| |
| |||||||
Log-Analyse und Auswertung: Windows 8; Security AlertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.10.2014, 22:14
| #1 |
 |  Windows 8; Security Alert Guten Abend, ich vermute, ich habe mir beim Surfen mit FF eine Bedrohung eingefangen. Nach einiger Zeit erscheint ein Warnfester "Security Alert" mit der Meldung " Potential threat details" auf meinem Bildschirm (siehe Anlage). Diese Software benutze ich nicht und das Fenster lässt sich auch nicht so einfach schließen. Der Einsatz Malwarebytes Anti-Malware führte nicht zum Erfolg. Ist dieses nach euer Erfahrung ein Schädling und wie bekomme ich selbigen von meinem Rechner? Danke für die Hilfe. |
|
16.10.2014, 06:30
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 8; Security Alert Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
16.10.2014, 07:34
| #3 |
| | Windows 8; Security Alert Guten Morgen,
__________________hier die Logs: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-10-2014 02
Ran by ***** at 2014-10-15 22:39:00
Running from C:\Users\*****\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Creo Thumbnail Viewer 2.0 (HKLM\...\{3F8CCE46-EAFD-4283-9ADB-7025EAC2CF64}) (Version: 30.12.480 - PTC)
Designer 2.0 (HKLM-x32\...\Designer 2.0_is1) (Version: 7.9.6 - Fomanu AG)
EPSON BX525WD Series Printer Uninstall (HKLM\...\EPSON BX525WD Series) (Version: - SEIKO EPSON Corporation)
ETDWare PS/2-X64 11.6.22.201_WHQL (HKLM\...\Elantech) (Version: 11.6.22.201 - ELAN Microelectronic Corp.)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Access MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft DCF MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Groove MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MKS Platform Components 9.x (HKLM\...\{30023972-0000-0903-9ABB-000BDB5CF35D}) (Version: 9.3.0000 - Mortice Kern Systems)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nitro Reader 3 (HKLM\...\{4756C731-B54E-451A-9AF1-86E8AB1BEBBB}) (Version: 3.5.6.5 - Nitro)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PDF24 Creator 6.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDF-XChange Editor (HKLM-x32\...\{87738bc6-bdf0-4e55-86b5-32ddece8f51d}) (Version: 5.5.308.2 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Editor (Version: 5.5.308.2 - Tracker Software Products (Canada) Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14034.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14034.17 - Samsung Electronics Co., Ltd.) Hidden
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
28-09-2014 10:14:08 Windows Modules Installer
12-10-2014 11:45:06 Windows Update
15-10-2014 14:00:54 Removed Optimum PC Boost
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1ECBF38A-C1F9-4547-8C0E-5695D37BB6C4} - \FoxTab No Task File <==== ATTENTION
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {24CEFABA-9030-40FB-BFAA-9E04940F6B71} - System32\Tasks\Optimum_LogOn => C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {34F2800C-218C-4493-B520-02E7D528467D} - System32\Tasks\Secure Fast PC Auto Updater => C:\Users\*****\AppData\Roaming\Developerts LLC USA\SFPC Auto Updater.exe [2014-10-02] ()
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {54563E16-A00B-4B48-A263-DB6B9422D70C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {6388F555-9135-46AF-9F1B-4BAFB6FB0C91} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-10-15] ()
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6E8769E4-B628-47C0-B468-F349793D9594} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {75DB2D10-5C76-483B-98F9-DB654B2A08EB} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7EBDCA38-F63D-4DF7-B6B8-D6182402285D} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {8677F14A-FF43-4CE0-9EA7-F73DEDD3B8AA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {93389A9A-DE2D-41E8-BD68-ABACF0A06316} - \Digital Sites No Task File <==== ATTENTION
Task: {9B5D8BD6-5619-4E34-ABC9-6456A17CC707} - System32\Tasks\Optimum_Daily => C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe
Task: {9DB07B69-CE48-436F-BE9A-FD809EFBA494} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9EAF8CB8-1FC6-4C8F-8D66-7E95E4BC0BF2} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B5805C99-52AB-4A13-8DF8-98CB3574508A} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {B8EEEEDB-BEC3-48D3-8AB1-3E75E328D19C} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {C0017E72-34E6-454E-BD30-C4974CD6B77A} - System32\Tasks\Microsoft Office 15 Sync Maintenance for *****_LAPTOP-***** *****_Laptop => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E7B7DC04-38BC-4B75-81FE-F23C12A2E2E6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-19] (AVAST Software)
Task: {EF3F3EE7-C823-4AB9-A716-0BDA67B410DD} - System32\Tasks\Secure Fast PC Autorun => C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Secure Fast PC.exe
Task: {FEC944E4-4B72-4175-B1DB-9C72EEF41725} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
==================== Loaded Modules (whitelisted) =============
2014-09-12 21:40 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-09 21:33 - 2014-07-02 10:13 - 01427736 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
2014-10-02 13:24 - 2014-10-02 13:32 - 00187904 _____ () C:\Users\*****\AppData\Roaming\Developerts LLC USA\SFPC Auto Updater.exe
2012-10-01 21:36 - 2012-10-01 21:36 - 01408624 _____ () C:\Program Files\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2014-10-15 14:42 - 2014-10-15 14:42 - 02874368 _____ () C:\Program Files\AVAST Software\Avast\defs\14101500\algo.dll
2014-10-15 22:05 - 2014-10-15 22:05 - 02874368 _____ () C:\Program Files\AVAST Software\Avast\defs\14101506\algo.dll
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 09789208 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wgui14.dll
2014-04-09 21:32 - 2014-07-02 10:14 - 03880216 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wcore14.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 00035608 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsdcom48.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 00322840 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsguiwinapi48.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 00309016 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rscorewinapi48.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 02738456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfvie14.dll
2014-04-09 21:32 - 2014-02-11 11:53 - 01043456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-core.dll
2014-04-09 21:32 - 2014-02-11 11:53 - 00250368 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-contribs-lib.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 00136472 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsodbc48.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 02116376 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wsteu14.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 01932568 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wreli14.dll
2014-04-09 21:32 - 2014-02-11 11:53 - 00094720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-shared.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 04326168 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wauff14.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 01564952 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wmain14.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 05291288 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae114.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 01698584 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae214.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 01809688 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae314.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 01627928 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae414.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 01117976 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau114.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 01341208 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau214.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 01309464 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wwerb14.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 07340824 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wkont14.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 01286936 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wimp14.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 01331480 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfabu14.dll
2014-04-12 13:48 - 2014-04-12 13:48 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-26 22:39 - 2014-09-26 22:39 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\*****\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
========================= Accounts: ==========================
Administrator (S-1-5-21-835766522-2148508782-3467690004-500 - Administrator - Disabled)
Gast (S-1-5-21-835766522-2148508782-3467690004-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-835766522-2148508782-3467690004-1003 - Limited - Enabled)
***** (S-1-5-21-835766522-2148508782-3467690004-1001 - Administrator - Enabled) => C:\Users\*****
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/15/2014 03:21:30 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (10/15/2014 03:14:44 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=TimerEvent
Error: (10/15/2014 03:14:07 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=TimerEvent
Error: (10/15/2014 03:01:51 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=TimerEvent
Error: (10/15/2014 03:00:59 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=TimerEvent
Error: (10/15/2014 03:00:08 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (10/15/2014 02:43:03 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=TimerEvent
Error: (10/15/2014 02:42:09 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=TimerEvent
Error: (10/15/2014 00:43:09 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:
hr=0xC004F074
Befehlszeilenargumente:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (10/15/2014 11:07:53 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418225
System errors:
=============
Error: (10/15/2014 10:04:24 PM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT-AUTORITÄT)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x1
Error: (10/15/2014 08:46:24 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
Error: (10/15/2014 06:33:52 PM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT-AUTORITÄT)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x1
Error: (10/15/2014 06:33:35 PM) (Source: DCOM) (EventID: 10010) (User: *****_LAPTOP)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (10/15/2014 06:33:10 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
Error: (10/15/2014 02:59:12 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
Error: (10/15/2014 00:42:13 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
Error: (10/14/2014 08:48:42 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
Error: (10/14/2014 06:06:41 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
Error: (10/14/2014 06:04:25 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
Microsoft Office Sessions:
=========================
Error: (10/15/2014 03:21:30 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (10/15/2014 03:14:44 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=TimerEvent
Error: (10/15/2014 03:14:07 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=TimerEvent
Error: (10/15/2014 03:01:51 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=TimerEvent
Error: (10/15/2014 03:00:59 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=TimerEvent
Error: (10/15/2014 03:00:08 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (10/15/2014 02:43:03 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=TimerEvent
Error: (10/15/2014 02:42:09 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=TimerEvent
Error: (10/15/2014 00:43:09 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0xC004F074RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (10/15/2014 11:07:53 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418225
CodeIntegrity Errors:
===================================
Date: 2014-05-19 22:49:34.167
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 22%
Total physical RAM: 8076.36 MB
Available physical RAM: 6292.54 MB
Total Pagefile: 9356.36 MB
Available Pagefile: 7414.82 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.79 GB) (Free:43.3 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:465.67 GB) (Free:380.82 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 285EB630)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-10-2014 02
Ran by ***** (administrator) on *****_LAPTOP on 15-10-2014 22:38:33
Running from C:\Users\*****\Downloads
Loaded Profile: ***** (Available profiles: *****)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(MKS Software Inc.) C:\Windows\System32\nutsrv4.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PTC) C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIGAU.EXE
() C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Users\*****\AppData\Roaming\Developerts LLC USA\SFPC Auto Updater.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890640 2013-04-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [NuTCSetupEnviron] => C:\Program Files\PTC\MKS Toolkit\bin\ncoeenv.exe [37160 2009-11-23] (MKS Software Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-15] (AVAST Software)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-835766522-2148508782-3467690004-1001\...\Run: [EPSON BX525WD Series (Kopie 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAU.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/software/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Winsock: Catalog9 12 C:\Windows\SysWOW64\nutafun4.dll [164144] (MKS Software Inc.)
Winsock: Catalog9 13 C:\Windows\SysWOW64\nutafun4.dll [164144] (MKS Software Inc.)
Winsock: Catalog9-x64 12 %SystemRoot%\system32\nutafun4.dll [205024] (MKS Software Inc.)
Winsock: Catalog9-x64 13 %SystemRoot%\system32\nutafun4.dll [205024] (MKS Software Inc.)
