| |
| |||||||
Log-Analyse und Auswertung: Omiga plus "gelöscht" und malwarebytes Anti-malware startet nicht.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.10.2014, 21:22
| #1 |
| |  Omiga plus "gelöscht" und malwarebytes Anti-malware startet nicht. Hallo Ich bin neue hier. ich hatte gerade ein problem mit den "Omiga-plus". Es wurde irgendwie in mein computer installiert. Warscheinlich habe ich aus versehen etwas böseartiges installiert. ich habe nach hilfe einen forum, es zu löschen. ich weiß nicht ob erfolreich. Danach habe ich versucht mein Anti-Malware zu starten es hat aber nichts passiert. Ich habe auch mit den mbam-chameleon aber es hat auch nicht viel gebracht. Kann jemand mir evtl helfen? |
|
26.10.2014, 22:15
| #2 |
| /// the machine /// TB-Ausbilder    | Omiga plus "gelöscht" und malwarebytes Anti-malware startet nicht. Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
26.10.2014, 22:34
| #3 |
| | Omiga plus "gelöscht" und malwarebytes Anti-malware startet nicht. Danke für die Antwort und sorry... hier noch mal:
__________________Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:54 on 26/10/2014 (mmwin8)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2014
Ran by mmwin8 (administrator) on HP on 26-10-2014 20:58:55
Running from C:\Users\mmwin8\Desktop
Loaded Profiles: UpdatusUser & mmwin8 (Available profiles: UpdatusUser & mmwin8)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Akamai Technologies, Inc.) C:\Users\mmwin8\AppData\Local\Akamai\netsession_win.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Akamai Technologies, Inc.) C:\Users\mmwin8\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\mmwin8\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\mmwin8\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\mmwin8\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\mmwin8\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\mmwin8\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-15] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [ADSK DLMSession] => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1641368 2013-02-01] (Autodesk, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-09-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [mbot_de_195] => [X]
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2165703608-1458269777-427185745-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-2165703608-1458269777-427185745-1002\...\Run: [Akamai NetSession Interface] => C:\Users\mmwin8\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2165703608-1458269777-427185745-1002\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-2165703608-1458269777-427185745-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2165703608-1458269777-427185745-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2165703608-1458269777-427185745-1002\...\Run: [Google Update] => C:\Users\mmwin8\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-05-08] (Google Inc.)
HKU\S-1-5-21-2165703608-1458269777-427185745-1002\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\S-1-5-21-2165703608-1458269777-427185745-1002\...\Policies\Explorer: []
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-10-27] (NVIDIA Corporation)
AppInit_DLLs: acaptuser64.dll => C:\WINDOWS\system32\acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPNOT13/4
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\mmwin8\AppData\Roaming\Mozilla\Firefox\Profiles\vnshqgf4.default-1414348600097
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\mmwin8\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\mmwin8\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-04-30]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\mmwin8\AppData\Local\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\mmwin8\AppData\Local\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\mmwin8\AppData\Local\Google\Chrome\Application\38.0.2125.104\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AdobeExManDetect) - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\mmwin8\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Profile: C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-08]
CHR Extension: (Google Drive) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-08]
CHR Extension: (Adblock Plus) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-05-08]
CHR Extension: (Google-Suche) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-08]
CHR Extension: (AdBlock) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-05-08]
CHR Extension: (zate.tv) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\khoncmmfjdkoiamjpnhohoeanaefcdnj [2013-10-24]
CHR Extension: (Classic Popup Blocker) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp [2013-05-08]
CHR Extension: (Google Wallet) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Better Pop Up Blocker) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic [2013-05-08]
CHR Extension: (Google Mail) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-08]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-06-15] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-06-15] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-05-31] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-05-31] (Microsoft Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-05-31] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-05-31] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-05-31] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-21] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-05-31] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-26 20:58 - 2014-10-26 20:59 - 00023635 _____ () C:\Users\mmwin8\Desktop\FRST.txt
2014-10-26 20:58 - 2014-10-26 20:58 - 00000000 ____D () C:\FRST
2014-10-26 20:56 - 2014-10-26 20:57 - 02113024 _____ (Farbar) C:\Users\mmwin8\Desktop\FRST64.exe
2014-10-26 20:53 - 2014-10-26 20:54 - 00000474 _____ () C:\Users\mmwin8\Desktop\defogger_disable.log
2014-10-26 20:53 - 2014-10-26 20:53 - 00050477 _____ () C:\Users\mmwin8\Desktop\Defogger.exe
2014-10-26 20:53 - 2014-10-26 20:53 - 00000000 _____ () C:\Users\mmwin8\defogger_reenable
2014-10-26 20:40 - 2014-10-26 20:40 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-26 20:36 - 2014-10-26 20:36 - 00259584 _____ (OldTimer Tools) C:\Users\mmwin8\Desktop\OTH.scr
2014-10-26 20:34 - 2014-10-26 20:34 - 00259584 _____ (OldTimer Tools) C:\Users\mmwin8\Downloads\102F.tmp
2014-10-26 20:33 - 2014-10-26 20:33 - 00244408 _____ () C:\Users\mmwin8\Downloads\Firefox Setup Stub 33.0.exe
2014-10-26 20:11 - 2014-10-26 20:11 - 00000000 ____D () C:\Users\mmwin8\Downloads\mbam-chameleon-3.1.7.0
2014-10-26 20:09 - 2014-10-26 20:11 - 04909382 _____ () C:\Users\mmwin8\Downloads\mbam-chameleon-3.1.7.0.zip
2014-10-26 19:58 - 2014-10-26 20:01 - 01838900 _____ () C:\Users\mmwin8\Downloads\Nicht bestätigt 518905.crdownload
2014-10-26 19:23 - 2014-10-26 20:30 - 00000000 ____D () C:\AdwCleaner
2014-10-26 19:22 - 2014-10-26 19:36 - 00000000 ____D () C:\Users\mmwin8\Desktop\Alte Firefox-Daten
2014-10-26 19:20 - 2014-10-26 19:20 - 01962496 _____ () C:\Users\mmwin8\Downloads\adwcleaner_4.001.exe
2014-10-26 18:57 - 2014-10-26 19:08 - 00002809 _____ () C:\WINDOWS\patsearch.bin
2014-10-26 18:57 - 2014-10-26 18:57 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-10-26 18:55 - 2014-10-26 18:55 - 00365936 _____ () C:\Users\mmwin8\Downloads\Player.exe
2014-10-26 17:54 - 2013-09-14 13:16 - 00868264 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\npDeployJava1.dll
2014-10-26 17:54 - 2013-09-14 13:16 - 00790440 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\deployJava1.dll
2014-10-26 17:51 - 2014-10-26 18:11 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-26 12:02 - 2014-10-26 12:02 - 00638376 _____ (Oracle Corporation) C:\Users\mmwin8\Downloads\jre-8u25-windows-i586-iftw.exe
2014-10-25 04:46 - 2014-10-25 04:47 - 01367608 _____ () C:\WINDOWS\Minidump\102514-22718-01.dmp
2014-10-24 02:20 - 2014-10-24 02:20 - 00000000 ____D () C:\Users\mmwin8\Downloads\Brushes_www_grafiki_info
