:\Users\Clara\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-01-14] (Google Inc.) AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-10-27] (NVIDIA Corporation) AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-10-27] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [141336 2013-10-27] (NVIDIA Corporation) AppInit_DLLs-x32: ,C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-10-27] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.) Startup: C:\Users\Clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Clara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD772B8DAD3AACB01 SearchScopes: HKCU - {ED1B9BF1-9BD4-4078-BA2E-924AB654916F} URL = hxxp://www.google.de/search?q={searchTerms} BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Clara\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Clara\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-30] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.de/ CHR DefaultSearchKeyword: Default -> 2236F588FBD4DECFC6F2A89BA645A8EB43EC22E1FB7C4088F43684CAE8F0FF11 CHR DefaultSearchURL: Default -> 088438C5D04F0212CFBE5FF554A4BD6C83440BDA68F400E4A40B9046864B7E1E CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Google Update) - C:\Users\Clara\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Profile: C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05] CHR Extension: (SmoothScroll) - C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Extensions\cccpiddacjljmfbbgeimpelpndgpoknn [2014-04-26] CHR Extension: (No Name) - C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-09-02] CHR Extension: (iCloud-Lesezeichen) - C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2013-11-02] CHR Extension: (avast! Online Security) - C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-07-21] CHR Extension: (Smooth Scrollerator) - C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmicgfcegednlkdhgbhgickcgndjeeig [2014-04-26] CHR Extension: (Google Wallet) - C:\Users\Clara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] CHR HKCU\...\Chrome\Extension: [ndkkhdppcfchlghnlhifennhcadbnfld] - C:\Users\Clara\AppData\Local\CRE\ndkkhdppcfchlghnlhifennhcadbnfld.crx [] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-18] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-19] () R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-18] (AVAST Software) R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-05-19] (Intel Corporation) [File not signed] S3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1335360 2011-05-19] (Intel Corporation) [File not signed] R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-05-19] (Intel Corporation) [File not signed] R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed] R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [156672 2011-10-14] () [File not signed] S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-16] () S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4609416 2013-11-06] (INCA Internet Co., Ltd.) [File not signed] R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288768 2011-03-09] (WDC) [File not signed] R2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] () R2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-18] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-18] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-18] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-18] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-18] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-18] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-18] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2014-01-22] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-18] () R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-07-03] () R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-07-03] () R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-12] (PEGATRON) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 clwvd; system32\DRIVERS\clwvd.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-12 00:16 - 2014-09-12 00:16 - 00029743 _____ () C:\Users\Clara\Desktop\JRT.txt 2014-09-12 00:03 - 2014-09-12 00:03 - 00005460 _____ () C:\Users\Clara\Desktop\AdwCleaner[S0].txt 2014-09-11 23:58 - 2014-09-12 00:00 - 00000000 ____D () C:\AdwCleaner 2014-09-11 23:57 - 2014-09-11 23:57 - 00002267 _____ () C:\Users\Clara\Desktop\aswMBR.txt 2014-09-11 23:57 - 2014-09-11 23:57 - 00000512 _____ () C:\Users\Clara\Desktop\MBR.dat 2014-09-11 22:16 - 2014-09-11 22:16 - 01016261 _____ (Thisisu) C:\Users\Clara\Desktop\JRT.exe 2014-09-11 22:15 - 2014-09-11 22:16 - 01370483 _____ () C:\Users\Clara\Desktop\adwcleaner_3.309.exe 2014-09-11 22:13 - 2014-09-11 22:14 - 05185536 _____ (AVAST Software) C:\Users\Clara\Desktop\aswMBR.exe 2014-09-11 22:04 - 2014-09-11 22:04 - 00000000 ____D () C:\Users\Clara\Desktop\FRST-OlderVersion 2014-09-11 09:48 - 2014-09-11 09:48 - 00003274 _____ () C:\Windows\System32\Tasks\{85774FC0-9601-40E7-BBDB-C2716B854ADF} 2014-09-11 09:46 - 2014-09-11 09:46 - 00001272 _____ () C:\Users\Clara\Desktop\Revo Uninstaller.lnk 2014-09-11 09:46 - 