Tcpip\..\Interfaces\{1F682D7F-7F47-4161-876D-BF1F0BF9F912}: [NameServer] 208.67.222.222 208.67.220.220
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\emjgm50o.default-1397678037534
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-12]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\*****\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-02-17]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-19] (AVAST Software)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2013-04-10] (ELAN Microelectronics Corp.)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 NuTCRACKERService; C:\Windows\system32\nutsrv4.exe [563424 2009-11-10] (MKS Software Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PortmapperService; C:\Program Files\PTC/PTC Portmapper/i486_nt/obj/portmap.exe [676864 2014-02-02] (PTC) [File not signed]
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
R3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-19] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-19] ()
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-20] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [455240 2013-03-05] (RTS Corporation)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-15 22:38 - 2014-10-15 22:38 - 00014617 _____ () C:\Users\*****\Downloads\FRST.txt
2014-10-15 22:38 - 2014-10-15 22:38 - 00000000 ____D () C:\Users\*****\Desktop\Neuer Ordner
2014-10-15 22:37 - 2014-10-15 22:38 - 00000000 ____D () C:\FRST
2014-10-15 22:36 - 2014-10-15 22:37 - 02111488 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe
2014-10-15 22:34 - 2014-10-15 22:35 - 00000472 _____ () C:\Users\*****\Downloads\defogger_disable.log
2014-10-15 22:34 - 2014-10-15 22:34 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-10-15 22:33 - 2014-10-15 22:33 - 00050477 _____ () C:\Users\*****\Downloads\Defogger.exe
2014-10-15 18:41 - 2014-10-15 18:41 - 00000000 ____D () C:\Users\*****\Downloads\Kunststoff
2014-10-15 18:35 - 2014-10-15 18:37 - 00000000 ____D () C:\Users\*****\Downloads\Heizung
2014-10-15 18:34 - 2014-10-15 18:40 - 00000000 ____D () C:\Users\*****\Downloads\Fotobuch_Addon
2014-10-15 16:38 - 2014-10-15 22:06 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-10-15 16:38 - 2014-10-15 18:34 - 00000000 ____D () C:\Windows\AutoKMS
2014-10-15 16:30 - 2014-10-15 16:30 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2014-10-15 16:24 - 2014-10-15 16:29 - 51553449 _____ () C:\Users\*****\Downloads\mito225.rar
2014-10-15 16:13 - 2014-10-15 16:13 - 00000000 ____D () C:\Users\*****\AppData\Local\SFPC_Auto_Updater
2014-10-15 16:01 - 2014-10-15 16:01 - 00000659 _____ () C:\Windows\system32\InstallUtil.InstallLog
2014-10-15 15:58 - 2014-10-15 16:00 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Developerts LLC USA
2014-10-15 15:58 - 2014-10-15 15:59 - 00000000 ____D () C:\Users\*****\AppData\Roaming\OptimumPcBoost
2014-10-15 15:58 - 2014-10-15 15:58 - 00004014 _____ () C:\Windows\System32\Tasks\Secure Fast PC Auto Updater
2014-10-15 15:58 - 2014-10-15 15:58 - 00003942 _____ () C:\Windows\System32\Tasks\Optimum_Daily
2014-10-15 15:58 - 2014-10-15 15:58 - 00003570 _____ () C:\Windows\System32\Tasks\Secure Fast PC Autorun
2014-10-15 15:58 - 2014-10-15 15:58 - 00003512 _____ () C:\Windows\System32\Tasks\Optimum_LogOn
2014-10-15 15:58 - 2014-10-15 15:58 - 00000000 ____D () C:\Users\*****\AppData\Roaming\.minecraft
2014-10-15 15:58 - 2014-10-15 15:58 - 00000000 ____D () C:\Users\*****\AppData\Local\Developerts_LLC
2014-10-15 15:52 - 2014-10-15 15:52 - 00000000 ____D () C:\Users\*****\Downloads\Windows Activate 8.1 x64 & x86
2014-10-15 15:12 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll
2014-10-15 15:12 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll
2014-10-15 12:43 - 2014-10-15 14:59 - 00919163 _____ () C:\Users\Public\Documents\trail.txt.40
2014-10-14 23:32 - 2014-10-14 23:36 - 00129256 _____ () C:\Users\Public\Documents\trail.txt.39
2014-10-14 16:44 - 2014-10-14 23:32 - 03430078 _____ () C:\Users\Public\Documents\trail.txt.38
2014-10-14 10:00 - 2014-10-14 13:59 - 01911616 _____ () C:\Users\Public\Documents\trail.txt.37
2014-10-13 21:22 - 2014-10-14 00:56 - 02786659 _____ () C:\Users\Public\Documents\trail.txt.36
2014-10-13 20:44 - 2014-10-13 21:14 - 00319444 _____ () C:\Users\Public\Documents\trail.txt.35
2014-10-13 20:16 - 2014-10-15 13:51 - 00000000 ____D () C:\Users\*****\Desktop\Kotflügel
2014-10-13 19:38 - 2014-10-13 20:38 - 00124606 _____ () C:\Users\Public\Documents\trail.txt.34
2014-10-13 19:38 - 2014-10-13 19:38 - 00000000 ____D () C:\Users\*****\AppData\Roaming\NVIDIA
2014-10-13 14:07 - 2014-10-15 22:17 - 00005136 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for *****_LAPTOP-***** *****_Laptop
2014-10-12 13:45 - 2014-08-16 06:08 - 21195616 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-12 13:45 - 2014-08-16 05:16 - 18722600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-12 13:45 - 2014-08-16 02:17 - 08757760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-10-12 13:44 - 2014-08-29 03:58 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-10-12 13:44 - 2014-08-29 03:32 - 02779136 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-12 13:44 - 2014-08-29 02:59 - 03117568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-12 13:44 - 2014-08-29 01:56 - 02646016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-10-12 13:44 - 2014-08-29 01:47 - 02321920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-10-12 13:44 - 2014-08-26 00:27 - 04148736 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-12 13:44 - 2014-08-16 06:08 - 01507648 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-10-12 13:44 - 2014-08-16 06:01 - 01710184 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-10-12 13:44 - 2014-08-16 05:58 - 01112512 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-10-12 13:44 - 2014-08-16 05:57 - 02498880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-12 13:44 - 2014-08-16 05:57 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-10-12 13:44 - 2014-08-16 05:16 - 01205976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-10-12 13:44 - 2014-08-16 05:03 - 01467384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-10-12 13:44 - 2014-08-16 03:31 - 00838144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-10-12 13:44 - 2014-08-16 03:04 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2014-10-12 13:44 - 2014-08-16 02:58 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2014-10-12 13:44 - 2014-08-16 02:53 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2014-10-12 13:44 - 2014-08-16 02:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll
2014-10-12 13:44 - 2014-08-16 02:45 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2014-10-12 13:44 - 2014-08-16 02:43 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2014-10-12 13:44 - 2014-08-16 02:43 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2014-10-12 13:44 - 2014-08-16 02:31 - 00914432 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-10-12 13:44 - 2014-08-16 02:31 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll
2014-10-12 13:44 - 2014-08-16 02:29 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-12 13:44 - 2014-08-16 02:23 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-10-12 13:44 - 2014-08-16 02:22 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-10-12 13:44 - 2014-08-16 02:22 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-10-12 13:44 - 2014-08-16 02:20 - 00921600 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-10-12 13:44 - 2014-08-16 02:19 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-12 13:44 - 2014-08-16 02:18 - 04758528 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-10-12 13:44 - 2014-08-16 02:14 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-10-12 13:44 - 2014-08-16 02:13 - 06649344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-12 13:44 - 2014-08-16 02:13 - 05902848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-10-12 13:44 - 2014-08-16 02:13 - 00840192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-10-12 13:44 - 2014-08-16 02:11 - 00920064 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-10-12 13:44 - 2014-08-16 02:11 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-10-12 13:44 - 2014-08-16 02:10 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-10-12 13:44 - 2014-08-16 02:08 - 05777408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-12 13:44 - 2014-08-16 02:07 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-10-12 13:44 - 2014-08-01 01:22 - 00388729 _____ () C:\Windows\system32\ApnDatabase.xml
2014-09-29 21:54 - 2014-09-29 21:54 - 00000000 __SHD () C:\Users\*****\AppData\Local\EmieUserList
2014-09-29 21:54 - 2014-09-29 21:54 - 00000000 __SHD () C:\Users\*****\AppData\Local\EmieSiteList
2014-09-26 22:39 - 2014-09-26 22:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-19 19:35 - 2014-09-19 19:48 - 00000000 ____D () C:\Users\*****\Desktop\Bilder_IPHONE
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-15 22:37 - 2014-01-26 23:58 - 01601837 _____ () C:\Windows\WindowsUpdate.log
2014-10-15 22:34 - 2014-01-27 00:03 - 00000000 ____D () C:\Users\*****
2014-10-15 22:15 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-15 22:11 - 2014-01-27 00:09 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-835766522-2148508782-3467690004-1001
2014-10-15 22:10 - 2014-01-27 00:02 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-15 22:10 - 2013-09-30 05:58 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2014-10-15 22:10 - 2013-09-30 05:58 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2014-10-15 22:06 - 2014-01-27 00:05 - 00000000 ___DO () C:\Users\*****\SkyDrive
2014-10-15 22:04 - 2013-09-29 21:05 - 00543216 _____ () C:\Windows\PFRO.log
2014-10-15 22:04 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-15 22:04 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-15 22:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-10-15 21:56 - 2014-04-16 21:15 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-15 21:51 - 2014-04-16 21:14 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-15 21:51 - 2014-04-16 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-15 21:51 - 2014-04-16 21:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-10-15 18:42 - 2014-09-03 19:58 - 00163840 ___SH () C:\Users\*****\Downloads\Thumbs.db
2014-10-15 16:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\tracing
2014-10-15 12:43 - 2014-02-02 22:44 - 00000112 _____ () C:\Users\Public\Documents\std.err
2014-10-15 12:43 - 2014-02-02 22:44 - 00000038 _____ () C:\Users\Public\Documents\std.out
2014-10-13 19:49 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-10-13 19:38 - 2014-07-16 13:13 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Nitro PDF
2014-10-13 18:50 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-12 13:47 - 2014-04-11 20:25 - 00000000 ____D () C:\Users\*****\Documents\Mein Steuer-Sparbuch Heute
2014-10-12 13:47 - 2013-08-22 16:44 - 00498048 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-12 13:46 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-10-12 13:46 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2014-10-07 11:07 - 2014-01-27 23:04 - 00000000 ____D () C:\Users\*****\AppData\Roaming\vlc
2014-10-07 10:29 - 2013-08-22 16:46 - 00051275 _____ () C:\Windows\setupact.log
2014-10-07 10:16 - 2014-02-16 13:50 - 00042496 ___SH () C:\Users\*****\Desktop\Thumbs.db
2014-09-29 21:33 - 2014-01-27 00:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-18 20:45 - 2013-09-30 06:00 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-18 20:45 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-09-18 20:45 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-18 20:45 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-18 20:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2014-09-18 20:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\InputMethod
2014-09-18 20:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\setup
2014-09-18 20:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-18 20:45 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\oobe
2014-09-16 22:02 - 2014-05-23 22:32 - 00000000 ____D () C:\Users\*****\Documents\Nancy
2014-09-15 19:42 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\52377uninstall.exe
C:\Users\*****\AppData\Local\Temp\AcDeltree.exe
C:\Users\*****\AppData\Local\Temp\amazonicon_v4.exe
C:\Users\*****\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\*****\AppData\Local\Temp\BackupSetup.exe
C:\Users\*****\AppData\Local\Temp\Execute2App.exe
C:\Users\*****\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\*****\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\*****\AppData\Local\Temp\HNK_2010.exe
C:\Users\*****\AppData\Local\Temp\ICReinstall_DownloadManagerSetup.exe
C:\Users\*****\AppData\Local\Temp\msvcp90.dll
C:\Users\*****\AppData\Local\Temp\msvcr100.dll
C:\Users\*****\AppData\Local\Temp\msvcr90.dll
C:\Users\*****\AppData\Local\Temp\nitro_reader3_64.exe
C:\Users\*****\AppData\Local\Temp\PidGenX.dll
C:\Users\*****\AppData\Local\Temp\pimuninstall.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\sdanircmdc.exe
C:\Users\*****\AppData\Local\Temp\sdapskill.exe
C:\Users\*****\AppData\Local\Temp\sdaspwn.exe
C:\Users\*****\AppData\Local\Temp\Sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-13 19:46
==================== End Of Log ============================
--- --- --- |
|
16.10.2014, 07:35
| #4 |
| | Windows 8; Security Alert und der Dritte: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-15 22:55:50
Windows 6.2.9200 x64 \Device\Harddisk1\DR1 -> \Device\0000002c Crucial_CT120M500SSD3 rev.MU03 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\*****\AppData\Local\Temp\kgldapow.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[640] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Windows\system32\services.exe[696] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Windows\system32\lsass.exe[704] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Windows\system32\winlogon.exe[752] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Windows\system32\svchost.exe[824] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Windows\system32\svchost.exe[864] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[972] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Windows\system32\dwm.exe[988] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd18fb28c0 7 bytes JMP 00007ffe18640260
.text C:\Windows\system32\dwm.exe[988] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd18fb43d8 7 bytes JMP 00007ffe18640298
.text C:\Windows\system32\dwm.exe[988] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Windows\system32\dwm.exe[988] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd19061f20 7 bytes JMP 00007ffe18640308
.text C:\Windows\system32\dwm.exe[988] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd190640b4 7 bytes JMP 00007ffe18640340
.text C:\Windows\system32\dwm.exe[988] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd19064510 7 bytes JMP 00007ffe186402d0
.text C:\Windows\system32\dwm.exe[988] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd1908cea0 7 bytes JMP 00007ffe186401f0
.text C:\Windows\system32\dwm.exe[988] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd1908cf10 7 bytes JMP 00007ffe18640228
.text C:\Windows\system32\dwm.exe[988] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd186a299c 7 bytes JMP 00007ffe186400d8
.text C:\Windows\system32\dwm.exe[988] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd186a54c8 5 bytes JMP 00007ffe18640180
.text C:\Windows\system32\dwm.exe[988] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd186a55b0 5 bytes JMP 00007ffe18640148
.text C:\Windows\system32\dwm.exe[988] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd186a5e58 5 bytes JMP 00007ffe18640110
.text C:\Windows\system32\dwm.exe[988] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd18716200 5 bytes JMP 00007ffe186401b8
.text C:\Windows\system32\dwm.exe[988] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd1968b6f4 10 bytes JMP 00007ffe18640420
.text C:\Windows\system32\dwm.exe[988] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd196945e8 5 bytes JMP 00007ffe186403e8
.text C:\Windows\system32\dwm.exe[988] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd19694760 9 bytes JMP 00007ffe18640378
.text C:\Windows\system32\dwm.exe[988] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd196a4fc0 5 bytes JMP 00007ffe186403b0
.text C:\Windows\system32\dwm.exe[988] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd196a5cb0 5 bytes JMP 00007ffe18640458
.text C:\Windows\system32\dwm.exe[988] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd18b01500 1 byte JMP 00007ffe18640490
.text C:\Windows\system32\dwm.exe[988] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd18b01502 6 bytes {JMP 0xffffffffffb3ef90}
.text C:\Windows\system32\dwm.exe[988] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd18b01750 8 bytes JMP 00007ffe186404c8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[76] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd18fb28c0 7 bytes JMP 00007ffe18640260
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[76] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd18fb43d8 7 bytes JMP 00007ffe18640298
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[76] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[76] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd19061f20 7 bytes JMP 00007ffe18640308
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[76] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd190640b4 7 bytes JMP 00007ffe18640340
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[76] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd19064510 7 bytes JMP 00007ffe186402d0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[76] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd1908cea0 7 bytes JMP 00007ffe186401f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[76] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd1908cf10 7 bytes JMP 00007ffe18640228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[76] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd186a299c 7 bytes JMP 00007ffe186400d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[76] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd186a54c8 5 bytes JMP 00007ffe18640180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[76] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd186a55b0 5 bytes JMP 00007ffe18640148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[76] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd186a5e58 5 bytes JMP 00007ffe18640110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[76] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd18716200 5 bytes JMP 00007ffe186401b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[76] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd19469318 7 bytes JMP 00007ffe18640538
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[76] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffd1946cbe0 7 bytes JMP 00007ffe18640500
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[76] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd1968b6f4 10 bytes JMP 00007ffe18640420
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[76] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd196945e8 5 bytes JMP 00007ffe186403e8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[76] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd19694760 9 bytes JMP 00007ffe18640378
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[76] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd196a4fc0 5 bytes JMP 00007ffe186403b0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[76] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd196a5cb0 5 bytes JMP 00007ffe18640458