2014-10-24 02:20 - 2014-10-24 02:20 - 00000000 ____D () C:\Users\mmwin8\Downloads\BB_HiRes_Grungy_Watercolor_CS1.abr
2014-10-24 02:20 - 2014-10-24 02:20 - 00000000 ____D () C:\Users\mmwin8\Downloads\346-velvetcat__s_brush_set_by_velvetcat
2014-10-24 01:57 - 2014-10-24 02:01 - 19306695 _____ () C:\Users\mmwin8\Downloads\BB_HiRes_Grungy_Watercolor_CS1.abr.zip
2014-10-24 01:57 - 2014-10-24 02:01 - 14170242 _____ () C:\Users\mmwin8\Downloads\346-velvetcat__s_brush_set_by_velvetcat.zip
2014-10-24 01:57 - 2014-10-24 02:00 - 06896033 _____ () C:\Users\mmwin8\Downloads\Brushes_www_grafiki_info.zip
2014-10-24 00:32 - 2014-10-24 00:32 - 00000000 ____D () C:\Users\mmwin8\Downloads\Grunge_Brushes_005_by_Tackybrush
2014-10-24 00:32 - 2014-10-24 00:32 - 00000000 ____D () C:\Users\mmwin8\Downloads\Free_Grunge_Photoshop_Brushes_by_digitalrevolutions
2014-10-24 00:31 - 2014-10-24 00:32 - 05932344 _____ () C:\Users\mmwin8\Downloads\Free_Grunge_Photoshop_Brushes_by_digitalrevolutions.zip
2014-10-24 00:30 - 2014-10-24 00:31 - 00137120 _____ () C:\Users\mmwin8\Downloads\Grunge_Brushes_005_by_Tackybrush.zip
2014-10-23 20:37 - 2014-10-23 20:37 - 08800423 _____ () C:\Users\mmwin8\Downloads\farbe.zip
2014-10-23 20:36 - 2014-10-23 20:37 - 03162112 _____ () C:\Users\mmwin8\Downloads\republica_Farben.indd
2014-10-22 23:12 - 2014-10-22 23:12 - 00301728 _____ () C:\WINDOWS\Minidump\102314-35578-01.dmp
2014-10-15 20:47 - 2014-09-27 23:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-10-15 20:47 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-10-15 20:47 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-10-15 20:47 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-10-15 20:47 - 2014-09-08 04:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-10-15 20:47 - 2014-09-08 02:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-10-15 20:47 - 2014-09-08 02:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-10-15 20:47 - 2014-09-08 01:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-10-15 20:47 - 2014-09-08 01:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-10-15 20:47 - 2014-09-08 01:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-10-15 20:47 - 2014-09-08 01:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-10-15 20:47 - 2014-09-08 01:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-10-15 20:47 - 2014-09-08 01:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-10-15 20:47 - 2014-09-08 01:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-10-15 20:47 - 2014-09-08 00:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-10-15 20:47 - 2014-09-08 00:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-10-15 20:47 - 2014-09-08 00:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-10-15 20:47 - 2014-09-08 00:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-10-15 20:47 - 2014-09-04 01:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-10-15 20:47 - 2014-09-04 00:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-10-15 20:47 - 2014-09-04 00:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-10-15 20:46 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-10-15 20:46 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-10-15 20:46 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-10-15 20:46 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-10-15 20:46 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-10-15 20:46 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-10-15 20:46 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-10-15 20:46 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-10-15 20:46 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-10-15 20:46 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-10-15 20:46 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-10-15 20:46 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-10-15 20:46 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-10-15 20:46 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-10-15 20:46 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-10-15 20:46 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-10-15 20:46 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-10-15 20:46 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-10-15 20:46 - 2014-09-19 01:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-10-15 20:46 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-10-15 20:46 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-10-15 20:46 - 2014-09-19 01:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-10-15 20:46 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-10-15 20:46 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-10-15 20:46 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-10-15 20:46 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-10-15 20:46 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-10-15 20:46 - 2014-09-13 07:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-10-15 20:46 - 2014-09-13 06:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-10-15 20:46 - 2014-09-04 01:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-10-15 20:46 - 2014-09-04 01:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-10-15 20:46 - 2014-08-29 02:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-10-15 20:46 - 2014-08-29 00:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-10-15 20:46 - 2014-08-29 00:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-10-15 20:46 - 2014-08-16 05:08 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-10-15 20:46 - 2014-08-16 05:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-10-15 20:46 - 2014-08-16 05:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-10-15 20:46 - 2014-08-16 04:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-10-15 20:46 - 2014-08-16 04:57 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-10-15 20:46 - 2014-08-16 04:16 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-10-15 20:46 - 2014-08-16 04:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-10-15 20:46 - 2014-08-16 02:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2014-10-15 20:46 - 2014-08-16 01:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-10-15 20:46 - 2014-08-16 01:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-10-15 20:46 - 2014-08-16 01:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-10-15 20:46 - 2014-08-16 01:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-10-15 20:46 - 2014-08-16 01:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-10-15 20:46 - 2014-08-16 01:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-10-15 20:46 - 2014-08-16 01:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-10-15 20:46 - 2014-08-16 01:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-10-15 20:46 - 2014-08-16 01:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-10-15 20:46 - 2014-08-16 01:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-10-15 20:45 - 2014-10-09 23:16 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-10-15 20:45 - 2014-10-08 23:09 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-10-15 20:45 - 2014-09-19 02:24 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-10-15 20:45 - 2014-09-13 07:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-10-15 20:45 - 2014-09-13 06:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-10-15 20:45 - 2014-08-16 04:57 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-10-15 20:45 - 2014-08-16 04:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-10-15 20:45 - 2014-08-16 02:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-10-15 20:45 - 2014-08-16 01:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-10-15 20:45 - 2014-08-16 01:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-10-15 20:45 - 2014-08-16 01:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2014-10-15 20:45 - 2014-08-16 01:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-10-15 20:45 - 2014-08-16 01:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2014-10-15 20:45 - 2014-08-16 01:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-10-15 20:45 - 2014-08-16 01:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2014-10-15 20:45 - 2014-08-16 01:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-15 20:45 - 2014-08-16 01:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-10-15 20:45 - 2014-08-16 01:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-10-15 20:45 - 2014-08-16 01:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-15 20:45 - 2014-08-16 01:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-10-15 20:45 - 2014-08-16 01:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-10-15 20:45 - 2014-08-01 00:22 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-10-15 10:42 - 2014-10-15 10:42 - 01055608 _____ () C:\WINDOWS\Minidump\101514-18937-01.dmp