2014-09-11 09:46 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-09-11 09:44 - 2014-09-11 09:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Clara\Downloads\revosetup95.exe 2014-09-11 09:19 - 2014-09-11 09:19 - 00000348 _____ () C:\Users\Clara\Desktop\AVAST Containerinfos.txt 2014-09-10 01:18 - 2014-09-10 01:18 - 807055908 _____ () C:\Windows\MEMORY.DMP 2014-09-10 01:18 - 2014-09-10 01:18 - 00500248 _____ () C:\Windows\Minidump\091014-25209-01.dmp 2014-09-10 01:18 - 2014-09-10 01:18 - 00000000 ____D () C:\Windows\Minidump 2014-09-10 01:01 - 2014-09-11 09:22 - 00014044 _____ () C:\Users\Clara\Desktop\Logs.7z 2014-09-10 00:39 - 2014-09-10 00:39 - 00002846 _____ () C:\Users\Clara\Desktop\mbam.txt 2014-09-10 00:13 - 2014-09-10 00:13 - 00047537 _____ () C:\Users\Clara\Desktop\gmer.txt 2014-09-09 23:54 - 2014-09-09 23:55 - 00054427 _____ () C:\Users\Clara\Desktop\Addition.txt 2014-09-09 23:52 - 2014-09-12 00:17 - 00024364 _____ () C:\Users\Clara\Desktop\FRST.txt 2014-09-09 23:52 - 2014-09-12 00:17 - 00000000 ____D () C:\FRST 2014-09-09 23:51 - 2014-09-09 23:51 - 00000472 _____ () C:\Users\Clara\Desktop\defogger_disable.log 2014-09-09 23:51 - 2014-09-09 23:51 - 00000000 _____ () C:\Users\Clara\defogger_reenable 2014-09-09 23:16 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-09 23:16 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-09 23:16 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-09 23:16 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-09 23:16 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-09 23:16 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-09 23:16 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-09 23:16 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-09 23:16 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-09 23:16 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-09 23:16 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-09 23:16 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-09 23:16 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-09 23:16 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-09 23:16 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-09 23:16 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-09 23:16 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-09 23:16 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-09 23:16 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-09 23:16 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-09 23:16 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-09 23:16 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-09 23:16 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-09 23:16 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-09 23:16 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-09 23:16 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-09 23:16 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-09-09 23:16 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-09 23:16 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-09 23:16 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-09 23:16 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-09 23:16 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-09 23:16 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-09 23:16 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-09 23:16 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-09 23:16 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-09-09 23:16 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-09 23:16 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-09 23:16 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-09 23:16 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-09 23:16 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-09 23:16 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-09 23:16 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-09 23:16 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-09 23:16 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-09 23:16 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-09 23:16 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-09 23:16 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-09 23:16 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-09 23:16 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-09 23:16 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-09-09 23:16 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-09 23:16 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-09 23:16 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-09 23:16 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-09 23:16 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-09-09 23:00 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-09 23:00 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-09 22:56 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-09 22:56 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-09 22:56 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-09 22:56 