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[76] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd18b01500 1 byte JMP 00007ffe18640490
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[76] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd18b01502 6 bytes {JMP 0xffffffffffb3ef90}
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[76] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd18b01750 8 bytes JMP 00007ffe186404c8
.text C:\Windows\system32\nvvsvc.exe[288] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[288] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd198c169a 4 bytes [8C, 19, FD, 7F]
.text C:\Windows\system32\nvvsvc.exe[288] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd198c16a2 4 bytes [8C, 19, FD, 7F]
.text C:\Windows\system32\nvvsvc.exe[288] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd198c181a 4 bytes [8C, 19, FD, 7F]
.text C:\Windows\system32\nvvsvc.exe[288] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd198c1832 4 bytes [8C, 19, FD, 7F]
.text C:\Windows\System32\svchost.exe[304] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Windows\System32\svchost.exe[468] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Windows\system32\svchost.exe[548] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Windows\system32\svchost.exe[896] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Windows\system32\svchost.exe[1288] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffd198c169a 4 bytes [8C, 19, FD, 7F]
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffd198c16a2 4 bytes [8C, 19, FD, 7F]
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffd198c181a 4 bytes [8C, 19, FD, 7F]
.text C:\Windows\System32\spoolsv.exe[1500] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffd198c1832 4 bytes [8C, 19, FD, 7F]
.text C:\Windows\system32\svchost.exe[1560] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Windows\system32\AdminService.exe[1708] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1744] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Program Files\Elantech\ETDService.exe[1772] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Windows\system32\dashost.exe[1816] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe[1844] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Windows\system32\nutsrv4.exe[1896] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2004] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Windows\system32\svchost.exe[1572] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Windows\system32\svchost.exe[2404] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[2456] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2632] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Windows\system32\conhost.exe[2640] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Windows\system32\wbem\unsecapp.exe[2748] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[3056] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Windows\system32\taskhostex.exe[2788] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd18fb28c0 7 bytes JMP 00007ffe18640260
.text C:\Windows\system32\taskhostex.exe[2788] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd18fb43d8 7 bytes JMP 00007ffe18640298
.text C:\Windows\system32\taskhostex.exe[2788] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Windows\system32\taskhostex.exe[2788] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd19061f20 7 bytes JMP 00007ffe18640308
.text C:\Windows\system32\taskhostex.exe[2788] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd190640b4 7 bytes JMP 00007ffe18640340
.text C:\Windows\system32\taskhostex.exe[2788] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd19064510 7 bytes JMP 00007ffe186402d0
.text C:\Windows\system32\taskhostex.exe[2788] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd1908cea0 7 bytes JMP 00007ffe186401f0
.text C:\Windows\system32\taskhostex.exe[2788] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd1908cf10 7 bytes JMP 00007ffe18640228
.text C:\Windows\system32\taskhostex.exe[2788] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd186a299c 7 bytes JMP 00007ffe186400d8
.text C:\Windows\system32\taskhostex.exe[2788] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd186a54c8 5 bytes JMP 00007ffe18640180
.text C:\Windows\system32\taskhostex.exe[2788] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd186a55b0 5 bytes JMP 00007ffe18640148
.text C:\Windows\system32\taskhostex.exe[2788] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd186a5e58 5 bytes JMP 00007ffe18640110
.text C:\Windows\system32\taskhostex.exe[2788] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd18716200 5 bytes JMP 00007ffe186401b8
.text C:\Windows\system32\taskhostex.exe[2788] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW 00007ffd1968b6f4 10 bytes JMP 00007ffe18640420
.text C:\Windows\system32\taskhostex.exe[2788] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesW 00007ffd196945e8 5 bytes JMP 00007ffe186403e8
.text C:\Windows\system32\taskhostex.exe[2788] C:\Windows\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo 00007ffd19694760 9 bytes JMP 00007ffe18640378
.text C:\Windows\system32\taskhostex.exe[2788] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesA 00007ffd196a4fc0 5 bytes JMP 00007ffe186403b0
.text C:\Windows\system32\taskhostex.exe[2788] C:\Windows\SYSTEM32\user32.dll!ChangeDisplaySettingsExW 00007ffd196a5cb0 5 bytes JMP 00007ffe18640458
.text C:\Windows\system32\taskhostex.exe[2788] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd18b01500 1 byte JMP 00007ffe18640490
.text C:\Windows\system32\taskhostex.exe[2788] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd18b01502 6 bytes {JMP 0xffffffffffb3ef90}
.text C:\Windows\system32\taskhostex.exe[2788] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd18b01750 8 bytes JMP 00007ffe186404c8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3008] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd18fb28c0 7 bytes JMP 00007ffe18640260
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3008] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd18fb43d8 7 bytes JMP 00007ffe18640298
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3008] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3008] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd19061f20 7 bytes JMP 00007ffe18640308
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3008] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd190640b4 7 bytes JMP 00007ffe18640340
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3008] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd19064510 7 bytes JMP 00007ffe186402d0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3008] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd1908cea0 7 bytes JMP 00007ffe186401f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3008] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd1908cf10 7 bytes JMP 00007ffe18640228
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3008] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd186a299c 7 bytes JMP 00007ffe186400d8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3008] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd186a54c8 5 bytes JMP 00007ffe18640180
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3008] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd186a55b0 5 bytes JMP 00007ffe18640148
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3008] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd186a5e58 5 bytes JMP 00007ffe18640110
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3008] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd18716200 5 bytes JMP 00007ffe186401b8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3008] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd1968b6f4 10 bytes JMP 00007ffe18640420
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3008] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd196945e8 5 bytes JMP 00007ffe186403e8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3008] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd19694760 9 bytes JMP 00007ffe18640378
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3008] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd196a4fc0 5 bytes JMP 00007ffe186403b0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3008] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd196a5cb0 5 bytes JMP 00007ffe18640458
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3008] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd18b01500 1 byte JMP 00007ffe18640490
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3008] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd18b01502 6 bytes {JMP 0xffffffffffb3ef90}
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3008] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd18b01750 8 bytes JMP 00007ffe186404c8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3008] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9Ex 00007ffd0f92a204 4 bytes JMP 00007ffd186405a8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3008] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9 00007ffd0f9422cc 6 bytes JMP 00007ffd18640570
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3008] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd19469318 7 bytes JMP 00007ffe18640538
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3008] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffd1946cbe0 7 bytes JMP 00007ffe18640500
.text C:\Windows\system32\conhost.exe[1416] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Windows\Explorer.EXE[3084] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Program Files\Elantech\ETDCtrl.exe[3488] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd18fb28c0 7 bytes JMP 00007ffe18640260
.text C:\Program Files\Elantech\ETDCtrl.exe[3488] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd18fb43d8 7 bytes JMP 00007ffe18640298
.text C:\Program Files\Elantech\ETDCtrl.exe[3488] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Program Files\Elantech\ETDCtrl.exe[3488] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd19061f20 7 bytes JMP 00007ffe18640308
.text C:\Program Files\Elantech\ETDCtrl.exe[3488] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd190640b4 7 bytes JMP 00007ffe18640340
.text C:\Program Files\Elantech\ETDCtrl.exe[3488] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd19064510 7 bytes JMP 00007ffe186402d0
.text C:\Program Files\Elantech\ETDCtrl.exe[3488] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd1908cea0 7 bytes JMP 00007ffe186401f0
.text C:\Program Files\Elantech\ETDCtrl.exe[3488] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd1908cf10 7 bytes JMP 00007ffe18640228
.text C:\Program Files\Elantech\ETDCtrl.exe[3488] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd186a299c 7 bytes JMP 00007ffe186400d8
.text C:\Program Files\Elantech\ETDCtrl.exe[3488] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd186a54c8 5 bytes JMP 00007ffe18640180
.text C:\Program Files\Elantech\ETDCtrl.exe[3488] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd186a55b0 5 bytes JMP 00007ffe18640148
.text C:\Program Files\Elantech\ETDCtrl.exe[3488] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd186a5e58 5 bytes JMP 00007ffe18640110
.text C:\Program Files\Elantech\ETDCtrl.exe[3488] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd18716200 5 bytes JMP 00007ffe186401b8
.text C:\Program Files\Elantech\ETDCtrl.exe[3488] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd1968b6f4 10 bytes JMP 00007ffe18640420
.text C:\Program Files\Elantech\ETDCtrl.exe[3488] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd196945e8 5 bytes JMP 00007ffe186403e8
.text C:\Program Files\Elantech\ETDCtrl.exe[3488] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd19694760 9 bytes JMP 00007ffe18640378
.text C:\Program Files\Elantech\ETDCtrl.exe[3488] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd196a4fc0 5 bytes JMP 00007ffe186403b0
.text C:\Program Files\Elantech\ETDCtrl.exe[3488] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd196a5cb0 5 bytes JMP 00007ffe18640458
.text C:\Program Files\Elantech\ETDCtrl.exe[3488] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd18b01500 1 byte JMP 00007ffe18640490
.text C:\Program Files\Elantech\ETDCtrl.exe[3488] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd18b01502 6 bytes {JMP 0xffffffffffb3ef90}
.text C:\Program Files\Elantech\ETDCtrl.exe[3488] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd18b01750 8 bytes JMP 00007ffe186404c8
.text C:\Program Files\Elantech\ETDCtrl.exe[3488] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd19469318 7 bytes JMP 00007ffe18640538
.text C:\Program Files\Elantech\ETDCtrl.exe[3488] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffd1946cbe0 7 bytes JMP 00007ffe18640500
.text C:\Program Files\Elantech\ETDTouch.exe[4076] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd18fb28c0 7 bytes JMP 00007ffe18640260
.text C:\Program Files\Elantech\ETDTouch.exe[4076] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd18fb43d8 7 bytes JMP 00007ffe18640298
.text C:\Program Files\Elantech\ETDTouch.exe[4076] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Program Files\Elantech\ETDTouch.exe[4076] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd19061f20 7 bytes JMP 00007ffe18640308
.text C:\Program Files\Elantech\ETDTouch.exe[4076] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd190640b4 7 bytes JMP 00007ffe18640340
.text C:\Program Files\Elantech\ETDTouch.exe[4076] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd19064510 7 bytes JMP 00007ffe186402d0
.text C:\Program Files\Elantech\ETDTouch.exe[4076] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd1908cea0 7 bytes JMP 00007ffe186401f0
.text C:\Program Files\Elantech\ETDTouch.exe[4076] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd1908cf10 7 bytes JMP 00007ffe18640228
.text C:\Program Files\Elantech\ETDTouch.exe[4076] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd186a299c 7 bytes JMP 00007ffe186400d8
.text C:\Program Files\Elantech\ETDTouch.exe[4076] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd186a54c8 5 bytes JMP 00007ffe18640180
.text C:\Program Files\Elantech\ETDTouch.exe[4076] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd186a55b0 5 bytes JMP 00007ffe18640148
.text C:\Program Files\Elantech\ETDTouch.exe[4076] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd186a5e58 5 bytes JMP 00007ffe18640110
.text C:\Program Files\Elantech\ETDTouch.exe[4076] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd18716200 5 bytes JMP 00007ffe186401b8
.text C:\Program Files\Elantech\ETDTouch.exe[4076] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd1968b6f4 10 bytes JMP 00007ffe18640420
.text C:\Program Files\Elantech\ETDTouch.exe[4076] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd196945e8 5 bytes JMP 00007ffe186403e8
.text C:\Program Files\Elantech\ETDTouch.exe[4076] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd19694760 9 bytes JMP 00007ffe18640378
.text C:\Program Files\Elantech\ETDTouch.exe[4076] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd196a4fc0 5 bytes JMP 00007ffe186403b0
.text C:\Program Files\Elantech\ETDTouch.exe[4076] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd196a5cb0 5 bytes JMP 00007ffe18640458
.text C:\Program Files\Elantech\ETDTouch.exe[4076] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd18b01500 1 byte JMP 00007ffe18640490
.text C:\Program Files\Elantech\ETDTouch.exe[4076] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd18b01502 6 bytes {JMP 0xffffffffffb3ef90}
.text C:\Program Files\Elantech\ETDTouch.exe[4076] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd18b01750 8 bytes JMP 00007ffe186404c8
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4060] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd18fb28c0 7 bytes JMP 00007ffe18590260
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4060] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd18fb43d8 7 bytes JMP 00007ffe18590298
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4060] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4060] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd19061f20 7 bytes JMP 00007ffe18590308
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4060] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd190640b4 7 bytes JMP 00007ffe18590340
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4060] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd19064510 7 bytes JMP 00007ffe185902d0
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4060] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd1908cea0 7 bytes JMP 00007ffe185901f0
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4060] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd1908cf10 7 bytes JMP 00007ffe18590228
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4060] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd186a299c 7 bytes JMP 00007ffe185900d8
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4060] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd186a54c8 5 bytes JMP 00007ffe18590180
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4060] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd186a55b0 5 bytes JMP 00007ffe18590148
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4060] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd186a5e58 5 bytes JMP 00007ffe18590110
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4060] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd18716200 5 bytes JMP 00007ffe185901b8
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4060] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd1968b6f4 10 bytes JMP 00007ffe18590420
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4060] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd196945e8 5 bytes JMP 00007ffe185903e8
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4060] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd19694760 9 bytes JMP 00007ffe18590378
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4060] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd196a4fc0 5 bytes JMP 00007ffe185903b0
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4060] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd196a5cb0 5 bytes JMP 00007ffe18590458
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4060] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd18b01500 1 byte JMP 00007ffe18590490
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4060] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd18b01502 6 bytes {JMP 0xffffffffffa8ef90}
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4060] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd18b01750 8 bytes JMP 00007ffe185904c8
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4060] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd19469318 7 bytes JMP 00007ffe18590538
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4060] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffd1946cbe0 7 bytes JMP 00007ffe18590500
.text C:\Windows\system32\SearchIndexer.exe[1440] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1056] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd18fb28c0 7 bytes JMP 00007ffe18590260
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1056] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd18fb43d8 7 bytes JMP 00007ffe18590298