2014-10-15 10:30 - 2014-10-15 10:30 - 00301600 _____ () C:\WINDOWS\Minidump\101514-24484-01.dmp
2014-10-15 09:37 - 2014-10-15 00:38 - 11189539 _____ () C:\Users\mmwin8\Desktop\Sequenz 01_2.mp4
2014-10-15 09:34 - 2014-10-25 20:35 - 00000000 ____D () C:\Users\mmwin8\Desktop\Deskstop_temporal
2014-10-15 00:08 - 2014-10-15 00:08 - 05016119 _____ () C:\Users\mmwin8\Downloads\130808_MINI_Illus.ai
2014-10-14 16:24 - 2014-10-14 16:25 - 11658703 _____ () C:\Users\mmwin8\Downloads\sound.zip
2014-10-13 23:55 - 2014-10-13 23:55 - 01265448 _____ () C:\WINDOWS\Minidump\101414-23656-01.dmp
2014-10-12 00:24 - 2014-10-12 00:25 - 00298200 _____ () C:\WINDOWS\Minidump\101214-74156-01.dmp
2014-10-11 23:20 - 2014-10-14 19:19 - 00000000 ____D () C:\Users\mmwin8\Downloads\commercial_aircrafts_311464
2014-10-11 23:20 - 2014-10-11 23:20 - 01066618 _____ () C:\Users\mmwin8\Downloads\commercial_aircrafts_311464.zip
2014-10-11 17:31 - 2014-10-11 17:31 - 00108022 _____ () C:\Users\mmwin8\Downloads\Caslon Italic.ttf
2014-10-11 17:31 - 2014-10-11 17:31 - 00051564 _____ () C:\Users\mmwin8\Downloads\caslon_1.ttf
2014-10-11 15:57 - 2014-10-11 15:57 - 00048728 _____ () C:\Users\mmwin8\Downloads\supergroteskc-medlf.ttf
2014-10-11 15:56 - 2014-10-11 15:56 - 00047600 _____ () C:\Users\mmwin8\Downloads\supergroteskb-medlf.ttf
2014-10-11 15:56 - 2014-10-11 15:56 - 00047460 _____ () C:\Users\mmwin8\Downloads\supergroteska-medlf.ttf
2014-10-11 15:55 - 2014-10-11 15:55 - 00047500 _____ () C:\Users\mmwin8\Downloads\supergroteska-med.ttf
2014-10-11 15:55 - 2014-10-11 15:55 - 00047224 _____ () C:\Users\mmwin8\Downloads\supergroteska-cdbd.ttf
2014-10-11 15:55 - 2014-10-11 15:55 - 00047192 _____ () C:\Users\mmwin8\Downloads\supergroteska-bd.ttf
2014-10-11 15:55 - 2014-10-11 15:55 - 00047048 _____ () C:\Users\mmwin8\Downloads\supergroteska-rg.ttf
2014-10-11 14:22 - 2014-10-14 22:17 - 00000132 _____ () C:\Users\mmwin8\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2014-10-11 00:00 - 2014-10-11 00:00 - 01259816 _____ () C:\WINDOWS\Minidump\101114-35718-01.dmp
2014-10-09 19:57 - 2014-10-11 15:33 - 00000000 ____D () C:\Users\mmwin8\Downloads\origami falz
2014-10-09 19:54 - 2014-10-09 19:54 - 03823711 _____ () C:\Users\mmwin8\Downloads\origami falz.zip
2014-10-08 15:30 - 2014-10-25 20:47 - 00000000 ____D () C:\Users\mmwin8\Desktop\Republica
2014-10-07 22:44 - 2014-10-07 22:44 - 00092085 _____ () C:\Users\mmwin8\Downloads\F85.tmp
2014-10-06 17:03 - 2014-10-06 17:03 - 01101088 _____ () C:\WINDOWS\Minidump\100614-17796-01.dmp
2014-10-06 16:51 - 2014-10-06 16:51 - 01116848 _____ () C:\WINDOWS\Minidump\100614-16796-01.dmp
2014-10-05 13:27 - 2014-10-05 13:27 - 00000000 ____D () C:\Users\mmwin8\AppData\Local\{47228479-4D5C-4CC9-8E2E-2AF84BC6FDBD}
2014-10-04 07:05 - 2014-10-04 07:05 - 00298336 _____ () C:\WINDOWS\Minidump\100414-19109-01.dmp
2014-10-01 23:30 - 2014-10-01 23:30 - 00295800 _____ () C:\WINDOWS\Minidump\100214-20015-01.dmp
2014-09-29 08:51 - 2014-09-29 08:51 - 01108720 _____ () C:\WINDOWS\Minidump\092914-24015-01.dmp
2014-09-28 22:48 - 2014-09-28 22:48 - 00086318 _____ () C:\Users\mmwin8\Downloads\CDF9.tmp
2014-09-28 17:37 - 2014-09-28 17:37 - 00000000 ____D () C:\Users\mmwin8\AppData\Local\{C3849BC3-8460-496E-A7C6-A3907BCF35AE}
2014-09-28 03:42 - 2014-09-28 03:42 - 00000000 ____D () C:\Users\mmwin8\AppData\Local\{15E01CD1-433B-489B-A2DA-3DAA7EEF58B7}
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-26 20:53 - 2014-05-31 08:21 - 00000000 ____D () C:\Users\mmwin8
2014-10-26 20:45 - 2013-02-13 09:48 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2165703608-1458269777-427185745-1002
2014-10-26 20:41 - 2014-05-23 05:48 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-26 20:40 - 2014-09-24 22:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-26 20:40 - 2013-04-27 04:20 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-26 20:40 - 2013-04-27 04:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-26 20:38 - 2014-03-18 11:03 - 01980934 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-26 20:38 - 2014-03-18 10:25 - 00842568 _____ () C:\WINDOWS\system32\perfh007.dat
2014-10-26 20:38 - 2014-03-18 10:25 - 00191764 _____ () C:\WINDOWS\system32\perfc007.dat
2014-10-26 20:32 - 2014-05-31 08:53 - 00000000 ___DO () C:\Users\mmwin8\OneDrive
2014-10-26 20:31 - 2014-03-18 02:50 - 00012880 _____ () C:\WINDOWS\PFRO.log
2014-10-26 20:31 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-26 20:30 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-10-26 20:15 - 2013-05-08 05:14 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2165703608-1458269777-427185745-1002UA.job
2014-10-26 20:13 - 2014-02-16 17:47 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-26 20:10 - 2013-05-06 15:35 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-26 20:02 - 2014-05-31 08:50 - 00001009 _____ () C:\Users\mmwin8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-26 20:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-26 19:34 - 2012-08-04 01:02 - 00000000 ____D () C:\SWSetup
2014-10-26 19:22 - 2014-05-31 08:08 - 02074366 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-26 19:05 - 2014-06-17 05:58 - 00728064 ___SH () C:\Users\mmwin8\Desktop\Thumbs.db
2014-10-26 18:57 - 2013-08-22 15:46 - 00347208 _____ () C:\WINDOWS\setupact.log
2014-10-26 18:38 - 2013-04-28 18:42 - 00000000 ____D () C:\Users\mmwin8\AppData\Local\Akamai
2014-10-26 17:54 - 2013-09-14 13:16 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-26 17:51 - 2013-09-14 13:16 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-10-26 17:51 - 2013-09-14 13:16 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-10-26 17:51 - 2013-09-14 13:16 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-10-26 17:51 - 2013-09-14 13:16 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-10-26 17:51 - 2013-09-14 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-26 14:13 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-10-26 12:15 - 2013-05-01 21:56 - 00000000 ___RD () C:\Users\mmwin8\Dropbox
2014-10-26 12:15 - 2013-05-01 21:51 - 00000000 ____D () C:\Users\mmwin8\AppData\Roaming\Dropbox
2014-10-26 11:15 - 2013-05-08 05:14 - 00001078 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2165703608-1458269777-427185745-1002Core.job
2014-10-26 01:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-10-25 20:19 - 2014-06-21 10:28 - 00000000 ____D () C:\Users\mmwin8\Downloads\IXtract
2014-10-25 19:27 - 2013-05-05 20:28 - 00000000 ____D () C:\Users\mmwin8\AppData\Roaming\vlc
2014-10-25 04:46 - 2014-06-02 06:12 - 533745709 _____ () C:\WINDOWS\MEMORY.DMP
2014-10-25 04:46 - 2014-06-02 06:12 - 00000000 ____D () C:\WINDOWS\Minidump
2014-10-24 21:17 - 2013-08-09 23:13 - 00003158 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleFormmwin8
2014-10-24 21:17 - 2013-08-09 23:13 - 00000342 _____ () C:\WINDOWS\Tasks\HPCeeScheduleFormmwin8.job
2014-10-24 19:00 - 2013-05-10 13:13 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-10-24 19:00 - 2013-05-10 13:13 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-19 10:10 - 2013-05-08 05:14 - 00004082 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2165703608-1458269777-427185745-1002UA