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-09 22:56 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-09 22:56 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-09 22:56 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-09 22:56 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-09-09 22:56 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-09-09 22:55 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-09 22:55 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-09 22:55 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-09 22:55 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-09 22:42 - 2014-09-11 22:04 - 02105856 _____ (Farbar) C:\Users\Clara\Desktop\FRST64.exe 2014-09-09 22:42 - 2014-09-05 00:08 - 00050477 _____ () C:\Users\Clara\Desktop\Defogger (1).exe 2014-09-09 22:42 - 2014-09-05 00:07 - 00380416 _____ () C:\Users\Clara\Desktop\Gmer-19357.exe 2014-09-08 23:40 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2014-09-08 23:40 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2014-09-08 23:40 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2014-09-08 23:40 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2014-09-08 23:40 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2014-09-08 23:40 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-09-08 23:40 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2014-09-08 23:40 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2014-09-08 23:40 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll 2014-09-08 23:40 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll 2014-09-08 23:40 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2014-09-08 23:40 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2014-09-08 23:40 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2014-09-08 23:40 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-09-08 23:40 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2014-09-08 23:40 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-09-08 23:37 - 2014-09-08 23:37 - 00001468 _____ () C:\Users\Public\Desktop\LibreOffice 4.2.lnk 2014-09-08 23:37 - 2014-09-08 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2 2014-09-08 23:35 - 2014-09-08 23:37 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4 2014-09-08 23:33 - 2014-09-08 23:33 - 00001074 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-09-08 23:22 - 2014-09-08 23:27 - 220827648 _____ () C:\Users\Clara\Downloads\LibreOffice_4.2.6-secfix_Win_x86.msi 2014-09-08 23:17 - 2014-09-08 23:17 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-09-08 23:17 - 2014-09-08 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-09-08 23:15 - 2014-09-08 23:17 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-09-08 23:15 - 2014-09-08 23:17 - 00000000 ____D () C:\Program Files\iTunes 2014-09-08 23:15 - 2014-09-08 23:17 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-09-08 23:15 - 2014-09-08 23:15 - 00000000 ____D () C:\Program Files\iPod 2014-09-08 22:48 - 2014-09-08 22:48 - 00000000 ____D () C:\Windows\en 2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\nl 2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\it 2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\hu 2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\fr 2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\es 2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\de 2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\da 2014-09-08 22:46 - 2014-09-08 22:46 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2014-09-08 22:46 - 2014-09-08 22:46 - 00000000 ____D () C:\Windows\sl 2014-09-08 22:42 - 2014-09-08 22:42 - 00000000 ____D () C:\Program Files\Windows Live 2014-09-08 20:15 - 2014-09-09 22:34 - 00000000 ____D () C:\Windows\SysWOW64\NV 2014-09-08 20:15 - 2014-09-09 22:34 - 00000000 ____D () C:\Windows\system32\NV 2014-09-05 01:34 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-09-05 01:34 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-09-05 01:34 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-09-05 01:34 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-09-05 01:34 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-09-05 01:34 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL 2014-09-05 01:34 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL 2014-09-05 01:34 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL 2014-09-05 01:34 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL 2014-09-05 01:34 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL 2014-09-05 01:34 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-09-05 01:34 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls 2014-09-05 01:00 - 2014-09-10 00:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-05 01:00 - 2014-09-05 01:00 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-05 01:00 - 2014-09-05 01:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-05 01:00 - 2014-09-05 01:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-05 01:00 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-05 