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1056] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1056] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd19061f20 7 bytes JMP 00007ffe18590308
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1056] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd190640b4 7 bytes JMP 00007ffe18590340
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1056] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd19064510 7 bytes JMP 00007ffe185902d0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1056] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd1908cea0 7 bytes JMP 00007ffe185901f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1056] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd1908cf10 7 bytes JMP 00007ffe18590228
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1056] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd186a299c 7 bytes JMP 00007ffe185900d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1056] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd186a54c8 5 bytes JMP 00007ffe18590180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1056] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd186a55b0 5 bytes JMP 00007ffe18590148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1056] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd186a5e58 5 bytes JMP 00007ffe18590110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1056] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd18716200 5 bytes JMP 00007ffe185901b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1056] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd1968b6f4 10 bytes JMP 00007ffe18590420
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1056] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd196945e8 5 bytes JMP 00007ffe185903e8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1056] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd19694760 9 bytes JMP 00007ffe18590378
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1056] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd196a4fc0 5 bytes JMP 00007ffe185903b0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1056] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd196a5cb0 5 bytes JMP 00007ffe18590458
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1056] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd18b01500 1 byte JMP 00007ffe18590490
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1056] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd18b01502 6 bytes {JMP 0xffffffffffa8ef90}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1056] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd18b01750 8 bytes JMP 00007ffe185904c8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1056] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd19469318 7 bytes JMP 00007ffe18590538
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[1056] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffd1946cbe0 7 bytes JMP 00007ffe18590500
.text C:\Windows\System32\skydrive.exe[984] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd18fb28c0 7 bytes JMP 00007ffe18640260
.text C:\Windows\System32\skydrive.exe[984] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd18fb43d8 7 bytes JMP 00007ffe18640298
.text C:\Windows\System32\skydrive.exe[984] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Windows\System32\skydrive.exe[984] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd19061f20 7 bytes JMP 00007ffe18640308
.text C:\Windows\System32\skydrive.exe[984] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd190640b4 7 bytes JMP 00007ffe18640340
.text C:\Windows\System32\skydrive.exe[984] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd19064510 7 bytes JMP 00007ffe186402d0
.text C:\Windows\System32\skydrive.exe[984] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd1908cea0 7 bytes JMP 00007ffe186401f0
.text C:\Windows\System32\skydrive.exe[984] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd1908cf10 7 bytes JMP 00007ffe18640228
.text C:\Windows\System32\skydrive.exe[984] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd186a299c 7 bytes JMP 00007ffe186400d8
.text C:\Windows\System32\skydrive.exe[984] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd186a54c8 5 bytes JMP 00007ffe18640180
.text C:\Windows\System32\skydrive.exe[984] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd186a55b0 5 bytes JMP 00007ffe18640148
.text C:\Windows\System32\skydrive.exe[984] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd186a5e58 5 bytes JMP 00007ffe18640110
.text C:\Windows\System32\skydrive.exe[984] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd18716200 5 bytes JMP 00007ffe186401b8
.text C:\Windows\System32\skydrive.exe[984] C:\Windows\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd19469318 7 bytes JMP 00007ffe18640538
.text C:\Windows\System32\skydrive.exe[984] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffd1946cbe0 7 bytes JMP 00007ffe18640500
.text C:\Windows\System32\skydrive.exe[984] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd18b01500 1 byte JMP 00007ffe18640490
.text C:\Windows\System32\skydrive.exe[984] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd18b01502 6 bytes {JMP 0xffffffffffb3ef90}
.text C:\Windows\System32\skydrive.exe[984] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd18b01750 8 bytes JMP 00007ffe186404c8
.text C:\Windows\System32\skydrive.exe[984] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd1968b6f4 10 bytes JMP 00007ffe18640420
.text C:\Windows\System32\skydrive.exe[984] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd196945e8 5 bytes JMP 00007ffe186403e8
.text C:\Windows\System32\skydrive.exe[984] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd19694760 9 bytes JMP 00007ffe18640378
.text C:\Windows\System32\skydrive.exe[984] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd196a4fc0 5 bytes JMP 00007ffe186403b0
.text C:\Windows\System32\skydrive.exe[984] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd196a5cb0 5 bytes JMP 00007ffe18640458
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2984] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2984] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ffd136d1f6a 4 bytes [6D, 13, FD, 7F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2984] C:\Windows\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ffd136d1f82 4 bytes [6D, 13, FD, 7F]
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIGAU.EXE[4684] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd18fb28c0 7 bytes JMP 00007ffe18640260
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIGAU.EXE[4684] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd18fb43d8 7 bytes JMP 00007ffe18640298
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIGAU.EXE[4684] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIGAU.EXE[4684] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd19061f20 7 bytes JMP 00007ffe18640308
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIGAU.EXE[4684] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd190640b4 7 bytes JMP 00007ffe18640340
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIGAU.EXE[4684] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd19064510 7 bytes JMP 00007ffe186402d0
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIGAU.EXE[4684] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd1908cea0 7 bytes JMP 00007ffe186401f0
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIGAU.EXE[4684] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd1908cf10 7 bytes JMP 00007ffe18640228
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIGAU.EXE[4684] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd186a299c 7 bytes JMP 00007ffe186400d8
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIGAU.EXE[4684] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd186a54c8 5 bytes JMP 00007ffe18640180
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIGAU.EXE[4684] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd186a55b0 5 bytes JMP 00007ffe18640148
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIGAU.EXE[4684] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd186a5e58 5 bytes JMP 00007ffe18640110
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIGAU.EXE[4684] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd18716200 5 bytes JMP 00007ffe186401b8
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIGAU.EXE[4684] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd1968b6f4 10 bytes JMP 00007ffe18640420
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIGAU.EXE[4684] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd196945e8 5 bytes JMP 00007ffe186403e8
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIGAU.EXE[4684] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd19694760 9 bytes JMP 00007ffe18640378
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIGAU.EXE[4684] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd196a4fc0 5 bytes JMP 00007ffe186403b0
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIGAU.EXE[4684] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd196a5cb0 5 bytes JMP 00007ffe18640458
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIGAU.EXE[4684] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd18b01500 1 byte JMP 00007ffe18640490
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIGAU.EXE[4684] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd18b01502 6 bytes {JMP 0xffffffffffb3ef90}
.text C:\Windows\System32\spool\drivers\x64\3\E_IATIGAU.EXE[4684] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd18b01750 8 bytes JMP 00007ffe186404c8
.text C:\Windows\system32\wbem\unsecapp.exe[4996] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd18fb28c0 7 bytes JMP 00007ffe18640260
.text C:\Windows\system32\wbem\unsecapp.exe[4996] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd18fb43d8 7 bytes JMP 00007ffe18640298
.text C:\Windows\system32\wbem\unsecapp.exe[4996] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Windows\system32\wbem\unsecapp.exe[4996] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd19061f20 7 bytes JMP 00007ffe18640308
.text C:\Windows\system32\wbem\unsecapp.exe[4996] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd190640b4 7 bytes JMP 00007ffe18640340
.text C:\Windows\system32\wbem\unsecapp.exe[4996] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd19064510 7 bytes JMP 00007ffe186402d0
.text C:\Windows\system32\wbem\unsecapp.exe[4996] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd1908cea0 7 bytes JMP 00007ffe186401f0
.text C:\Windows\system32\wbem\unsecapp.exe[4996] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd1908cf10 7 bytes JMP 00007ffe18640228
.text C:\Windows\system32\wbem\unsecapp.exe[4996] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd186a299c 7 bytes JMP 00007ffe186400d8
.text C:\Windows\system32\wbem\unsecapp.exe[4996] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd186a54c8 5 bytes JMP 00007ffe18640180
.text C:\Windows\system32\wbem\unsecapp.exe[4996] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd186a55b0 5 bytes JMP 00007ffe18640148
.text C:\Windows\system32\wbem\unsecapp.exe[4996] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd186a5e58 5 bytes JMP 00007ffe18640110
.text C:\Windows\system32\wbem\unsecapp.exe[4996] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd18716200 5 bytes JMP 00007ffe186401b8
.text C:\Windows\system32\wbem\unsecapp.exe[4996] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW 00007ffd1968b6f4 10 bytes JMP 00007ffe18640420
.text C:\Windows\system32\wbem\unsecapp.exe[4996] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesW 00007ffd196945e8 5 bytes JMP 00007ffe186403e8
.text C:\Windows\system32\wbem\unsecapp.exe[4996] C:\Windows\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo 00007ffd19694760 9 bytes JMP 00007ffe18640378
.text C:\Windows\system32\wbem\unsecapp.exe[4996] C:\Windows\SYSTEM32\user32.dll!EnumDisplayDevicesA 00007ffd196a4fc0 5 bytes JMP 00007ffe186403b0
.text C:\Windows\system32\wbem\unsecapp.exe[4996] C:\Windows\SYSTEM32\user32.dll!ChangeDisplaySettingsExW 00007ffd196a5cb0 5 bytes JMP 00007ffe18640458
.text C:\Windows\system32\wbem\unsecapp.exe[4996] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd18b01500 1 byte JMP 00007ffe18640490
.text C:\Windows\system32\wbem\unsecapp.exe[4996] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd18b01502 6 bytes {JMP 0xffffffffffb3ef90}
.text C:\Windows\system32\wbem\unsecapp.exe[4996] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd18b01750 8 bytes JMP 00007ffe186404c8
.text C:\Program Files\iPod\bin\iPodService.exe[4444] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Windows\System32\SettingSyncHost.exe[5296] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd18fb28c0 7 bytes JMP 00007ffe18640260
.text C:\Windows\System32\SettingSyncHost.exe[5296] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd18fb43d8 7 bytes JMP 00007ffe18640298
.text C:\Windows\System32\SettingSyncHost.exe[5296] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Windows\System32\SettingSyncHost.exe[5296] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd19061f20 7 bytes JMP 00007ffe18640308
.text C:\Windows\System32\SettingSyncHost.exe[5296] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd190640b4 7 bytes JMP 00007ffe18640340
.text C:\Windows\System32\SettingSyncHost.exe[5296] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd19064510 7 bytes JMP 00007ffe186402d0
.text C:\Windows\System32\SettingSyncHost.exe[5296] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd1908cea0 7 bytes JMP 00007ffe186401f0
.text C:\Windows\System32\SettingSyncHost.exe[5296] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd1908cf10 7 bytes JMP 00007ffe18640228
.text C:\Windows\System32\SettingSyncHost.exe[5296] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd186a299c 7 bytes JMP 00007ffe186400d8
.text C:\Windows\System32\SettingSyncHost.exe[5296] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd186a54c8 5 bytes JMP 00007ffe18640180
.text C:\Windows\System32\SettingSyncHost.exe[5296] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd186a55b0 5 bytes JMP 00007ffe18640148
.text C:\Windows\System32\SettingSyncHost.exe[5296] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd186a5e58 5 bytes JMP 00007ffe18640110
.text C:\Windows\System32\SettingSyncHost.exe[5296] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd18716200 5 bytes JMP 00007ffe186401b8
.text C:\Windows\system32\taskeng.exe[5668] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd18fb28c0 7 bytes JMP 00007ffe18640260
.text C:\Windows\system32\taskeng.exe[5668] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd18fb43d8 7 bytes JMP 00007ffe18640298
.text C:\Windows\system32\taskeng.exe[5668] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
.text C:\Windows\system32\taskeng.exe[5668] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffd19061f20 7 bytes JMP 00007ffe18640308
.text C:\Windows\system32\taskeng.exe[5668] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffd190640b4 7 bytes JMP 00007ffe18640340
.text C:\Windows\system32\taskeng.exe[5668] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd19064510 7 bytes JMP 00007ffe186402d0
.text C:\Windows\system32\taskeng.exe[5668] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd1908cea0 7 bytes JMP 00007ffe186401f0
.text C:\Windows\system32\taskeng.exe[5668] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd1908cf10 7 bytes JMP 00007ffe18640228
.text C:\Windows\system32\taskeng.exe[5668] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd186a299c 7 bytes JMP 00007ffe186400d8
.text C:\Windows\system32\taskeng.exe[5668] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffd186a54c8 5 bytes JMP 00007ffe18640180
.text C:\Windows\system32\taskeng.exe[5668] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd186a55b0 5 bytes JMP 00007ffe18640148
.text C:\Windows\system32\taskeng.exe[5668] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd186a5e58 5 bytes JMP 00007ffe18640110
.text C:\Windows\system32\taskeng.exe[5668] C:\Windows\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd18716200 5 bytes JMP 00007ffe186401b8
.text C:\Windows\system32\taskeng.exe[5668] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd1968b6f4 10 bytes JMP 00007ffe18640420
.text C:\Windows\system32\taskeng.exe[5668] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd196945e8 5 bytes JMP 00007ffe186403e8
.text C:\Windows\system32\taskeng.exe[5668] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd19694760 9 bytes JMP 00007ffe18640378
.text C:\Windows\system32\taskeng.exe[5668] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd196a4fc0 5 bytes JMP 00007ffe186403b0
.text C:\Windows\system32\taskeng.exe[5668] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd196a5cb0 5 bytes JMP 00007ffe18640458
.text C:\Windows\system32\taskeng.exe[5668] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd18b01500 1 byte JMP 00007ffe18640490
.text C:\Windows\system32\taskeng.exe[5668] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd18b01502 6 bytes {JMP 0xffffffffffb3ef90}
.text C:\Windows\system32\taskeng.exe[5668] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd18b01750 8 bytes JMP 00007ffe186404c8
.text C:\Users\*****\AppData\Roaming\Developerts LLC USA\SFPC Auto Updater.exe[4724] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffd1968b6f4 10 bytes JMP 00007ffe18640420
.text C:\Users\*****\AppData\Roaming\Developerts LLC USA\SFPC Auto Updater.exe[4724] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffd196945e8 5 bytes JMP 00007ffe186403e8
.text C:\Users\*****\AppData\Roaming\Developerts LLC USA\SFPC Auto Updater.exe[4724] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd19694760 9 bytes JMP 00007ffe18640378
.text C:\Users\*****\AppData\Roaming\Developerts LLC USA\SFPC Auto Updater.exe[4724] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffd196a4fc0 5 bytes JMP 00007ffe186403b0
.text C:\Users\*****\AppData\Roaming\Developerts LLC USA\SFPC Auto Updater.exe[4724] C:\Windows\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd196a5cb0 5 bytes JMP 00007ffe18640458
.text C:\Windows\system32\AUDIODG.EXE[5072] C:\Windows\SYSTEM32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffd18fc553d 1 byte [62]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [648:672] fffff96000883b90
Thread C:\Windows\system32\svchost.exe [548:5260] 00007ffd0e8910e0
Thread C:\Windows\system32\svchost.exe [548:4672] 00007ffd135238e0
Thread C:\Windows\Explorer.EXE [3084:5856] 00007ffd11f7d73c
---- Processes - GMER 2.1 ----
Process C:\Users\*****\AppData\Roaming\Developerts LLC USA\SFPC Auto Updater.exe (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\Developerts LLC USA\SFPC Auto Updater.exe [4724](2014-10-02 11:24:00) 0000000000cf0000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0x62 0xBA 0xE5 0xCF ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x9B 0x9A 0x0E 0x5D ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0xBD 0x08 0xE6 0xCF ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0x84 0x55 0x14 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@de-DE 51
Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\AUO12ED0_00_07DC_95^039255CF9C6747F8F32810EF7488A6F0@Timestamp 0x3B 0xEE 0xA4 0x51 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 700
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{B6BD6744-D44E-4AEB-8EA3-18DF45F0A88F}\Connection@Name Reusable ISATAP Interface {B6BD6744-D44E-4AEB-8EA3-18DF45F0A88F}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\$Recycle.Bin\S-1-5-21-835766522-2148508782-3467690004-1001\$RODSHLK.exe??\??\C:\Users\*****\AppData\Local\Temp\fullpackage_temp1397246295\qSE.exe??