2014-10-19 10:10 - 2013-05-08 05:14 - 00003702 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2165703608-1458269777-427185745-1002Core
2014-10-18 21:08 - 2014-02-16 17:47 - 00004096 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-18 21:08 - 2014-02-16 17:46 - 00003860 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-18 21:08 - 2014-02-16 17:46 - 00001120 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-18 20:47 - 2013-05-06 16:33 - 00001456 _____ () C:\Users\mmwin8\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-10-18 16:36 - 2013-04-27 05:18 - 00000000 ____D () C:\Users\mmwin8\AppData\Local\Adobe
2014-10-18 16:26 - 2013-05-06 15:35 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-10-18 16:20 - 2014-09-15 20:39 - 00000000 ____D () C:\Users\mmwin8\Downloads\emerge
2014-10-17 05:47 - 2013-07-15 09:52 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-17 05:43 - 2013-04-29 14:42 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-17 03:02 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-10-16 19:17 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-10-16 15:23 - 2013-07-14 20:13 - 02382336 ___SH () C:\Users\mmwin8\Downloads\Thumbs.db
2014-10-16 14:12 - 2013-08-22 15:44 - 09932680 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-16 10:22 - 2014-07-09 01:11 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-10-16 10:22 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-16 10:22 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-10-16 10:22 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-10-16 10:22 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-10-16 10:22 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-10-15 11:08 - 2014-05-23 06:25 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-13 01:32 - 2013-02-13 09:42 - 00000000 ____D () C:\Users\mmwin8\AppData\Roaming\Adobe
2014-10-13 00:34 - 2014-06-14 20:08 - 00000000 ___RD () C:\Users\mmwin8\Google Drive
2014-10-11 18:04 - 2013-05-01 21:53 - 00000000 ____D () C:\Users\mmwin8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-10-09 17:05 - 2013-04-30 18:58 - 00002481 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2014-10-09 17:05 - 2013-04-30 18:58 - 00002469 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2014-10-09 17:05 - 2013-04-30 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2014-10-06 20:40 - 2014-01-27 12:50 - 00000000 __SHD () C:\Users\mmwin8\wc
2014-10-06 09:46 - 2013-04-28 18:51 - 00000000 ____D () C:\ProgramData\Autodesk
2014-10-06 09:45 - 2013-04-28 18:43 - 00000000 ____D () C:\Users\mmwin8\AppData\Local\Autodesk
2014-10-05 17:38 - 2014-09-12 06:59 - 00000000 ____D () C:\Users\mmwin8\AppData\Local\Windows Live
2014-09-29 23:45 - 2014-09-15 08:53 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-09-29 23:45 - 2014-09-15 08:53 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-29 21:44 - 2013-10-23 22:03 - 00000000 ____D () C:\Users\mmwin8\Downloads\Susan
2014-09-29 19:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\tracing
2014-09-27 16:02 - 2014-06-10 06:50 - 00000000 ____D () C:\Users\mmwin8\Downloads\Simpleshow_Test
Some content of TEMP:
====================
C:\Users\mmwin8\AppData\Local\Temp\BackupSetup.exe
C:\Users\mmwin8\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgj00em.dll
C:\Users\mmwin8\AppData\Local\Temp\dxCy6.exe
C:\Users\mmwin8\AppData\Local\Temp\FoxTabUpdater.exe
C:\Users\mmwin8\AppData\Local\Temp\ICSW_0L1L2X1P.exe
C:\Users\mmwin8\AppData\Local\Temp\Quarantine.exe
C:\Users\mmwin8\AppData\Local\Temp\sqlite3.dll
C:\Users\mmwin8\AppData\Local\Temp\vcredist_x64.exe
C:\Users\mmwin8\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\mmwin8\AppData\Local\Temp\ZBZK8.dll
C:\Users\mmwin8\AppData\Local\Temp\ZBZK8.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-25 04:58
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-26 21:08:08
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002e Hitachi_HTS547575A9E384 rev.JE4OA50A 698,64GB
Running: Gmer-19357.exe; Driver: C:\Users\mmwin8\AppData\Local\Temp\pxldipow.sys
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007fff107e28c0 7 bytes JMP 00008000100602d0
.text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007fff107e43d8 7 bytes JMP 0000800010060308
.text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007fff10891f20 7 bytes JMP 0000800010060378
.text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007fff108940b4 7 bytes JMP 00008000100603b0
.text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007fff10894510 7 bytes JMP 0000800010060340
.text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleFileNameExW 00007fff10894af0 7 bytes JMP 0000800010060260
.text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007fff108bcea0 7 bytes JMP 0000800010060228
.text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007fff108bcf10 7 bytes JMP 0000800010060298
.text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007fff1007299c 7 bytes JMP 00008000100600d8
.text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007fff100754c8 5 bytes JMP 0000800010060180
.text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007fff100755b0 5 bytes JMP 0000800010060148
.text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007fff10075e58 5 bytes JMP 0000800010060110
.text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007fff1042b6f4 10 bytes JMP 0000800010060490
.text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007fff104345e8 5 bytes JMP 0000800010060458
.text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007fff10434760 1 byte JMP 00008000100603e8
.text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007fff10434762 7 bytes {JMP 0xffffffffffc2bc88}
.text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007fff10444fc0 5 bytes JMP 0000800010060420
.text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007fff12351500 8 bytes JMP 00008000100601b8
.text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007fff12351750 8 bytes JMP 00008000100601f0
.text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory1 00007fff0bff7a88 5 bytes JMP 000080000bfe0110
.text C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory 00007fff0c004990 5 bytes JMP 000080000bfe00d8
.text C:\WINDOWS\system32\nvvsvc.exe[372] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff1234169a 4 bytes [34, 12, FF, 7F]
.text C:\WINDOWS\system32\nvvsvc.exe[372] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff123416a2 4 bytes [34, 12, FF, 7F]
.text C:\WINDOWS\system32\nvvsvc.exe[372] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff1234181a 4 bytes [34, 12, FF, 7F]
.text C:\WINDOWS\system32\nvvsvc.exe[372] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff12341832 4 bytes [34, 12, FF, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[976] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506 00007fff1234169a 4 bytes [34, 12, FF, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[976] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514 00007fff123416a2 4 bytes [34, 12, FF, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[976] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118 00007fff1234181a 4 bytes [34, 12, FF, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[976] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142 00007fff12341832 4 bytes [34, 12, FF, 7F]
.text C:\WINDOWS\Explorer.EXE[2700] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff1234169a 4 bytes [34, 12, FF, 7F]
.text C:\WINDOWS\Explorer.EXE[2700] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff123416a2 4 bytes [34, 12, FF, 7F]
.text C:\WINDOWS\Explorer.EXE[2700] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff1234181a 4 bytes [34, 12, FF, 7F]
.text C:\WINDOWS\Explorer.EXE[2700] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff12341832 4 bytes [34, 12, FF, 7F]
.text C:\Windows\System32\igfxpers.exe[3688] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff1234169a 4 bytes [34, 12, FF, 7F]