01:00 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-30 21:57 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-30 21:57 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-30 21:57 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-30 20:54 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-30 20:54 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-30 20:54 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2014-08-30 20:54 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2014-08-30 20:53 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-30 20:53 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2014-08-30 20:52 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-08-30 20:52 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-18 17:34 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-18 17:34 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-08-18 17:34 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-08-18 17:34 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-08-18 17:33 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-18 17:33 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-18 17:33 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-18 17:33 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-18 17:33 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-08-18 17:33 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-08-18 17:33 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-08-18 17:32 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-18 17:29 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-18 17:29 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-08-18 17:17 - 2014-08-18 17:17 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-08-18 17:16 - 2014-08-18 17:16 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-08-18 17:15 - 2014-08-18 17:15 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-12 00:17 - 2014-09-09 23:52 - 00024364 _____ () C:\Users\Clara\Desktop\FRST.txt 2014-09-12 00:17 - 2014-09-09 23:52 - 00000000 ____D () C:\FRST 2014-09-12 00:16 - 2014-09-12 00:16 - 00029743 _____ () C:\Users\Clara\Desktop\JRT.txt 2014-09-12 00:10 - 2009-07-14 06:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-12 00:10 - 2009-07-14 06:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-12 00:09 - 2013-07-14 19:34 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-12 00:04 - 2013-04-01 19:43 - 00000000 ____D () C:\Windows\ERUNT 2014-09-12 00:03 - 2014-09-12 00:03 - 00005460 _____ () C:\Users\Clara\Desktop\AdwCleaner[S0].txt 2014-09-12 00:03 - 2012-05-24 20:19 - 00000000 ___RD () C:\Users\Clara\Dropbox 2014-09-12 00:03 - 2012-05-24 20:17 - 00000000 ____D () C:\Users\Clara\AppData\Roaming\Dropbox 2014-09-12 00:03 - 2012-02-19 00:06 - 00000000 ____D () C:\Users\Clara\AppData\Roaming\Skype 2014-09-12 00:02 - 2013-07-14 19:34 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-12 00:01 - 2013-03-12 07:48 - 00895026 _____ () C:\Windows\PFRO.log 2014-09-12 00:01 - 2013-02-13 18:08 - 00013786 _____ () C:\Windows\setupact.log 2014-09-12 00:01 - 2011-11-10 21:16 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-09-12 00:01 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-12 00:00 - 2014-09-11 23:58 - 00000000 ____D () C:\AdwCleaner 2014-09-12 00:00 - 2012-02-16 21:35 - 01670574 _____ () C:\Windows\WindowsUpdate.log 2014-09-11 23:57 - 2014-09-11 23:57 - 00002267 _____ () C:\Users\Clara\Desktop\aswMBR.txt 2014-09-11 23:57 - 2014-09-11 23:57 - 00000512 _____ () C:\Users\Clara\Desktop\MBR.dat 2014-09-11 23:46 - 2013-01-14 01:38 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2971180534-3307857154-2361156270-1002UA.job 2014-09-11 23:27 - 2013-04-01 15:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-11 22:46 - 2013-01-14 01:38 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2971180534-3307857154-2361156270-1002Core.job 2014-09-11 22:16 - 2014-09-11 22:16 - 01016261 _____ (Thisisu) C:\Users\Clara\Desktop\JRT.exe 2014-09-11 22:16 - 2014-09-11 22:15 - 01370483 _____ () C:\Users\Clara\Desktop\adwcleaner_3.309.exe 2014-09-11 22:14 - 2014-09-11 22:13 - 05185536 _____ (AVAST Software) C:\Users\Clara\Desktop\aswMBR.exe 2014-09-11 22:05 - 2011-11-04 03:51 - 00700134 _____ () C:\Windows\system32\perfh007.dat 2014-09-11 22:05 - 2011-11-04 03:51 - 00149984 _____ () C:\Windows\system32\perfc007.dat 2014-09-11 22:05 - 2009-07-14 07:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-11 22:04 - 2014-09-11 22:04 - 00000000 ____D () C:\Users\Clara\Desktop\FRST-OlderVersion 2014-09-11 22:04 - 2014-09-09 22:42 - 02105856 _____ (Farbar) C:\Users\Clara\Desktop\FRST64.exe 2014-09-11 09:48 - 2014-09-11 09:48 - 00003274 _____ () C:\Windows\System32\Tasks\{85774FC0-9601-40E7-BBDB-C2716B854ADF} 2014-09-11 09:46 - 2014-09-11 09:46 - 00001272 _____ () C:\Users\Clara\Desktop\Revo Uninstaller.lnk 2014-09-11 09:46 - 2014-09-11 09:46 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-09-11 09:44 - 2014-09-11 09:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Clara\Downloads\revosetup95.exe 2014-09-11 09:22 - 