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 3900032
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed 662445302
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 55
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 424886358
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 0
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 3184
Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 9887e116-9012-4af9-8881-c07bfa2
Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@BootCounter 18
Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\485ab68b48d6
Reg HKLM\SYSTEM\CurrentControlSet\Services\bthserv\Parameters\BluetoothControlPanelTasks@State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{3cc046a9-bb06-42cb-9277-3544cd18e41a}@LastProbeTime 1413398042
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{B6BD6744-D44E-4AEB-8EA3-18DF45F0A88F}@InterfaceName Reusable ISATAP Interface {B6BD6744-D44E-4AEB-8EA3-18DF45F0A88F}
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{B6BD6744-D44E-4AEB-8EA3-18DF45F0A88F}@ReusableType 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{DCA11EED-C43D-46AE-B42D-A7BFB67E5E7B}@DefunctTimestamp 0xC6 0xA1 0x3E 0x54 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 5335
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 1944
Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 53
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@DhcpDomain fritz.box
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@DhcpNameServer 192.168.178.1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C87837F6-FA2F-43A3-8DDB-22CB2CE080E1}@LeaseObtainedTime 1413398784
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C87837F6-FA2F-43A3-8DDB-22CB2CE080E1}@T1 1413830784
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C87837F6-FA2F-43A3-8DDB-22CB2CE080E1}@T2 1414154784
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C87837F6-FA2F-43A3-8DDB-22CB2CE080E1}@LeaseTerminatesTime 1414262784
Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\iexplore@Count 375
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsRequestBucketCounter 99
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime 0x02 0x93 0xB4 0xFE ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime 0x02 0x93 0xB4 0xFE ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime 0x02 0x93 0xB4 0xFE ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalRequestBucketCounter 99
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime 0x02 0x93 0xB4 0xFE ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@RoamingSyncToken LM%3d63548999760933%3bID%3d65D7AE8ADF8DDD53!104%3bLR%3d63548999761567%3bEP%3d4%3bTD%3dTrue
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\RegistrarData@LastRenewCollectionsInterest 0x73 0x93 0xA1 0xB1 ...
---- EOF - GMER 2.1 ----
|
|
16.10.2014, 18:34
| #5 |
| /// the machine /// TB-Ausbilder | Windows 8; Security Alert Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.10.2014, 19:57
| #6 |
| | Windows 8; Security Alert Guten Abend, hier die benötigten Logs: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 16.10.2014 Suchlauf-Zeit: 20:16:38 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.10.16.05 Rootkit Datenbank: v2014.10.15.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: ***** Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 316882 Verstrichene Zeit: 6 Min, 31 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v4.000 - Bericht erstellt am 16/10/2014 um 20:32:14
# DB v2014-10-15.7
# Aktualisiert 12/10/2014 von Xplode
# Betriebssystem : Windows 8.1 Pro (64 bits)
# Benutzername : ***** - *****_LAPTOP
# Gestartet von : C:\Users\*****\Downloads\AdwCleaner_4.000.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
Task Gelöscht : Digital Sites
Task Gelöscht : FoxTab
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\OCS
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17278
-\\ Mozilla Firefox v32.0.3 (x86 de)
*************************
AdwCleaner[R0].txt - [2902 octets] - [16/04/2014 21:28:02]
AdwCleaner[R1].txt - [2415 octets] - [16/10/2014 20:26:42]
AdwCleaner[R2].txt - [2475 octets] - [16/10/2014 20:30:34]
AdwCleaner[S0].txt - [2454 octets] - [16/04/2014 21:32:57]
AdwCleaner[S1].txt - [2289 octets] - [16/10/2014 20:32:14]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2349 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 8.1 Pro x64
Ran by ***** on 16.10.2014 at 20:40:52,24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Windows\prefetch\SPEEDUPMYPC-STANDALONE-SETUP.-B3D7416C.pf
Successfully deleted: [File] C:\Windows\prefetch\SPEEDUPMYPC.TMP-EE55A3C6.pf
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\emjgm50o.default-1397678037534\minidumps [10 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.10.2014 at 20:43:37,94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-10-2014 02
Ran by ***** (administrator) on *****_LAPTOP on 16-10-2014 20:50:16
Running from C:\Users\*****\Downloads
Loaded Profile: ***** (Available profiles: *****)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(MKS Software Inc.) C:\Windows\System32\nutsrv4.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PTC) C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIGAU.EXE
() C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890640 2013-04-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [NuTCSetupEnviron] => C:\Program Files\PTC\MKS Toolkit\bin\ncoeenv.exe [37160 2009-11-23] (MKS Software Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-15] (AVAST Software)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-835766522-2148508782-3467690004-1001\...\Run: [EPSON BX525WD Series (Kopie 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAU.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/software/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\emjgm50o.default-1397678037534
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\emjgm50o.default-1397678037534\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\emjgm50o.default-1397678037534\searchplugins\google-maps.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Cliqz Beta - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\emjgm50o.default-1397678037534\Extensions\cliqz@cliqz.com.xpi [2014-10-15]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-12]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-19] (AVAST Software)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2013-04-10] (ELAN Microelectronics Corp.)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 NuTCRACKERService; C:\Windows\system32\nutsrv4.exe [563424 2009-11-10] (MKS Software Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PortmapperService; C:\Program Files\PTC/PTC Portmapper/i486_nt/obj/portmap.exe [676864 2014-02-02] (PTC) [File not signed]
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
R3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-19] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-19] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-19] ()
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-20] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [455240 2013-03-05] (RTS Corporation)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-16 20:50 - 2014-10-16 20:50 - 00014131 _____ () C:\Users\*****\Downloads\FRST.txt
2014-10-16 20:43 - 2014-10-16 20:43 - 00000936 _____ () C:\Users\*****\Desktop\JRT.txt
2014-10-16 20:37 - 2014-10-16 20:37 - 01705698 _____ (Thisisu) C:\Users\*****\Downloads\JRT(1).exe
2014-10-16 20:25 - 2014-10-16 20:25 - 01976320 _____ () C:\Users\*****\Downloads\AdwCleaner_4.000.exe
2014-10-16 08:55 - 2014-10-16 08:55 - 00000000 ____D () C:\Users\*****\Documents\Fax
2014-10-15 22:49 - 2014-10-15 22:49 - 00380416 _____ () C:\Users\*****\Downloads\Gmer-19357.exe
2014-10-15 22:38 - 2014-10-16 20:24 - 00000000 ____D () C:\Users\*****\Desktop\Trojaner
2014-10-15 22:37 - 2014-10-16 20:50 - 00000000 ____D () C:\FRST
2014-10-15 22:36 - 2014-10-15 22:37 - 02111488 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe
2014-10-15 22:34 - 2014-10-15 22:35 - 00000472 _____ () C:\Users\*****\Downloads\defogger_disable.log
2014-10-15 22:34 - 2014-10-15 22:34 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-10-15 22:33 - 2014-10-15 22:33 - 00050477 _____ () C:\Users\*****\Downloads\Defogger.exe
2014-10-15 22:17 - 2014-09-28 00:25 - 04183040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 22:17 - 2014-09-04 02:10 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-10-15 22:17 - 2014-09-04 01:57 - 00921600 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-10-15 22:17 - 2014-09-04 01:49 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-10-15 22:16 - 2014-09-08 05:15 - 00054752 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-15 22:16 - 2014-09-08 03:46 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-15 22:16 - 2014-09-08 03:46 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-15 22:16 - 2014-09-08 02:08 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-15 22:16 - 2014-09-08 02:07 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-15 22:16 - 2014-09-08 02:05 - 03448320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-15 22:16 - 2014-09-08 02:04 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-10-15 22:16 - 2014-09-08 02:04 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-15 22:16 - 2014-09-08 02:03 - 01702400 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-15 22:16 - 2014-09-08 02:03 - 00839680 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-15 22:16 - 2014-09-08 01:59 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-15 22:16 - 2014-09-08 01:59 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-15 22:16 - 2014-09-08 01:56 - 00672256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-15 22:16 - 2014-09-08 01:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-15 22:15 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 22:15 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 22:15 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 22:15 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 22:15 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 22:15 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 22:15 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 22:15 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 22:15 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 22:15 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 22:15 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 22:15 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 22:15 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 22:15 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 22:15 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 22:15 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 22:15 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 22:15 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 22:15 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 22:15 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 22:15 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 22:15 - 2014-09-19 02:42 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 22:15 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 22:15 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 22:15 - 2014-09-19 02:20 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 22:15 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 22:15 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 22:15 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 22:15 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 22:15 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 22:15 - 2014-09-13 08:29 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 22:15 - 2014-09-13 08:02 - 02779648 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 22:15 - 2014-09-13 07:49 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 22:15 - 2014-09-13 07:30 - 03117568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 22:15 - 2014-09-04 02:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 22:15 - 2014-09-04 02:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 18:41 - 2014-10-15 18:41 - 00000000 ____D () C:\Users\*****\Downloads\Kunststoff
2014-10-15 18:35 - 2014-10-16 13:47 - 00000000 ____D () C:\Users\*****\Downloads\Heizung
2014-10-15 18:34 - 2014-10-15 18:40 - 00000000 ____D () C:\Users\*****\Downloads\Fotobuch_Addon
2014-10-15 16:38 - 2014-10-16 20:35 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-10-15 16:38 - 2014-10-15 18:34 - 00000000 ____D () C:\Windows\AutoKMS
2014-10-15 16:30 - 2014-10-15 16:30 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2014-10-15 16:24 - 2014-10-15 16:29 - 51553449 _____ () C:\Users\*****\Downloads\mito225.rar
2014-10-15 16:13 - 2014-10-15 16:13 - 00000000 ____D () C:\Users\*****\AppData\Local\SFPC_Auto_Updater
2014-10-15 16:01 - 2014-10-15 16:01 - 00000659 _____ () C:\Windows\system32\InstallUtil.InstallLog
2014-10-15 15:58 - 2014-10-15 16:00 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Developerts LLC USA
2014-10-15 15:58 - 2014-10-15 15:59 - 00000000 ____D () C:\Users\*****\AppData\Roaming\OptimumPcBoost
2014-10-15 15:58 - 2014-10-15 15:58 - 00004014 _____ () C:\Windows\System32\Tasks\Secure Fast PC Auto Updater
2014-10-15 15:58 - 2014-10-15 15:58 - 00003942 _____ () C:\Windows\System32\Tasks\Optimum_Daily
2014-10-15 15:58 - 2014-10-15 15:58 - 00003570 _____ () C:\Windows\System32\Tasks\Secure Fast PC Autorun
2014-10-15 15:58 - 2014-10-15 15:58 - 00003512 _____ () C:\Windows\System32\Tasks\Optimum_LogOn
2014-10-15 15:58 - 2014-10-15 15:58 - 00000000 ____D () C:\Users\*****\AppData\Roaming\.minecraft
2014-10-15 15:58 - 2014-10-15 15:58 - 00000000 ____D () C:\Users\*****\AppData\Local\Developerts_LLC
2014-10-15 15:52 - 2014-10-15 15:52 - 00000000 ____D () C:\Users\*****\Downloads\Windows Activate 8.1 x64 & x86
2014-10-15 15:12 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll
2014-10-15 15:12 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll
2014-10-15 12:43 - 2014-10-15 14:59 - 00919163 _____ () C:\Users\Public\Documents\trail.txt.40
2014-10-14 23:32 - 2014-10-14 23:36 - 00129256 _____ () C:\Users\Public\Documents\trail.txt.39
2014-10-14 16:44 - 2014-10-14 23:32 - 03430078 _____ () C:\Users\Public\Documents\trail.txt.38
2014-10-14 10:00 - 2014-10-14 13:59 - 01911616 _____ () C:\Users\Public\Documents\trail.txt.37
2014-10-13 21:22 - 2014-10-14 00:56 - 02786659 _____ () C:\Users\Public\Documents\trail.txt.36
2014-10-13 20:44 - 2014-10-13 21:14 - 00319444 _____ () C:\Users\Public\Documents\trail.txt.35
2014-10-13 20:16 - 2014-10-15 13:51 - 00000000 ____D () C:\Users\*****\Desktop\Kotflügel
2014-10-13 19:38 - 2014-10-13 20:38 - 00124606 _____ () C:\Users\Public\Documents\trail.txt.34
2014-10-13 19:38 - 2014-10-13 19:38 - 00000000 ____D () C:\Users\*****\AppData\Roaming\NVIDIA
2014-10-13 14:07 - 2014-10-16 20:47 - 00005136 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for *****_LAPTOP-***** *****_Laptop
2014-10-12 13:45 - 2014-08-16 06:08 - 21195616 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-12 13:45 - 2014-08-16 05:16 - 18722600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-12 13:45 - 2014-08-16 02:17 - 08757760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-10-12 13:44 - 2014-08-29 03:58 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-10-12 13:44 - 2014-08-29 01:56 - 02646016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-10-12 13:44 - 2014-08-29 01:47 - 02321920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-10-12 13:44 - 2014-08-16 06:08 - 01507648 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-10-12 13:44 - 2014-08-16 06:01 - 01710184 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-10-12 13:44 - 2014-08-16 05:58 - 01112512 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-10-12 13:44 - 2014-08-16 05:57 - 02498880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-12 13:44 - 2014-08-16 05:57 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-10-12 13:44 - 2014-08-16 05:16 - 01205976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-10-12 13:44 - 2014-08-16 05:03 - 01467384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-10-12 13:44 - 2014-08-16 03:31 - 00838144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-10-12 13:44 - 2014-08-16 03:04 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2014-10-12 13:44 - 2014-08-16 02:58 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2014-10-12 13:44 - 2014-08-16 02:53 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2014-10-12 13:44 - 2014-08-16 02:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll
2014-10-12 13:44 - 2014-08-16 02:45 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2014-10-12 13:44 - 2014-08-16 02:43 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2014-10-12 13:44 - 2014-08-16 02:43 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2014-10-12 13:44 - 2014-08-16 02:31 - 00914432 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-10-12 13:44 - 2014-08-16 02:31 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll
2014-10-12 13:44 - 2014-08-16 02:29 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-12 13:44 - 2014-08-16 02:23 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-10-12 13:44 - 2014-08-16 02:22 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-10-12 13:44 - 2014-08-16 02:22 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-10-12 13:44 - 2014-08-16 02:19 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-12 13:44 - 2014-08-16 02:18 - 04758528 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-10-12 13:44 - 2014-08-16 02:14 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-10-12 13:44 - 2014-08-16 02:13 - 06649344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-12 13:44 - 2014-08-16 02:13 - 05902848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-10-12 13:44 - 2014-08-16 02:13 - 00840192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-10-12 13:44 - 2014-08-16 02:11 - 00920064 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-10-12 13:44 - 2014-08-16 02:10 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-10-12 13:44 - 2014-08-16 02:08 - 05777408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-12 13:44 - 2014-08-16 02:07 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-10-12 13:44 - 2014-08-01 01:22 - 00388729 _____ () C:\Windows\system32\ApnDatabase.xml
2014-09-29 21:54 - 2014-09-29 21:54 - 00000000 __SHD () C:\Users\*****\AppData\Local\EmieUserList
2014-09-29 21:54 - 2014-09-29 21:54 - 00000000 __SHD () C:\Users\*****\AppData\Local\EmieSiteList
2014-09-26 22:39 - 2014-09-26 22:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-19 19:35 - 2014-09-19 19:48 - 00000000 ____D () C:\Users\*****\Desktop\Bilder_IPHONE
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-16 20:41 - 2014-01-27 00:02 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-16 20:41 - 2013-09-30 05:58 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2014-10-16 20:41 - 2013-09-30 05:58 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2014-10-16 20:34 - 2014-04-11 20:25 - 00000000 ____D () C:\Users\*****\Documents\Mein Steuer-Sparbuch Heute
2014-10-16 20:34 - 2014-01-27 00:05 - 00000000 ___DO () C:\Users\*****\SkyDrive
2014-10-16 20:34 - 2013-09-29 21:05 - 00543778 _____ () C:\Windows\PFRO.log
2014-10-16 20:34 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-16 20:34 - 2013-08-22 16:44 - 00498048 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 20:33 - 2014-01-26 23:58 - 01697620 _____ () C:\Windows\WindowsUpdate.log
2014-10-16 20:33 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-10-16 20:33 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\FileManager
2014-10-16 20:33 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Camera
2014-10-16 20:33 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-16 20:32 - 2014-04-16 21:27 - 00000000 ____D () C:\AdwCleaner
2014-10-16 20:16 - 2014-04-16 21:15 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-16 20:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-10-16 08:42 - 2014-01-27 00:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 08:42 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-16 08:40 - 2014-01-27 00:13 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 23:18 - 2014-01-27 00:09 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-835766522-2148508782-3467690004-1001
2014-10-15 22:34 - 2014-01-27 00:03 - 00000000 ____D () C:\Users\*****
2014-10-15 21:51 - 2014-04-16 21:14 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-15 21:51 - 2014-04-16 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-15 21:51 - 2014-04-16 21:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-10-15 18:42 - 2014-09-03 19:58 - 00163840 ___SH () C:\Users\*****\Downloads\Thumbs.db
2014-10-15 16:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\tracing
2014-10-15 12:43 - 2014-02-02 22:44 - 00000112 _____ () C:\Users\Public\Documents\std.err
2014-10-15 12:43 - 2014-02-02 22:44 - 00000038 _____ () C:\Users\Public\Documents\std.out
2014-10-13 19:49 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-10-13 19:38 - 2014-07-16 13:13 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Nitro PDF
2014-10-13 18:50 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-12 13:46 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-10-12 13:46 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2014-10-07 11:07 - 2014-01-27 23:04 - 00000000 ____D () C:\Users\*****\AppData\Roaming\vlc
2014-10-07 10:29 - 2013-08-22 16:46 - 00051275 _____ () C:\Windows\setupact.log
2014-10-07 10:16 - 2014-02-16 13:50 - 00042496 ___SH () C:\Users\*****\Desktop\Thumbs.db
2014-09-30 00:45 - 2013-08-22 17:38 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-30 00:45 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-29 21:33 - 2014-01-27 00:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-18 20:45 - 2013-09-30 06:00 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-18 20:45 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-09-18 20:45 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-18 20:45 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-18 20:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2014-09-18 20:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\InputMethod
2014-09-18 20:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\setup
2014-09-18 20:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-18 20:45 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\oobe
2014-09-16 22:02 - 2014-05-23 22:32 - 00000000 ____D () C:\Users\*****\Documents\Nancy
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\52377uninstall.exe
C:\Users\*****\AppData\Local\Temp\AcDeltree.exe
C:\Users\*****\AppData\Local\Temp\amazonicon_v4.exe
C:\Users\*****\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\*****\AppData\Local\Temp\BackupSetup.exe
C:\Users\*****\AppData\Local\Temp\Execute2App.exe
C:\Users\*****\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\*****\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\*****\AppData\Local\Temp\HNK_2010.exe
C:\Users\*****\AppData\Local\Temp\ICReinstall_DownloadManagerSetup.exe
C:\Users\*****\AppData\Local\Temp\msvcp90.dll
C:\Users\*****\AppData\Local\Temp\msvcr100.dll
C:\Users\*****\AppData\Local\Temp\msvcr90.dll
C:\Users\*****\AppData\Local\Temp\nitro_reader3_64.exe
C:\Users\*****\AppData\Local\Temp\PidGenX.dll
C:\Users\*****\AppData\Local\Temp\pimuninstall.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\sdanircmdc.exe
C:\Users\*****\AppData\Local\Temp\sdapskill.exe
C:\Users\*****\AppData\Local\Temp\sdaspwn.exe
C:\Users\*****\AppData\Local\Temp\Sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-13 19:46
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-10-2014 02
Ran by ***** at 2014-10-16 20:50:44
Running from C:\Users\*****\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Creo Thumbnail Viewer 2.0 (HKLM\...\{3F8CCE46-EAFD-4283-9ADB-7025EAC2CF64}) (Version: 30.12.480 - PTC)
Designer 2.0 (HKLM-x32\...\Designer 2.0_is1) (Version: 7.9.6 - Fomanu AG)
EPSON BX525WD Series Printer Uninstall (HKLM\...\EPSON BX525WD Series) (Version: - SEIKO EPSON Corporation)
ETDWare PS/2-X64 11.6.22.201_WHQL (HKLM\...\Elantech) (Version: 11.6.22.201 - ELAN Microelectronic Corp.)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Access MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft DCF MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Groove MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MKS Platform Components 9.x (HKLM\...\{30023972-0000-0903-9ABB-000BDB5CF35D}) (Version: 9.3.0000 - Mortice Kern Systems)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nitro Reader 3 (HKLM\...\{4756C731-B54E-451A-9AF1-86E8AB1BEBBB}) (Version: 3.5.6.5 - Nitro)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PDF24 Creator 6.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDF-XChange Editor (HKLM-x32\...\{87738bc6-bdf0-4e55-86b5-32ddece8f51d}) (Version: 5.5.308.2 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Editor (Version: 5.5.308.2 - Tracker Software Products (Canada) Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14034.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14034.17 - Samsung Electronics Co., Ltd.) Hidden
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
28-09-2014 10:14:08 Windows Modules Installer
12-10-2014 11:45:06 Windows Update
15-10-2014 14:00:54 Removed Optimum PC Boost
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {24CEFABA-9030-40FB-BFAA-9E04940F6B71} - System32\Tasks\Optimum_LogOn => C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {34F2800C-218C-4493-B520-02E7D528467D} - System32\Tasks\Secure Fast PC Auto Updater => C:\Users\*****\AppData\Roaming\Developerts LLC USA\SFPC Auto Updater.exe [2014-10-02] ()
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {448BAD6D-F25C-4722-ABAC-26BA66020C35} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-10-16] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {54563E16-A00B-4B48-A263-DB6B9422D70C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {6388F555-9135-46AF-9F1B-4BAFB6FB0C91} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-10-15] ()
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6E8769E4-B628-47C0-B468-F349793D9594} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {75DB2D10-5C76-483B-98F9-DB654B2A08EB} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7EBDCA38-F63D-4DF7-B6B8-D6182402285D} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {8677F14A-FF43-4CE0-9EA7-F73DEDD3B8AA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9B5D8BD6-5619-4E34-ABC9-6456A17CC707} - System32\Tasks\Optimum_Daily => C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe
Task: {9DB07B69-CE48-436F-BE9A-FD809EFBA494} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9EAF8CB8-1FC6-4C8F-8D66-7E95E4BC0BF2} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B5805C99-52AB-4A13-8DF8-98CB3574508A} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {B8EEEEDB-BEC3-48D3-8AB1-3E75E328D19C} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {C0017E72-34E6-454E-BD30-C4974CD6B77A} - System32\Tasks\Microsoft Office 15 Sync Maintenance for *****_LAPTOP-***** *****_Laptop => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E7B7DC04-38BC-4B75-81FE-F23C12A2E2E6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-19] (AVAST Software)
Task: {EF3F3EE7-C823-4AB9-A716-0BDA67B410DD} - System32\Tasks\Secure Fast PC Autorun => C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Secure Fast PC.exe
Task: {FEC944E4-4B72-4175-B1DB-9C72EEF41725} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
==================== Loaded Modules (whitelisted) =============
2014-09-12 21:40 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-09 21:33 - 2014-07-02 10:13 - 01427736 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
2014-10-16 20:28 - 2014-10-16 20:28 - 02874368 _____ () C:\Program Files\AVAST Software\Avast\defs\14101601\algo.dll
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 09789208 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wgui14.dll
2014-04-09 21:32 - 2014-07-02 10:14 - 03880216 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wcore14.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 00035608 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsdcom48.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 00322840 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsguiwinapi48.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 00309016 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rscorewinapi48.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 02738456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfvie14.dll
2014-04-09 21:32 - 2014-02-11 11:53 - 01043456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-core.dll
2014-04-09 21:32 - 2014-02-11 11:53 - 00250368 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-contribs-lib.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 00136472 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsodbc48.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 02116376 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wsteu14.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 01932568 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wreli14.dll
2014-04-09 21:32 - 2014-02-11 11:53 - 00094720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-shared.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 04326168 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wauff14.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 01564952 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wmain14.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 05291288 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae114.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 01698584 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae214.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 01809688 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae314.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 01627928 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae414.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 01117976 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau114.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 01341208 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau214.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 01309464 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wwerb14.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 07340824 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wkont14.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 01286936 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wimp14.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 01331480 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfabu14.dll
2014-04-12 13:48 - 2014-04-12 13:48 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-26 22:39 - 2014-09-26 22:39 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\*****\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
========================= Accounts: ==========================
Administrator (S-1-5-21-835766522-2148508782-3467690004-500 - Administrator - Disabled)
Gast (S-1-5-21-835766522-2148508782-3467690004-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-835766522-2148508782-3467690004-1003 - Limited - Enabled)
***** (S-1-5-21-835766522-2148508782-3467690004-1001 - Administrator - Enabled) => C:\Users\*****
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-05-19 22:49:34.167
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 16%
Total physical RAM: 8076.36 MB
Available physical RAM: 6729.63 MB
Total Pagefile: 9356.36 MB
Available Pagefile: 7789.43 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.79 GB) (Free:42.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:465.67 GB) (Free:380.82 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 285EB630)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
17.10.2014, 19:14
| #7 |
| /// the machine /// TB-Ausbilder | Windows 8; Security AlertESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.10.2014, 16:42
| #8 |
| | Windows 8; Security Alert Hallo hier die neuen logs: Code:
ATTFilter Results of screen317's Security Check version 0.99.87
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Defender
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 12.0.0.43 Flash Player out of Date!