.text C:\Windows\System32\igfxpers.exe[3688] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff123416a2 4 bytes [34, 12, FF, 7F]
.text C:\Windows\System32\igfxpers.exe[3688] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff1234181a 4 bytes [34, 12, FF, 7F]
.text C:\Windows\System32\igfxpers.exe[3688] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff12341832 4 bytes [34, 12, FF, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3192] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff1234169a 4 bytes [34, 12, FF, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3192] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff123416a2 4 bytes [34, 12, FF, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3192] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff1234181a 4 bytes [34, 12, FF, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3192] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff12341832 4 bytes [34, 12, FF, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4312] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fff1234169a 4 bytes [34, 12, FF, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4312] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fff123416a2 4 bytes [34, 12, FF, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4312] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fff1234181a 4 bytes [34, 12, FF, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4312] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fff12341832 4 bytes [34, 12, FF, 7F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4912] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007fff0cf11f6a 4 bytes [F1, 0C, FF, 7F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4912] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007fff0cf11f82 4 bytes [F1, 0C, FF, 7F]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [592:2496] fffff96000966b90
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2014
Ran by mmwin8 at 2014-10-26 20:59:57
Running from C:\Users\mmwin8\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.8 - Absolute Software)
Adobe Acrobat 9 Pro Extended 64-bit Add-On (HKLM\...\{AC76BA86-1033-0000-0064-0003D0000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.12 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 3.3 64-bit (HKLM\...\{CFFF260C-F510-45BB-8F8E-1D4AC1232786}) (Version: 3.3.1 - Adobe)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.1.0 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoCAD 2014 - English (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - English (Version: 19.1.18.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk AutoCAD 2014 - English (HKLM\...\AutoCAD 2014 - English) (Version: 19.1.18.0 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Download Manager (HKLM-x32\...\{2F48C80C-3A76-495A-A4B5-C0CC946FEEBD}) (Version: 2.0.6.0 - Autodesk, Inc.)
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.13 - Autodesk)
Autodesk ReCap (Version: 1.0.43.13 - Autodesk) Hidden
Autodesk ReCap Language Pack-English (Version: 1.0.43.13 - Autodesk) Hidden
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
Cyberduck 4.4.3 (14140) (HKLM-x32\...\Cyberduck) (Version: 4.4.3 (14140) - )
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
Fontlab Studio 5 (HKLM-x32\...\Studio 5.2_is1) (Version: 5.2 - FontLab)
Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{AB5BCC55-18E2-46C7-9405-FF61CB888F05}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{D044EBE7-94E7-4C49-90FC-9069E3F374E1}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Postscript Converter (Version: 3.1.3554 - Hewlett-Packard) Hidden
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 7.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.25.18 - Oracle Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 de)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
NVIDIA Grafiktreiber 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 306.97 (Version: 306.97 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZip 14.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}) (Version: 14.0.8652 - WinZip Computing, S.L. )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2165703608-1458269777-427185745-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\mmwin8\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2165703608-1458269777-427185745-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\mmwin8\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2165703608-1458269777-427185745-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\mmwin8\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2165703608-1458269777-427185745-1002_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2165703608-1458269777-427185745-1002_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2165703608-1458269777-427185745-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\mmwin8\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2165703608-1458269777-427185745-1002_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2165703608-1458269777-427185745-1002_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2165703608-1458269777-427185745-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\mmwin8\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2165703608-1458269777-427185745-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mmwin8\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2165703608-1458269777-427185745-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mmwin8\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2165703608-1458269777-427185745-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mmwin8\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2165703608-1458269777-427185745-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mmwin8\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2165703608-1458269777-427185745-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mmwin8\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2165703608-1458269777-427185745-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mmwin8\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2165703608-1458269777-427185745-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mmwin8\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2165703608-1458269777-427185745-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mmwin8\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2165703608-1458269777-427185745-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\mmwin8\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
15-10-2014 00:20:01 Geplanter Prüfpunkt
22-10-2014 22:23:27 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 06:26 - 2013-05-01 06:09 - 00001015 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0452E3AE-21C8-430D-9FD2-477A1D7387FF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1DE0CA86-2FC0-42EE-B3E5-675AE49C6571} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {1E3D9E9F-3771-400E-99C4-76CC8E049AB7} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2559CBD2-D54B-411A-84C9-E2A689E2115A} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {34A3EAE3-3E45-450D-AE99-4C4852235FF0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16] (Google Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {35D3C7B4-D91F-4F08-8D01-738AC97CA2EC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {3685EA8E-D862-43B8-B502-289A6103F6E8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3E9CE804-E5E4-483C-9F06-7D8F80AA9B17} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {438133B5-8DBE-4A16-AD19-922022F2CD43} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {69794C1D-ABC8-49EF-A391-056E0512A059} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {69D50736-9858-4C0E-8D8B-D017A198A01A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2165703608-1458269777-427185745-1002UA => C:\Users\mmwin8\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-08] (Google Inc.)