2014-09-10 01:01 - 00014044 _____ () C:\Users\Clara\Desktop\Logs.7z 2014-09-11 09:19 - 2014-09-11 09:19 - 00000348 _____ () C:\Users\Clara\Desktop\AVAST Containerinfos.txt 2014-09-11 09:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-09-10 21:45 - 2013-07-14 19:35 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-09-10 21:41 - 2013-03-30 13:43 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-09-10 01:18 - 2014-09-10 01:18 - 807055908 _____ () C:\Windows\MEMORY.DMP 2014-09-10 01:18 - 2014-09-10 01:18 - 00500248 _____ () C:\Windows\Minidump\091014-25209-01.dmp 2014-09-10 01:18 - 2014-09-10 01:18 - 00000000 ____D () C:\Windows\Minidump 2014-09-10 01:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-09-10 00:39 - 2014-09-10 00:39 - 00002846 _____ () C:\Users\Clara\Desktop\mbam.txt 2014-09-10 00:37 - 2014-09-05 01:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-10 00:27 - 2013-04-01 15:03 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-10 00:27 - 2012-05-28 07:24 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-10 00:27 - 2011-11-07 18:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-10 00:13 - 2014-09-10 00:13 - 00047537 _____ () C:\Users\Clara\Desktop\gmer.txt 2014-09-09 23:55 - 2014-09-09 23:54 - 00054427 _____ () C:\Users\Clara\Desktop\Addition.txt 2014-09-09 23:51 - 2014-09-09 23:51 - 00000472 _____ () C:\Users\Clara\Desktop\defogger_disable.log 2014-09-09 23:51 - 2014-09-09 23:51 - 00000000 _____ () C:\Users\Clara\defogger_reenable 2014-09-09 23:51 - 2012-02-16 21:43 - 00000000 ____D () C:\Users\Clara 2014-09-09 23:14 - 2012-02-16 23:59 - 01596516 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-09 23:13 - 2013-07-21 13:34 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-09 23:02 - 2011-11-03 22:34 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-09 22:59 - 2014-05-07 07:00 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-09 22:34 - 2014-09-08 20:15 - 00000000 ____D () C:\Windows\SysWOW64\NV 2014-09-09 22:34 - 2014-09-08 20:15 - 00000000 ____D () C:\Windows\system32\NV 2014-09-09 22:34 - 2012-02-16 21:44 - 00107320 _____ () C:\Users\Clara\AppData\Local\GDIPFONTCACHEV1.DAT 2014-09-09 22:31 - 2009-07-14 06:45 - 00421544 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-08 23:37 - 2014-09-08 23:37 - 00001468 _____ () C:\Users\Public\Desktop\LibreOffice 4.2.lnk 2014-09-08 23:37 - 2014-09-08 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2 2014-09-08 23:37 - 2014-09-08 23:35 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4 2014-09-08 23:33 - 2014-09-08 23:33 - 00001074 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-09-08 23:27 - 2014-09-08 23:22 - 220827648 _____ () C:\Users\Clara\Downloads\LibreOffice_4.2.6-secfix_Win_x86.msi 2014-09-08 23:17 - 2014-09-08 23:17 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-09-08 23:17 - 2014-09-08 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-09-08 23:17 - 2014-09-08 23:15 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-09-08 23:17 - 2014-09-08 23:15 - 00000000 ____D () C:\Program Files\iTunes 2014-09-08 23:17 - 2014-09-08 23:15 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-09-08 23:15 - 2014-09-08 23:15 - 00000000 ____D () C:\Program Files\iPod 2014-09-08 22:49 - 2012-05-15 07:14 - 00000000 ____D () C:\Users\Clara\Tracing 2014-09-08 22:48 - 2014-09-08 22:48 - 00000000 ____D () C:\Windows\en 2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\nl 2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\it 2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\hu 2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\fr 2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\es 2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\de 2014-09-08 22:47 - 2014-09-08 22:47 - 00000000 ____D () C:\Windows\da 2014-09-08 22:46 - 2014-09-08 22:46 - 00001309 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2014-09-08 22:46 - 2014-09-08 22:46 - 00000000 ____D () C:\Windows\sl 2014-09-08 22:46 - 2013-04-01 21:48 - 00001378 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2014-09-08 22:45 - 2012-05-15 07:02 - 00001494 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk 2014-09-08 22:43 - 2011-11-07 17:57 - 00002538 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk 2014-09-08 22:42 - 2014-09-08 22:42 - 00000000 ____D () C:\Program Files\Windows Live 2014-09-08 22:42 - 2011-11-07 17:56 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-09-08 22:40 - 2013-04-01 21:40 - 00302312 _____ () C:\Windows\DirectX.log 2014-09-08 22:39 - 2014-04-15 18:53 - 00002208 _____ () C:\Users\Clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2014-09-08 22:08 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-09-05 04:10 - 2014-09-09 22:56 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-05 04:05 - 2014-09-09 22:56 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-05 01:47 - 2012-06-16 17:02 - 00000000 ____D () C:\Temp 2014-09-05 01:47 - 2011-11-10 21:16 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-09-05 01:47 - 2011-11-10 21:16 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-09-05 