Mozilla Firefox (32.0.3)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=b827b483cc02384782272072fcd9a5ef
# engine=20661
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-18 03:30:54
# local_time=2014-10-18 05:30:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 95 4310705 16342926 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 11164546 18029775 0 0
# scanned=287205
# found=19
# cleaned=19
# scan_time=17327
sh=A154BD6A65F49330614E5A6F7AD226F097A63CC1 ft=1 fh=c71c00116714754f vn="Variante von Win32/InstallCore.IX evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-835766522-2148508782-3467690004-1001\$R8UWCKO.exe"
sh=BDB3C48DE02EE29D0B72000619E4A00243B447F9 ft=1 fh=9da4402dbcebd4bb vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-835766522-2148508782-3467690004-1001\$RINA91C.exe"
sh=A154BD6A65F49330614E5A6F7AD226F097A63CC1 ft=1 fh=c71c00116714754f vn="Variante von Win32/InstallCore.IX evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-835766522-2148508782-3467690004-1001\$RU3YZG3.exe"
sh=E6B332BCE538D483BD4D5E135E011267F31EA813 ft=0 fh=0000000000000000 vn="Variante von MSIL/Riskware.HackTool.WinActivator.A Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-835766522-2148508782-3467690004-1001\$RX14R3N.part"
sh=4F2D43FFB1775DFE2101529769637B9741E2D473 ft=1 fh=7bf72ba7e7e381f9 vn="MSIL/AdvancedSystemProtector.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RegClean Pro\systweakasp.exe.vir"
sh=476063885747EDD774A6B8CB2790703503A75A55 ft=1 fh=d7bb79193adaee2e vn="Win32/Systweak.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Klaus\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir"
sh=B2141692BDF56352A137D83E9EC73D05C423D2E5 ft=1 fh=e9e99cb68f1bf246 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Klaus\AppData\Local\Microsoft\Windows\INetCache\IE\9KT8GB8F\SpeedUpMyPC-standalone-setup[1].exe"
sh=7ABA4DC9BC22D9605675C22CEC12A0DB7EAF0937 ft=1 fh=e11cb87d8b8a9b76 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Klaus\AppData\Local\Microsoft\Windows\INetCache\IE\9KT8GB8F\SPSetup[1].exe"
sh=7028F239FAC673EE7DC7772ACC75D759EA73837D ft=1 fh=e769f095fe49f653 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Klaus\AppData\Local\Microsoft\Windows\INetCache\IE\R3PT2NUF\spstub[1].exe"
sh=A154BD6A65F49330614E5A6F7AD226F097A63CC1 ft=1 fh=c71c00116714754f vn="Variante von Win32/InstallCore.IX evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Klaus\AppData\Local\Temp\ICReinstall_DownloadManagerSetup.exe"
sh=1A9C2CE8C1F539AC8546D67C9F924AEA8D2A84C2 ft=1 fh=d348c3328e970e39 vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Klaus\AppData\Local\Temp\58b9d9ce-b709-44ba-a9e7-cab5b52164d9\software\Cloud_Backup_Setup.exe"
sh=CB4D3F50CE0911003DAC96EFC8B8B78AC54AF9C7 ft=1 fh=4e041820906d5a7a vn="Win32/SpeedUpMyPC.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Klaus\AppData\Local\Temp\58b9d9ce-b709-44ba-a9e7-cab5b52164d9\software\speedupmypc.exe"
sh=37182E163FDF9FCB2546299F1F0615B6F74D262B ft=1 fh=18b6a7542bfd5928 vn="Win32/VOPackage.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Klaus\AppData\Local\Temp\58b9d9ce-b709-44ba-a9e7-cab5b52164d9\software\VOPackage.exe"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Klaus\AppData\Local\Temp\89313968.Uninstall\uninstaller.exe"
sh=B2141692BDF56352A137D83E9EC73D05C423D2E5 ft=1 fh=e9e99cb68f1bf246 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Klaus\AppData\Local\Temp\is-RBF2O.tmp\SpeedUpMyPC-standalone-setup.exe"
sh=A836A8346F791EC8A83B51BC78E84B2F6659E6DA ft=1 fh=0a2e45c370149901 vn="Win32/Wajam.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Klaus\AppData\Local\Temp\is357113909\88831327_stp\wajam_validate.exe"
sh=A836A8346F791EC8A83B51BC78E84B2F6659E6DA ft=1 fh=0a2e45c370149901 vn="Win32/Wajam.F evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Klaus\AppData\Local\Temp\is357113909\88982136_stp\wajam_validate.exe"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Klaus\AppData\Local\Temp\is357113909\88982670_stp\uninstaller.exe"
sh=19F82F87E7CBB5CCEB46ECA4CE73915B50CE846C ft=1 fh=869f0bc47b2190f1 vn="Variante von MSIL/FakeAlert.A Trojaner (Gesäubert durch Löschen (nach dem nächsten Neustart) - in Quarantäne kopiert)" ac=C fn="C:\Users\Klaus\AppData\Roaming\Developerts LLC USA\SFPC Auto Updater.exe"
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-10-2014 01
Ran by ***** (administrator) on *****_LAPTOP on 18-10-2014 17:37:04
Running from C:\Users\*****\Downloads
Loaded Profile: ***** (Available profiles: *****)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(MKS Software Inc.) C:\Windows\System32\nutsrv4.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PTC) C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIGAU.EXE
() C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_6.3.9600.20278_x64__8wekyb3d8bbwe\numbers.exe
() C:\Users\*****\AppData\Local\Temp\NOD32E8.tmp
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890640 2013-04-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [NuTCSetupEnviron] => C:\Program Files\PTC\MKS Toolkit\bin\ncoeenv.exe [37160 2009-11-23] (MKS Software Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-15] (AVAST Software)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-835766522-2148508782-3467690004-1001\...\Run: [EPSON BX525WD Series (Kopie 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAU.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/software/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\emjgm50o.default-1397678037534
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\emjgm50o.default-1397678037534\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\emjgm50o.default-1397678037534\searchplugins\google-maps.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Cliqz Beta - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\emjgm50o.default-1397678037534\Extensions\cliqz@cliqz.com.xpi [2014-10-15]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-12]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-19] (AVAST Software)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2013-04-10] (ELAN Microelectronics Corp.)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 NuTCRACKERService; C:\Windows\system32\nutsrv4.exe [563424 2009-11-10] (MKS Software Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PortmapperService; C:\Program Files\PTC/PTC Portmapper/i486_nt/obj/portmap.exe [676864 2014-02-02] (PTC) [File not signed]
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
R3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-19] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-19] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-19] ()
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-20] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [455240 2013-03-05] (RTS Corporation)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-18 17:37 - 2014-10-18 17:37 - 00014229 _____ () C:\Users\*****\Downloads\FRST.txt
2014-10-18 17:36 - 2014-10-18 17:36 - 00000000 ____D () C:\Users\*****\Downloads\FRST-OlderVersion
2014-10-18 17:35 - 2014-10-18 17:35 - 00854417 _____ () C:\Users\*****\Downloads\SecurityCheck.exe
2014-10-18 12:10 - 2014-10-18 12:10 - 02347384 _____ (ESET) C:\Users\*****\Downloads\esetsmartinstaller_deu.exe
2014-10-16 20:43 - 2014-10-16 20:43 - 00000936 _____ () C:\Users\*****\Desktop\JRT.txt
2014-10-16 20:37 - 2014-10-16 20:37 - 01705698 _____ (Thisisu) C:\Users\*****\Downloads\JRT(1).exe
2014-10-16 20:25 - 2014-10-16 20:25 - 01976320 _____ () C:\Users\*****\Downloads\AdwCleaner_4.000.exe
2014-10-16 08:55 - 2014-10-16 08:55 - 00000000 ____D () C:\Users\*****\Documents\Fax
2014-10-15 22:49 - 2014-10-15 22:49 - 00380416 _____ () C:\Users\*****\Downloads\Gmer-19357.exe
2014-10-15 22:38 - 2014-10-18 17:30 - 00000000 ____D () C:\Users\*****\Desktop\Trojaner
2014-10-15 22:37 - 2014-10-18 17:37 - 00000000 ____D () C:\FRST
2014-10-15 22:36 - 2014-10-18 17:36 - 02112000 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe
2014-10-15 22:34 - 2014-10-15 22:35 - 00000472 _____ () C:\Users\*****\Downloads\defogger_disable.log
2014-10-15 22:34 - 2014-10-15 22:34 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-10-15 22:33 - 2014-10-15 22:33 - 00050477 _____ () C:\Users\*****\Downloads\Defogger.exe
2014-10-15 22:17 - 2014-09-28 00:25 - 04183040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 22:17 - 2014-09-04 02:10 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-10-15 22:17 - 2014-09-04 01:57 - 00921600 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-10-15 22:17 - 2014-09-04 01:49 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-10-15 22:16 - 2014-09-08 05:15 - 00054752 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-15 22:16 - 2014-09-08 03:46 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-15 22:16 - 2014-09-08 03:46 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-15 22:16 - 2014-09-08 02:08 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-15 22:16 - 2014-09-08 02:07 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-15 22:16 - 2014-09-08 02:05 - 03448320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-15 22:16 - 2014-09-08 02:04 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-10-15 22:16 - 2014-09-08 02:04 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-15 22:16 - 2014-09-08 02:03 - 01702400 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-15 22:16 - 2014-09-08 02:03 - 00839680 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-15 22:16 - 2014-09-08 01:59 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-15 22:16 - 2014-09-08 01:59 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-15 22:16 - 2014-09-08 01:56 - 00672256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-15 22:16 - 2014-09-08 01:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-15 22:15 - 2014-09-26 00:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 22:15 - 2014-09-26 00:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 22:15 - 2014-09-26 00:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 22:15 - 2014-09-26 00:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 22:15 - 2014-09-26 00:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 22:15 - 2014-09-26 00:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 22:15 - 2014-09-19 04:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 22:15 - 2014-09-19 03:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 22:15 - 2014-09-19 03:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 22:15 - 2014-09-19 03:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 22:15 - 2014-09-19 03:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 22:15 - 2014-09-19 03:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 22:15 - 2014-09-19 03:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 22:15 - 2014-09-19 03:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 22:15 - 2014-09-19 03:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 22:15 - 2014-09-19 03:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 22:15 - 2014-09-19 02:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 22:15 - 2014-09-19 02:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 22:15 - 2014-09-19 02:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 22:15 - 2014-09-19 02:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 22:15 - 2014-09-19 02:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 22:15 - 2014-09-19 02:42 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 22:15 - 2014-09-19 02:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 22:15 - 2014-09-19 02:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 22:15 - 2014-09-19 02:20 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 22:15 - 2014-09-19 02:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 22:15 - 2014-09-19 01:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 22:15 - 2014-09-19 01:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 22:15 - 2014-09-19 01:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 22:15 - 2014-09-19 01:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 22:15 - 2014-09-13 08:29 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 22:15 - 2014-09-13 08:02 - 02779648 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 22:15 - 2014-09-13 07:49 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 22:15 - 2014-09-13 07:30 - 03117568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 22:15 - 2014-09-04 02:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 22:15 - 2014-09-04 02:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 18:41 - 2014-10-15 18:41 - 00000000 ____D () C:\Users\*****\Downloads\Kunststoff
2014-10-15 18:35 - 2014-10-16 13:47 - 00000000 ____D () C:\Users\*****\Downloads\Heizung
2014-10-15 18:34 - 2014-10-15 18:40 - 00000000 ____D () C:\Users\*****\Downloads\Fotobuch_Addon
2014-10-15 16:38 - 2014-10-17 16:45 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-10-15 16:38 - 2014-10-15 18:34 - 00000000 ____D () C:\Windows\AutoKMS
2014-10-15 16:30 - 2014-10-15 16:30 - 00000000 ____D () C:\ProgramData\Microsoft Toolkit
2014-10-15 16:24 - 2014-10-15 16:29 - 51553449 _____ () C:\Users\*****\Downloads\mito225.rar
2014-10-15 16:13 - 2014-10-15 16:13 - 00000000 ____D () C:\Users\*****\AppData\Local\SFPC_Auto_Updater
2014-10-15 16:01 - 2014-10-15 16:01 - 00000659 _____ () C:\Windows\system32\InstallUtil.InstallLog
2014-10-15 15:58 - 2014-10-18 17:30 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Developerts LLC USA
2014-10-15 15:58 - 2014-10-15 15:59 - 00000000 ____D () C:\Users\*****\AppData\Roaming\OptimumPcBoost
2014-10-15 15:58 - 2014-10-15 15:58 - 00004014 _____ () C:\Windows\System32\Tasks\Secure Fast PC Auto Updater
2014-10-15 15:58 - 2014-10-15 15:58 - 00003942 _____ () C:\Windows\System32\Tasks\Optimum_Daily
2014-10-15 15:58 - 2014-10-15 15:58 - 00003570 _____ () C:\Windows\System32\Tasks\Secure Fast PC Autorun
2014-10-15 15:58 - 2014-10-15 15:58 - 00003512 _____ () C:\Windows\System32\Tasks\Optimum_LogOn
2014-10-15 15:58 - 2014-10-15 15:58 - 00000000 ____D () C:\Users\*****\AppData\Roaming\.minecraft
2014-10-15 15:58 - 2014-10-15 15:58 - 00000000 ____D () C:\Users\*****\AppData\Local\Developerts_LLC
2014-10-15 15:12 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll
2014-10-15 15:12 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll
2014-10-15 12:43 - 2014-10-15 14:59 - 00919163 _____ () C:\Users\Public\Documents\trail.txt.40
2014-10-14 23:32 - 2014-10-14 23:36 - 00129256 _____ () C:\Users\Public\Documents\trail.txt.39
2014-10-14 16:44 - 2014-10-14 23:32 - 03430078 _____ () C:\Users\Public\Documents\trail.txt.38
2014-10-14 10:00 - 2014-10-14 13:59 - 01911616 _____ () C:\Users\Public\Documents\trail.txt.37
2014-10-13 21:22 - 2014-10-14 00:56 - 02786659 _____ () C:\Users\Public\Documents\trail.txt.36
2014-10-13 20:44 - 2014-10-13 21:14 - 00319444 _____ () C:\Users\Public\Documents\trail.txt.35
2014-10-13 20:16 - 2014-10-15 13:51 - 00000000 ____D () C:\Users\*****\Desktop\Kotflügel
2014-10-13 19:38 - 2014-10-13 20:38 - 00124606 _____ () C:\Users\Public\Documents\trail.txt.34
2014-10-13 19:38 - 2014-10-13 19:38 - 00000000 ____D () C:\Users\*****\AppData\Roaming\NVIDIA
2014-10-13 14:07 - 2014-10-17 17:04 - 00005134 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for *****_LAPTOP-***** *****_Laptop
2014-10-12 13:45 - 2014-08-16 06:08 - 21195616 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-12 13:45 - 2014-08-16 05:16 - 18722600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-12 13:45 - 2014-08-16 02:17 - 08757760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-10-12 13:44 - 2014-08-29 03:58 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-10-12 13:44 - 2014-08-29 01:56 - 02646016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-10-12 13:44 - 2014-08-29 01:47 - 02321920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-10-12 13:44 - 2014-08-16 06:08 - 01507648 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-10-12 13:44 - 2014-08-16 06:01 - 01710184 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-10-12 13:44 - 2014-08-16 05:58 - 01112512 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-10-12 13:44 - 2014-08-16 05:57 - 02498880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-12 13:44 - 2014-08-16 05:57 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-10-12 13:44 - 2014-08-16 05:16 - 01205976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-10-12 13:44 - 2014-08-16 05:03 - 01467384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-10-12 13:44 - 2014-08-16 03:31 - 00838144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-10-12 13:44 - 2014-08-16 03:04 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2014-10-12 13:44 - 2014-08-16 02:58 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2014-10-12 13:44 - 2014-08-16 02:53 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2014-10-12 13:44 - 2014-08-16 02:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll
2014-10-12 13:44 - 2014-08-16 02:45 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2014-10-12 13:44 - 2014-08-16 02:43 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2014-10-12 13:44 - 2014-08-16 02:43 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2014-10-12 13:44 - 2014-08-16 02:31 - 00914432 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-10-12 13:44 - 2014-08-16 02:31 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll
2014-10-12 13:44 - 2014-08-16 02:29 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-12 13:44 - 2014-08-16 02:23 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-10-12 13:44 - 2014-08-16 02:22 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-10-12 13:44 - 2014-08-16 02:22 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-10-12 13:44 - 2014-08-16 02:19 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-12 13:44 - 2014-08-16 02:18 - 04758528 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-10-12 13:44 - 2014-08-16 02:14 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-10-12 13:44 - 2014-08-16 02:13 - 06649344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-12 13:44 - 2014-08-16 02:13 - 05902848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-10-12 13:44 - 2014-08-16 02:13 - 00840192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-10-12 13:44 - 2014-08-16 02:11 - 00920064 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-10-12 13:44 - 2014-08-16 02:10 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-10-12 13:44 - 2014-08-16 02:08 - 05777408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-12 13:44 - 2014-08-16 02:07 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-10-12 13:44 - 2014-08-01 01:22 - 00388729 _____ () C:\Windows\system32\ApnDatabase.xml
2014-09-29 21:54 - 2014-09-29 21:54 - 00000000 __SHD () C:\Users\*****\AppData\Local\EmieUserList
2014-09-29 21:54 - 2014-09-29 21:54 - 00000000 __SHD () C:\Users\*****\AppData\Local\EmieSiteList
2014-09-26 22:39 - 2014-09-26 22:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-19 19:35 - 2014-10-17 17:11 - 00000000 ____D () C:\Users\*****\Desktop\Bilder_IPHONE
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-18 17:22 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-10-18 12:29 - 2014-01-26 23:58 - 01763927 _____ () C:\Windows\WindowsUpdate.log
2014-10-17 17:52 - 2014-01-27 00:02 - 01785718 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-17 17:52 - 2013-09-30 05:58 - 00769220 _____ () C:\Windows\system32\perfh007.dat
2014-10-17 17:52 - 2013-09-30 05:58 - 00160448 _____ () C:\Windows\system32\perfc007.dat
2014-10-17 16:43 - 2014-01-27 00:05 - 00000000 ___DO () C:\Users\*****\SkyDrive
2014-10-17 11:03 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-10-16 20:34 - 2014-04-11 20:25 - 00000000 ____D () C:\Users\*****\Documents\Mein Steuer-Sparbuch Heute
2014-10-16 20:34 - 2013-09-29 21:05 - 00543778 _____ () C:\Windows\PFRO.log
2014-10-16 20:34 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-16 20:34 - 2013-08-22 16:44 - 00498048 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 20:33 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-10-16 20:33 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\FileManager
2014-10-16 20:33 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\Camera
2014-10-16 20:33 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-16 20:32 - 2014-04-16 21:27 - 00000000 ____D () C:\AdwCleaner
2014-10-16 20:16 - 2014-04-16 21:15 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-16 08:42 - 2014-01-27 00:13 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 08:42 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-16 08:40 - 2014-01-27 00:13 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 23:18 - 2014-01-27 00:09 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-835766522-2148508782-3467690004-1001
2014-10-15 22:34 - 2014-01-27 00:03 - 00000000 ____D () C:\Users\*****
2014-10-15 21:51 - 2014-04-16 21:14 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-10-15 21:51 - 2014-04-16 21:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-10-15 21:51 - 2014-04-16 21:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-10-15 18:42 - 2014-09-03 19:58 - 00163840 ___SH () C:\Users\*****\Downloads\Thumbs.db
2014-10-15 16:13 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\tracing
2014-10-15 12:43 - 2014-02-02 22:44 - 00000112 _____ () C:\Users\Public\Documents\std.err
2014-10-15 12:43 - 2014-02-02 22:44 - 00000038 _____ () C:\Users\Public\Documents\std.out
2014-10-13 19:38 - 2014-07-16 13:13 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Nitro PDF
2014-10-13 18:50 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-12 13:46 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-10-12 13:46 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2014-10-07 11:07 - 2014-01-27 23:04 - 00000000 ____D () C:\Users\*****\AppData\Roaming\vlc
2014-10-07 10:29 - 2013-08-22 16:46 - 00051275 _____ () C:\Windows\setupact.log
2014-10-07 10:16 - 2014-02-16 13:50 - 00042496 ___SH () C:\Users\*****\Desktop\Thumbs.db
2014-09-30 00:45 - 2013-08-22 17:38 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-30 00:45 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-29 21:33 - 2014-01-27 00:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-18 20:45 - 2013-09-30 06:00 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-18 20:45 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-09-18 20:45 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-18 20:45 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-18 20:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2014-09-18 20:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\SysWOW64\InputMethod
2014-09-18 20:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\setup
2014-09-18 20:45 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-18 20:45 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\oobe
Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\52377uninstall.exe
C:\Users\*****\AppData\Local\Temp\AcDeltree.exe
C:\Users\*****\AppData\Local\Temp\amazonicon_v4.exe
C:\Users\*****\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\*****\AppData\Local\Temp\BackupSetup.exe
C:\Users\*****\AppData\Local\Temp\Execute2App.exe
C:\Users\*****\AppData\Local\Temp\FNP_ACT_InstallerCA.dll
C:\Users\*****\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\*****\AppData\Local\Temp\HNK_2010.exe
C:\Users\*****\AppData\Local\Temp\msvcp90.dll
C:\Users\*****\AppData\Local\Temp\msvcr100.dll
C:\Users\*****\AppData\Local\Temp\msvcr90.dll
C:\Users\*****\AppData\Local\Temp\nitro_reader3_64.exe
C:\Users\*****\AppData\Local\Temp\PidGenX.dll
C:\Users\*****\AppData\Local\Temp\pimuninstall.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\sdanircmdc.exe
C:\Users\*****\AppData\Local\Temp\sdapskill.exe
C:\Users\*****\AppData\Local\Temp\sdaspwn.exe
C:\Users\*****\AppData\Local\Temp\Sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-13 19:46
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-10-2014 01
Ran by ***** at 2014-10-18 17:37:32
Running from C:\Users\*****\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Creo Thumbnail Viewer 2.0 (HKLM\...\{3F8CCE46-EAFD-4283-9ADB-7025EAC2CF64}) (Version: 30.12.480 - PTC)
Designer 2.0 (HKLM-x32\...\Designer 2.0_is1) (Version: 7.9.6 - Fomanu AG)
EPSON BX525WD Series Printer Uninstall (HKLM\...\EPSON BX525WD Series) (Version: - SEIKO EPSON Corporation)
ETDWare PS/2-X64 11.6.22.201_WHQL (HKLM\...\Elantech) (Version: 11.6.22.201 - ELAN Microelectronic Corp.)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Access MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft DCF MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Groove MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (German) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MKS Platform Components 9.x (HKLM\...\{30023972-0000-0903-9ABB-000BDB5CF35D}) (Version: 9.3.0000 - Mortice Kern Systems)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nitro Reader 3 (HKLM\...\{4756C731-B54E-451A-9AF1-86E8AB1BEBBB}) (Version: 3.5.6.5 - Nitro)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PDF24 Creator 6.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDF-XChange Editor (HKLM-x32\...\{87738bc6-bdf0-4e55-86b5-32ddece8f51d}) (Version: 5.5.308.2 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Editor (Version: 5.5.308.2 - Tracker Software Products (Canada) Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14034.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14034.17 - Samsung Electronics Co., Ltd.) Hidden
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
28-09-2014 10:14:08 Windows Modules Installer
12-10-2014 11:45:06 Windows Update
15-10-2014 14:00:54 Removed Optimum PC Boost
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {24CEFABA-9030-40FB-BFAA-9E04940F6B71} - System32\Tasks\Optimum_LogOn => C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {34F2800C-218C-4493-B520-02E7D528467D} - System32\Tasks\Secure Fast PC Auto Updater => C:\Users\*****\AppData\Roaming\Developerts LLC USA\SFPC Auto Updater.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {54563E16-A00B-4B48-A263-DB6B9422D70C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {6388F555-9135-46AF-9F1B-4BAFB6FB0C91} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-10-15] ()
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6E8769E4-B628-47C0-B468-F349793D9594} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {75DB2D10-5C76-483B-98F9-DB654B2A08EB} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7EBDCA38-F63D-4DF7-B6B8-D6182402285D} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {8677F14A-FF43-4CE0-9EA7-F73DEDD3B8AA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9B5D8BD6-5619-4E34-ABC9-6456A17CC707} - System32\Tasks\Optimum_Daily => C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe
Task: {9DB07B69-CE48-436F-BE9A-FD809EFBA494} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9EAF8CB8-1FC6-4C8F-8D66-7E95E4BC0BF2} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B5805C99-52AB-4A13-8DF8-98CB3574508A} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {B8EEEEDB-BEC3-48D3-8AB1-3E75E328D19C} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {BC06FCAF-A24F-4F7E-BA09-F0EE5BE0DC0E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-10-16] (Microsoft Corporation)
Task: {C0017E72-34E6-454E-BD30-C4974CD6B77A} - System32\Tasks\Microsoft Office 15 Sync Maintenance for *****_LAPTOP-***** *****_Laptop => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E7B7DC04-38BC-4B75-81FE-F23C12A2E2E6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-19] (AVAST Software)
Task: {EF3F3EE7-C823-4AB9-A716-0BDA67B410DD} - System32\Tasks\Secure Fast PC Autorun => C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Secure Fast PC.exe
Task: {FEC944E4-4B72-4175-B1DB-9C72EEF41725} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
==================== Loaded Modules (whitelisted) =============
2014-09-12 21:40 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-09 21:33 - 2014-07-02 10:13 - 01427736 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe
2014-10-16 20:28 - 2014-10-16 20:28 - 02874368 _____ () C:\Program Files\AVAST Software\Avast\defs\14101601\algo.dll
2014-10-18 16:23 - 2014-10-18 16:23 - 02896384 _____ () C:\Program Files\AVAST Software\Avast\defs\14101800\algo.dll
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 09789208 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wgui14.dll
2014-04-09 21:32 - 2014-07-02 10:14 - 03880216 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wcore14.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 00035608 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsdcom48.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 00322840 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsguiwinapi48.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 00309016 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rscorewinapi48.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 02738456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfvie14.dll
2014-04-09 21:32 - 2014-02-11 11:53 - 01043456 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-core.dll
2014-04-09 21:32 - 2014-02-11 11:53 - 00250368 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-contribs-lib.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 00136472 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\rsodbc48.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 02116376 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wsteu14.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 01932568 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wreli14.dll
2014-04-09 21:32 - 2014-02-11 11:53 - 00094720 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\clucene-shared.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 04326168 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wauff14.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 01564952 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wmain14.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 05291288 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae114.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 01698584 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae214.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 01809688 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae314.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 01627928 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wbae414.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 01117976 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau114.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 01341208 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\whau214.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 01309464 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wwerb14.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 07340824 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wkont14.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 01286936 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wimp14.dll
2014-04-09 21:32 - 2014-07-02 10:13 - 01331480 _____ () C:\Program Files (x86)\WISO\Steuersoftware 2014\wfabu14.dll
2014-04-12 13:48 - 2014-04-12 13:48 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-26 22:39 - 2014-09-26 22:39 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\*****\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
========================= Accounts: ==========================
Administrator (S-1-5-21-835766522-2148508782-3467690004-500 - Administrator - Disabled)
Gast (S-1-5-21-835766522-2148508782-3467690004-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-835766522-2148508782-3467690004-1003 - Limited - Enabled)
***** (S-1-5-21-835766522-2148508782-3467690004-1001 - Administrator - Enabled) => C:\Users\*****
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/18/2014 05:36:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (10/18/2014 05:33:34 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (10/18/2014 00:12:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (10/18/2014 00:12:01 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (10/18/2014 00:11:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (10/18/2014 00:11:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (10/16/2014 09:21:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: *****_LAPTOP)
Description: Bei der Aktivierung der App „Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader“ ist folgender Fehler aufgetreten: -2144927151. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
System errors:
=============
Error: (10/18/2014 05:22:52 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
Error: (10/18/2014 03:53:53 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
Error: (10/18/2014 02:40:35 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
Error: (10/18/2014 00:40:46 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
Error: (10/17/2014 09:03:26 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
Error: (10/17/2014 05:24:46 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
Error: (10/17/2014 01:31:55 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
Error: (10/17/2014 00:45:04 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
Error: (10/16/2014 11:06:18 PM) (Source: DCOM) (EventID: 10010) (User: *****_LAPTOP)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Error: (10/16/2014 10:38:27 PM) (Source: DCOM) (EventID: 10010) (User: *****_LAPTOP)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Microsoft Office Sessions:
=========================
Error: (10/18/2014 05:36:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\*****\Downloads\esetsmartinstaller_deu.exe
Error: (10/18/2014 05:33:34 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (10/18/2014 00:12:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\*****\Downloads\esetsmartinstaller_deu.exe
Error: (10/18/2014 00:12:01 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\*****\Downloads\esetsmartinstaller_deu.exe
Error: (10/18/2014 00:11:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\*****\Downloads\esetsmartinstaller_deu.exe
Error: (10/18/2014 00:11:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\*****\Downloads\esetsmartinstaller_deu.exe
Error: (10/16/2014 09:21:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: *****_LAPTOP)
Description: Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader-2144927151
CodeIntegrity Errors:
===================================
Date: 2014-05-19 22:49:34.167
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 23%
Total physical RAM: 8076.36 MB
Available physical RAM: 6153.81 MB
Total Pagefile: 9356.36 MB
Available Pagefile: 7347.8 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.79 GB) (Free:43.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:465.67 GB) (Free:405.74 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 285EB630)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
18.10.2014, 16:47
| #9 |
| | Windows 8; Security Alert Während dem ESET Scan kam wieder der Warnhinweis (siehe Anhang)! ESET hat ein paar Bedrohungen gefunden und diese auch gelöscht. Mal sehen wie sich das System in Zukunft verhält. Muss ich noch etwas unternehmen? Wie schätzt du die Situation ein? Danke! |
|
19.10.2014, 08:43
| #10 |
| /// the machine /// TB-Ausbilder | Windows 8; Security Alert Das waren nur Tempfiles. Noch Probleme mit dem REchner?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.10.2014, 18:09
| #11 |
| | Windows 8; Security Alert Hallo, war auf Dienstreise. Bis jetzt keine Probleme mit dem Rechner. Vielen Dank für die Hilfe. |
|
31.10.2014, 10:04
| #12 |
| /// the machine /// TB-Ausbilder | Windows 8; Security Alert Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Linear-Darstellung