Task: {6A27AB4C-FD34-4920-A364-927BA7234C78} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-18] (Adobe Systems Incorporated)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6C3625AB-A392-4E8F-AE5B-70F238CF8F57} - System32\Tasks\HPCeeScheduleFormmwin8 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {79C60F11-156E-4AA1-82BF-82F17C3F0739} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {79F3BF85-E12B-47BB-8C5F-99EEB16BC0A5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16] (Google Inc.)
Task: {7BB1EC61-3140-48A7-9245-3DD56ECC42BA} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {8254606A-AEFF-49BD-A1FB-25F63E0CD557} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {86B5E361-FE30-4685-A2FC-B8A5EB09E6EC} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-07-20] (Intel)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {903D672D-1829-4652-B292-16BEAA8DFAE9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A58B439D-2275-43C1-AF27-505DC2006947} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {BE3C74EA-83B5-487B-92CC-BB0E0C573854} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2165703608-1458269777-427185745-1002Core => C:\Users\mmwin8\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-08] (Google Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D4F1838F-B2D1-4B45-AEF2-FB800DF0E0ED} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DF55A9CD-713D-4829-985E-9AB2887C152C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-17] (Microsoft Corporation)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EF5C7E76-4C83-4E0F-9EEF-D2113B9728E1} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2165703608-1458269777-427185745-1002Core.job => C:\Users\mmwin8\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2165703608-1458269777-427185745-1002UA.job => C:\Users\mmwin8\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleFormmwin8.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (whitelisted) =============
2013-10-27 08:03 - 2013-10-27 08:03 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-01-25 01:22 - 2014-01-25 01:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-07-03 12:20 - 2014-07-03 12:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 12:19 - 2014-07-03 12:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2012-10-04 14:11 - 2013-06-15 05:40 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-10-22 07:18 - 2014-10-10 03:03 - 01042760 _____ () C:\Users\mmwin8\AppData\Local\Google\Chrome\Application\38.0.2125.104\libglesv2.dll
2014-10-22 07:18 - 2014-10-10 03:03 - 00211272 _____ () C:\Users\mmwin8\AppData\Local\Google\Chrome\Application\38.0.2125.104\libegl.dll
2013-10-27 08:03 - 2013-10-27 08:03 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-10-22 07:18 - 2014-10-10 03:03 - 01681224 _____ () C:\Users\mmwin8\AppData\Local\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
2014-10-22 07:18 - 2014-10-10 03:04 - 14902600 _____ () C:\Users\mmwin8\AppData\Local\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll
2014-10-22 07:18 - 2014-10-10 03:04 - 08910664 _____ () C:\Users\mmwin8\AppData\Local\Google\Chrome\Application\38.0.2125.104\pdf.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\mmwin8\OneDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "ADSK DLMSession"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKCU\...\StartupApproved\Run: => "ApplePhotoStreams"
HKCU\...\StartupApproved\Run: => "Autodesk Sync"
HKCU\...\StartupApproved\Run: => "Google Update"
========================= Accounts: ==========================
Administrator (S-1-5-21-2165703608-1458269777-427185745-500 - Administrator - Disabled)
Gast (S-1-5-21-2165703608-1458269777-427185745-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2165703608-1458269777-427185745-1011 - Limited - Enabled)
mmwin8 (S-1-5-21-2165703608-1458269777-427185745-1002 - Administrator - Enabled) => C:\Users\mmwin8
UpdatusUser (S-1-5-21-2165703608-1458269777-427185745-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/26/2014 08:52:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x1194
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Vollständiger Name des fehlerhaften Pakets: mbam.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbam.exe5
Error: (10/26/2014 08:45:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0xfe8
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Vollständiger Name des fehlerhaften Pakets: mbam.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbam.exe5
Error: (10/26/2014 08:41:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x498
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Vollständiger Name des fehlerhaften Pakets: mbam.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbam.exe5
Error: (10/26/2014 08:40:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x330
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Vollständiger Name des fehlerhaften Pakets: mbam.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbam.exe5
Error: (10/26/2014 08:35:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 38.0.2125.104 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1328
Startzeit: 01cff153926f708b
Endzeit: 15
Anwendungspfad: C:\Users\mmwin8\AppData\Local\Google\Chrome\Application\chrome.exe
Berichts-ID: 435a6483-5d47-11e4-bf7c-843497854448
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (10/26/2014 08:31:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 3.0.2.0, Zeitstempel: 0x5318d363
Name des fehlerhaften Moduls: mbamservice.exe, Version: 3.0.2.0, Zeitstempel: 0x5318d363
Ausnahmecode: 0x40000015
Fehleroffset: 0x0007da8a
ID des fehlerhaften Prozesses: 0x3d4
Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0
Pfad der fehlerhaften Anwendung: mbamservice.exe1
Pfad des fehlerhaften Moduls: mbamservice.exe2
Berichtskennung: mbamservice.exe3
Vollständiger Name des fehlerhaften Pakets: mbamservice.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbamservice.exe5
Error: (10/26/2014 08:31:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbamscheduler.exe, Version: 3.0.2.0, Zeitstempel: 0x5339cec3
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x478
Startzeit der fehlerhaften Anwendung: 0xmbamscheduler.exe0
Pfad der fehlerhaften Anwendung: mbamscheduler.exe1
Pfad des fehlerhaften Moduls: mbamscheduler.exe2
Berichtskennung: mbamscheduler.exe3
Vollständiger Name des fehlerhaften Pakets: mbamscheduler.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbamscheduler.exe5
Error: (10/26/2014 08:28:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0xcc8
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Vollständiger Name des fehlerhaften Pakets: mbam.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbam.exe5
Error: (10/26/2014 08:26:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x914
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Vollständiger Name des fehlerhaften Pakets: mbam.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbam.exe5
Error: (10/26/2014 08:25:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0x40000015
Fehleroffset: 0x0008d6fd
ID des fehlerhaften Prozesses: 0x4e4
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Vollständiger Name des fehlerhaften Pakets: mbam.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbam.exe5
System errors:
=============
Error: (10/26/2014 08:31:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/26/2014 08:31:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/26/2014 08:31:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMScheduler erreicht.