01:42 - 2011-11-10 21:16 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-09-05 01:00 - 2014-09-05 01:00 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-05 01:00 - 2014-09-05 01:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-05 01:00 - 2014-09-05 01:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-05 01:00 - 2012-02-18 23:39 - 00000000 ____D () C:\Users\Clara\AppData\Roaming\Malwarebytes 2014-09-05 01:00 - 2012-02-18 23:39 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-05 00:08 - 2014-09-09 22:42 - 00050477 _____ () C:\Users\Clara\Desktop\Defogger (1).exe 2014-09-05 00:07 - 2014-09-09 22:42 - 00380416 _____ () C:\Users\Clara\Desktop\Gmer-19357.exe 2014-09-04 20:59 - 2012-05-24 20:18 - 00000000 ____D () C:\Users\Clara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-09-02 23:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-08-25 06:53 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-08-23 04:07 - 2014-08-30 21:57 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 03:45 - 2014-08-30 21:57 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-23 02:59 - 2014-08-30 21:57 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-19 20:05 - 2014-09-09 23:16 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-19 19:39 - 2014-09-09 23:16 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-08-19 01:01 - 2014-09-09 23:16 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-19 00:29 - 2014-09-09 23:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-19 00:29 - 2014-09-09 23:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-08-19 00:26 - 2014-09-09 23:16 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-08-19 00:20 - 2014-09-09 23:16 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-19 00:19 - 2014-09-09 23:16 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-19 00:15 - 2014-09-09 23:16 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-19 00:15 - 2014-09-09 23:16 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-19 00:14 - 2014-09-09 23:16 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-08-19 00:14 - 2014-09-09 23:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-08-19 00:08 - 2014-09-09 23:16 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-08-19 00:08 - 2014-09-09 23:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-19 00:08 - 2014-09-09 23:16 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-19 00:05 - 2014-09-09 23:16 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-19 00:03 - 2014-09-09 23:16 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-08-19 00:03 - 2014-09-09 23:16 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-19 00:03 - 2014-09-09 23:16 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-08-18 23:57 - 2014-09-09 23:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-08-18 23:56 - 2014-09-09 23:16 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-08-18 23:51 - 2014-09-09 23:16 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-18 23:46 - 2014-09-09 23:16 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-08-18 23:45 - 2014-09-09 23:16 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-08-18 23:45 - 2014-09-09 23:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-08-18 23:44 - 2014-09-09 23:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-08-18 23:44 - 2014-09-09 23:16 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-08-18 23:42 - 2014-09-09 23:16 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-08-18 23:40 - 2014-09-09 23:16 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-18 23:39 - 2014-09-09 23:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-18 23:39 - 2014-09-09 23:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-08-18 23:39 - 2014-09-09 23:16 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-08-18 23:38 - 2014-09-09 23:16 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-18 23:37 - 2014-09-09 23:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-08-18 23:36 - 2014-09-09 23:16 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-08-18 23:35 - 2014-09-09 23:16 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-08-18 23:27 - 2014-09-09 23:16 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-08-18 23:25 - 2014-09-09 23:16 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-18 23:25 - 2014-09-09 23:16 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-18 23:23 - 2014-09-09 23:16 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-18 23:23 - 2014-09-09 23:16 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-08-18 23:22 - 2014-09-09 23:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-08-18 23:19 - 2014-09-09 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-08-18 23:17 - 2014-09-09 23:16 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-08-18 23:17 - 2014-09-09 23:16 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-08-18 23:16 - 2014-09-09 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-18 23:15 - 2014-09-09 23:16 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-08-18 23:15 - 2014-09-09 23:16 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-18 23:09 - 2014-09-09 23:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-08-18 23:08 - 2014-09-09 23:16 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-08-18 23:07 - 2014-09-09 23:16 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-08-18 22:55 - 2014-09-09 23:16 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-18 22:46 - 2014-09-09 23:16 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-08-18 22:38 - 2014-09-09 23:16 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-08-18 22:38 - 2014-09-09 23:16 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-08-18 22:36 - 2014-09-09 23:16 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-08-18 17:17 - 2014-08-18 17:17 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-08-18 17:16 - 2014-08-18 17:16 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-08-18 17:16 - 2014-02-04 22:05 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-08-18 17:16 - 2013-03-30 13:43 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-08-18 17:16 - 2013-03-30 13:43 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-08-18 17:16 - 2013-03-30 13:43 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-08-18 17:16 - 2013-03-30 13:43 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-08-18 17:16 - 2013-03-30 13:43 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-08-18 17:16 - 2013-03-30 13:43 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-08-18 17:15 - 2014-08-18 17:15 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-08-18 17:15 - 2013-03-30 13:43 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys Some content of TEMP: ==================== C:\Users\Clara\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkftavm.dll C:\Users\Clara\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-10 01:48 |
12.09.2014, 11:02 | #7 |
/// TB-Ausbilder | Viren und Malware gefunden Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter file: C:\Users\Clara\Desktop\MBR.dat emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
12.09.2014, 23:08 | #8 |
| Viren und Malware gefunden FRST liefert: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014 Ran by Clara at 2014-09-12 21:19:04 Run:2 Running from C:\Users\Clara\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** file: C:\Users\Clara\Desktop\MBR.dat emptytemp: ***************** ========================= file: C:\Users\Clara\Desktop\MBR.dat ======================== MD5: FD3A50FD4CA0127ED79DB236D21B3AEA Creation and modification date: 2014-09-11 23:57 - 2014-09-11 23:57 Size: 0000512 Attributes: ----A Company Name: Internal Name: Original Name: Product Name: Description: File Version: Product Version: Copyright: ====== End Of File: ====== EmptyTemp: => Removed -50061640 byte temporary data. The system needed a reboot. ==== End of Fixlog ==== ACHTUNG: Folgende Phänomene sind NEU: Der Rechner hat sich nach dem ersten Start aufgehangen. Der Taskmanager konnte nicht mehr aufgerufen werden. Der Browser konnte nicht geöffnet werden. Nach einigen Minuten wurde der Bildschirm schwarz, nur noch der Mauszeiger war sichtbar - nichts ging mehr. Nach dem Ausschalter ließ sich der Rechner nicht wieder einschalten. Erst eine kurzzeitige Stromunterbrechung (Akku raus und wieder rein), ließ ihn wieder hochfahren. Nach diesem zweiten Anlauf startete der Rechner, AVAST wurde aber nicht richtig gestartet - die Meldung kam, dass AVAST nicht eingeschaltet wäre. Nach manuellem Einschalten von AVAST lief dieser wieder. DANN habe ich den FRST-Lauf gemacht. Am Ende von FRST wird der Rechner durchgestartet - bei diesem erneuten Boot ist AVAST erneut nicht aktiviert worden. Nach dem manuellen Start sind im ersten Anlauf einige Module von AVAST nicht gestartet. Diese konnten dann manuell nachgestartet werden. Dieses Verhalten ist neu! Grüße Habe ergänzend einen Durchlauf mit Malwarebytes gemacht - ohne Befund. Im Anschluss habe ich nochmals AVIRA auf Basis der Desinfect CD durchgeführt - auch kein Befund. Nach einem erneuten Restart hat sich AVAST zunächst gestartet, dann angezeigt, dass es nicht aktiv wäre, dann 30 Sekunden in diesem Zustand verharrt, dann aber erneut sich auf aktiv gesetzt. Dieses Verhalten ist mir noch nie aufgefallen - vielleicht aber ist es auch normal. Seitdem läuft AVAST ganz normal vor sich hin - keine besonderen Auffälligkeiten des Rechners insgesamt. Der ansonsten inzwischen relativ unauffällige Rechner meldet Seitens Secunia PSI noch veraltete Software MSXML4.0. Ein Update habe ich längst durchgeführt - aber die Meldung bleibt hartnäckig dabei.... Ansonsten ist der Rechner inzwischen unauffällig.... |
14.09.2014, 10:24 | #9 |
/// TB-Ausbilder | Viren und Malware gefunden Jo, der MSXML4.0 Fehler ist wohl nen Bug in Secunia, hab ich schon öfters gelesen, ignorieren. Könntest du die C:\Users\Clara\Desktop\MBR.dat Datei bitte als Anhang anfügen ? Downloade Dir bitte SecurityCheck und:
ESET Scan dauert länger: ESET Online Scanner
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
15.09.2014, 06:35 | #10 |