Error: (10/26/2014 08:21:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/26/2014 08:21:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/26/2014 08:21:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMScheduler erreicht.
Error: (10/26/2014 08:20:10 PM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (10/26/2014 08:03:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/26/2014 08:03:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/26/2014 08:03:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MBAMScheduler erreicht.
Microsoft Office Sessions:
=========================
Error: (10/26/2014 08:52:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd119401cff1566a4434a1C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dlla80347b1-5d49-11e4-bf7c-843497854448
Error: (10/26/2014 08:45:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdfe801cff1555f8a9873C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dll9d484c15-5d48-11e4-bf7c-843497854448
Error: (10/26/2014 08:41:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd49801cff154d3d5e5a2C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dll11d3827d-5d48-11e4-bf7c-843497854448
Error: (10/26/2014 08:40:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd33001cff154aab2804bC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dlle879467a-5d47-11e4-bf7c-843497854448
Error: (10/26/2014 08:35:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe38.0.2125.104132801cff153926f708b15C:\Users\mmwin8\AppData\Local\Google\Chrome\Application\chrome.exe435a6483-5d47-11e4-bf7c-843497854448
Error: (10/26/2014 08:31:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8a3d401cff1537598a1e4C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exebc6dfb40-5d46-11e4-bf7c-843497854448
Error: (10/26/2014 08:31:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamscheduler.exe3.0.2.05339cec3MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd47801cff1536c2b7b00C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dllb342cb64-5d46-11e4-bf7c-843497854448
Error: (10/26/2014 08:28:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdcc801cff153066935b9C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dll44267250-5d46-11e4-bf7b-843497854448
Error: (10/26/2014 08:26:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd91401cff152cbb09548C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dll099d8183-5d46-11e4-bf7b-843497854448
Error: (10/26/2014 08:25:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd4e401cff1529155b706C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \MSVCR100.dllcf797a0f-5d45-11e4-bf7b-843497854448
CodeIntegrity Errors:
===================================
Date: 2014-10-26 20:37:39.000
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-10-26 20:37:38.906
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2013-06-15 07:11:11.702
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-06-15 07:10:54.850
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-06-15 07:10:26.301
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-06-15 06:55:25.906
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-06-15 06:49:07.930
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-06-15 06:48:59.945
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-06-15 06:48:04.815
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
Date: 2013-06-15 06:37:15.928
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 23%
Total physical RAM: 8084.27 MB
Available physical RAM: 6147.84 MB
Total Pagefile: 16276.27 MB
Available Pagefile: 14117.42 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:680.96 GB) (Free:481.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:16.47 GB) (Free:2.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 466E2C46)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 8 GB) (Disk ID: 57E78FA0)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
27.10.2014, 18:24
| #4 |
| /// the machine /// TB-Ausbilder | Omiga plus "gelöscht" und malwarebytes Anti-malware startet nicht. hi, Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.10.2014, 20:25
| #5 |
| | Omiga plus "gelöscht" und malwarebytes Anti-malware startet nicht.Code:
ATTFilter # AdwCleaner v4.002 - Bericht erstellt am 27/10/2014 um 20:04:23
# DB v2014-10-26.6
# Aktualisiert 27/10/2014 von Xplode
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : mmwin8 - HP
# Gestartet von : C:\Users\mmwin8\Desktop\AdwCleaner_4.002.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v33.0 (x86 de)
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [22536 octets] - [26/10/2014 19:23:51]
AdwCleaner[R1].txt - [22597 octets] - [26/10/2014 19:39:27]
AdwCleaner[R2].txt - [22658 octets] - [26/10/2014 20:00:06]
AdwCleaner[R3].txt - [10673 octets] - [26/10/2014 20:18:39]
AdwCleaner[R4].txt - [1138 octets] - [26/10/2014 20:28:45]
AdwCleaner[R5].txt - [1254 octets] - [27/10/2014 20:01:54]
AdwCleaner[S0].txt - [21441 octets] - [26/10/2014 20:02:11]
AdwCleaner[S1].txt - [10727 octets] - [26/10/2014 20:19:40]
AdwCleaner[S2].txt - [1192 octets] - [26/10/2014 20:30:32]
AdwCleaner[S3].txt - [1168 octets] - [27/10/2014 20:04:23]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1228 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 8.1 x64
Ran by mmwin8 on 27.10.2014 at 20:08:04,66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\mmwin8\appdata\local\{15E01CD1-433B-489B-A2DA-3DAA7EEF58B7}
Successfully deleted: [Empty Folder] C:\Users\mmwin8\appdata\local\{1DB10FCF-36C8-4B57-BAD1-7C04DA0D8638}
Successfully deleted: [Empty Folder] C:\Users\mmwin8\appdata\local\{3A50A3BE-809E-4558-B901-DCA4F4FF2342}
Successfully deleted: [Empty Folder] C:\Users\mmwin8\appdata\local\{47228479-4D5C-4CC9-8E2E-2AF84BC6FDBD}
Successfully deleted: [Empty Folder] C:\Users\mmwin8\appdata\local\{9DC0126F-84E7-4674-B9E3-95AC71CAA905}
Successfully deleted: [Empty Folder] C:\Users\mmwin8\appdata\local\{B78FCCAF-90E1-45D5-8A67-D7219E30DB43}
Successfully deleted: [Empty Folder] C:\Users\mmwin8\appdata\local\{C3849BC3-8460-496E-A7C6-A3907BCF35AE}
Successfully deleted: [Empty Folder] C:\Users\mmwin8\appdata\local\{D67C339D-D43D-4D4F-9CA9-D53208D4761A}
~~~ FireFox
Successfully deleted: [Folder] C:\Users\mmwin8\AppData\Roaming\mozilla\firefox\profiles\vnshqgf4.default-1414348600097\extensions\staged
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.10.2014 at 20:10:17,02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2014
Ran by mmwin8 (administrator) on HP on 27-10-2014 20:12:12
Running from C:\Users\mmwin8\Desktop
Loaded Profiles: UpdatusUser & mmwin8 (Available profiles: UpdatusUser & mmwin8)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Akamai Technologies, Inc.) C:\Users\mmwin8\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Akamai Technologies, Inc.) C:\Users\mmwin8\AppData\Local\Akamai\netsession_win.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-15] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [ADSK DLMSession] => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1641368 2013-02-01] (Autodesk, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-09-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [mbot_de_195] => [X]
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2165703608-1458269777-427185745-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-2165703608-1458269777-427185745-1002\...\Run: [Akamai NetSession Interface] => C:\Users\mmwin8\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2165703608-1458269777-427185745-1002\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-2165703608-1458269777-427185745-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2165703608-1458269777-427185745-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2165703608-1458269777-427185745-1002\...\Run: [Google Update] => C:\Users\mmwin8\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-05-08] (Google Inc.)