| Viren und Malware gefunden checkup.txt: Code:
ATTFilter Results of screen317's Security Check version 0.99.87 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Secunia PSI (3.0.0.9016) Java 7 Update 55 Java version out of Date! Adobe Flash Player 15.0.0.152 Adobe Reader XI Google Chrome 37.0.2062.103 Google Chrome 37.0.2062.120 ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=074ddae5a72f534db90ac90098e85512 # engine=20148 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-09-15 02:25:00 # local_time=2014-09-15 04:25:00 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='avast! Antivirus' # compatibility_mode=783 16777213 100 92 449740 175168390 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 59294 162377750 0 0 # scanned=444060 # found=14 # cleaned=0 # scan_time=45369 sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir" sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir" sh=FF58643464A06A17B4FE7BC20EF077A4A63CA6D0 ft=1 fh=3ed4f76e1eec9c5a vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Firefox\toolbar@ask.com\plugins\npAviraCallingID.dll" sh=9C1F74613924FCC1259DC3E2BE0BDB31EA2590D9 ft=1 fh=83932a9109e1e39c vn="Variante von Win32/InstallCore.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\AudioConverter\AudioConverter.exe" sh=5BACC04D6EDCA13D15661B1958EBA442CF36DE1E ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Windows\Installer\7ee2fd6b.msi" sh=A9F6A3299D8E5A8B0F8F18915521C8B3E7C9F864 ft=1 fh=a874d3fc82897e2d vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\TOOLS\Medion MediaPack\medion_mediapack_2_ext.exe" sh=4222E6B01BA109D70B345E09610717B941628A19 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="F:\CLARA-COMPUTER\Backup Set 2014-06-27 214523\Backup Files 2014-06-27 214523\Backup files 63.zip" sh=8C1C069389FB5B16E88CA139A79EE98FE437E937 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="F:\CLARA-COMPUTER\Backup Set 2014-06-27 214523\Backup Files 2014-06-27 214523\Backup files 64.zip" sh=F362C7CE85A6408DCB3308E59DF354FABAF9BEE2 ft=0 fh=0000000000000000 vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="F:\CLARA-COMPUTER\Backup Set 2014-06-27 214523\Backup Files 2014-06-27 214523\Backup files 65.zip" sh=CFEB5370851E724ABD1A4C6E7368BDB012227642 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="F:\CLARA-COMPUTER\Backup Set 2014-06-27 214523\Backup Files 2014-06-27 214523\Backup files 66.zip" sh=CF78B3D864320BF62789EF1DF2F9D6DA20617D16 ft=0 fh=0000000000000000 vn="möglicherweise Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="F:\CLARA-PC\Backup Set 2011-12-13 193351\Backup Files 2011-12-25 220625\Backup files 11.zip" sh=22FDEEE2C806F85BBCC73DC7F97A25944846C3F7 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="F:\CLARA-PC\Backup Set 2011-12-13 193351\Backup Files 2011-12-25 220625\Backup files 5.zip" sh=FCBC957C16FDE00890549F2E48DC1244D23E9F10 ft=0 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung" ac=I fn="F:\CLARA-PC\Backup Set 2011-12-13 193351\Backup Files 2011-12-26 113753\Backup files 1.zip" sh=9C7C2D52C2FD09FE7A81D8B7D6702FA0E81C53A9 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="F:\CLARA-PC\Backup Set 2011-12-13 193351\Backup Files 2011-12-26 113753\Backup files 125.zip" Code:
ATTFilter 3ÀŽÐ¼ |ûŽÀŽØ‹ô¿ ¹ üó¤ê` POWERRECOVER H:PRESS <F11> TO RUN RECOVERY... W ÿÿÿÿÿÿÿÿ†L½¾0¬´3ÛÍ ÀuõãþSSè˜ ë6htfXf‡G$f£®‹lúf¡¿T±òf¯ût ¡l+Â=Z væf¡®f‰G$uG»Â}€?tO€Ãsö€ë€?u(f‹wf‹Ö³Â`fRè< arfW€?t'f‹WfÖ€tá€ûÂwË»(ë»Â}€ü x€Ãsõëþfÿwè ÿäÈ ´²€ÍŠÁ$?þÆŠØöæÀé†ÍA‘÷á9V‹V‹Fs÷ñ‘’öó†ÍÀáÌAŠð¸» |†&ëƒÄRPh |jj‹ô¸ B²€ÍÉ PS»*$ˆGä`<àt<t<*t<6t<8t„Àyfƒ' ëþˆ[Xê *ÃÒ+ € ! ß ßþÿÿ ( •2 Áÿþÿÿ H˜2 € Áÿþÿÿ H: Uª Wolltest du diese als Dateianhang hochgeladen haben? Die Endung DAT kann ich so nicht hochladen.... Grüße |
15.09.2014, 13:38 | #11 |
/// TB-Ausbilder | Viren und Malware gefunden Dann mach bitte ne .zip aus der MBR.DAT
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
15.09.2014, 19:57 | #12 |
| Viren und Malware gefunden Im Anhang 2 Dateien - mbr.zip und auch mbr.7z Ich hoffe, eine davon kannst du nutzen. Danke und Grüße |
18.09.2014, 08:36 | #13 |
/// TB-Ausbilder | Viren und Malware gefunden Sorry Thema ist mir kurz vom Radar entwischt Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Firefox\toolbar@ask.com\plugins\npAviraCallingID.dll C:\Windows\Installer\7ee2fd6b.msi D:\TOOLS\Medion MediaPack\medion_mediapack_2_ext.exe Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Die Antiviren Software ist nicht up-to-date lt. SecurityCheck. Ansonsten sind die Logs jetzt sauber (nach dem Fix) ! Die Reihenfolge ist hier entscheidend.
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ändere regelmäßig alle deine Passwörter, jetzt, nach der Bereinigung ist ein idealer Zeitpunkt dafür
Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti-Viren-Programm und zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden. Mozilla Firefox
Performance
Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
19.09.2014, 09:03 | #14 |
| Viren und Malware gefunden Ok, alles erledigt, PC läuft wieder wie geschmiert..... Vielen Dank und Grüße Spende folgt ! |