HKU\S-1-5-21-2165703608-1458269777-427185745-1002\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\S-1-5-21-2165703608-1458269777-427185745-1002\...\Policies\Explorer: []
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-10-27] (NVIDIA Corporation)
AppInit_DLLs: acaptuser64.dll => C:\WINDOWS\system32\acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPNOT13/4
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\mmwin8\AppData\Roaming\Mozilla\Firefox\Profiles\vnshqgf4.default-1414348600097
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\mmwin8\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\mmwin8\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Strict Pop-up Blocker - C:\Users\mmwin8\AppData\Roaming\Mozilla\Firefox\Profiles\vnshqgf4.default-1414348600097\Extensions\jid1-P34HaABBBpOerQ@jetpack.xpi [2014-10-27]
FF Extension: Adblock Plus - C:\Users\mmwin8\AppData\Roaming\Mozilla\Firefox\Profiles\vnshqgf4.default-1414348600097\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-27]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-04-30]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\mmwin8\AppData\Local\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\mmwin8\AppData\Local\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\mmwin8\AppData\Local\Google\Chrome\Application\38.0.2125.104\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AdobeExManDetect) - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\mmwin8\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Profile: C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-08]
CHR Extension: (Google Drive) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-08]
CHR Extension: (Adblock Plus) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-05-08]
CHR Extension: (Google-Suche) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-08]
CHR Extension: (AdBlock) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-05-08]
CHR Extension: (zate.tv) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\khoncmmfjdkoiamjpnhohoeanaefcdnj [2013-10-24]
CHR Extension: (Classic Popup Blocker) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp [2013-05-08]
CHR Extension: (Google Wallet) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Better Pop Up Blocker) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic [2013-05-08]
CHR Extension: (Google Mail) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-08]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-06-15] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-06-15] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-05-31] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-05-31] (Microsoft Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-05-31] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-05-31] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-05-31] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-21] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-05-31] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-27 20:10 - 2014-10-27 20:10 - 00001632 _____ () C:\Users\mmwin8\Desktop\JRT.txt
2014-10-27 20:08 - 2014-10-27 20:08 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-10-27 20:07 - 2014-10-27 20:07 - 00001308 _____ () C:\Users\mmwin8\Desktop\AdwCleaner[S3].txt
2014-10-27 19:56 - 2014-10-27 19:59 - 01706144 _____ (Thisisu) C:\Users\mmwin8\Desktop\JRT.exe
2014-10-27 19:55 - 2014-10-27 19:56 - 01998336 _____ () C:\Users\mmwin8\Desktop\AdwCleaner_4.002.exe
2014-10-26 21:08 - 2014-10-26 21:08 - 00008389 _____ () C:\Users\mmwin8\Desktop\Gmer.txt
2014-10-26 21:04 - 2014-10-26 21:04 - 00380416 _____ () C:\Users\mmwin8\Desktop\Gmer-19357.exe
2014-10-26 20:59 - 2014-10-26 21:00 - 00044387 _____ () C:\Users\mmwin8\Desktop\Addition.txt
2014-10-26 20:58 - 2014-10-27 20:12 - 00023665 _____ () C:\Users\mmwin8\Desktop\FRST.txt
2014-10-26 20:58 - 2014-10-27 20:12 - 00000000 ____D () C:\FRST
2014-10-26 20:56 - 2014-10-26 20:57 - 02113024 _____ (Farbar) C:\Users\mmwin8\Desktop\FRST64.exe
2014-10-26 20:53 - 2014-10-26 20:54 - 00000474 _____ () C:\Users\mmwin8\Desktop\defogger_disable.log
2014-10-26 20:53 - 2014-10-26 20:53 - 00050477 _____ () C:\Users\mmwin8\Desktop\Defogger.exe
2014-10-26 20:53 - 2014-10-26 20:53 - 00000000 _____ () C:\Users\mmwin8\defogger_reenable
2014-10-26 20:40 - 2014-10-26 20:40 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-26 20:36 - 2014-10-26 20:36 - 00259584 _____ (OldTimer Tools) C:\Users\mmwin8\Desktop\OTH.scr
2014-10-26 20:34 - 2014-10-26 20:34 - 00259584 _____ (OldTimer Tools) C:\Users\mmwin8\Downloads\102F.tmp
2014-10-26 20:33 - 2014-10-26 20:33 - 00244408 _____ () C:\Users\mmwin8\Downloads\Firefox Setup Stub 33.0.exe
2014-10-26 20:11 - 2014-10-26 20:11 - 00000000 ____D () C:\Users\mmwin8\Downloads\mbam-chameleon-3.1.7.0
2014-10-26 20:09 - 2014-10-26 20:11 - 04909382 _____ () C:\Users\mmwin8\Downloads\mbam-chameleon-3.1.7.0.zip
2014-10-26 19:58 - 2014-10-26 20:01 - 01838900 _____ () C:\Users\mmwin8\Downloads\Nicht bestätigt 518905.crdownload
2014-10-26 19:23 - 2014-10-27 20:04 - 00000000 ____D () C:\AdwCleaner
2014-10-26 19:22 - 2014-10-26 19:36 - 00000000 ____D () C:\Users\mmwin8\Desktop\Alte Firefox-Daten
2014-10-26 19:20 - 2014-10-26 19:20 - 01962496 _____ () C:\Users\mmwin8\Downloads\adwcleaner_4.001.exe
2014-10-26 18:57 - 2014-10-26 19:08 - 00002809 _____ () C:\WINDOWS\patsearch.bin
2014-10-26 18:57 - 2014-10-26 18:57 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-10-26 18:55 - 2014-10-26 18:55 - 00365936 _____ () C:\Users\mmwin8\Downloads\Player.exe
2014-10-26 17:54 - 2013-09-14 13:16 - 00868264 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\npDeployJava1.dll
2014-10-26 17:54 - 2013-09-14 13:16 - 00790440 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\deployJava1.dll
2014-10-26 17:51 - 2014-10-26 18:11 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-26 12:02 - 2014-10-26 12:02 - 00638376 _____ (Oracle Corporation) C:\Users\mmwin8\Downloads\jre-8u25-windows-i586-iftw.exe
2014-10-25 04:46 - 2014-10-25 04:47 - 01367608 _____ () C:\WINDOWS\Minidump\102514-22718-01.dmp
2014-10-24 02:20 - 2014-10-24 02:20 - 00000000 ____D () C:\Users\mmwin8\Downloads\Brushes_www_grafiki_info
2014-10-24 02:20 - 2014-10-24 02:20 - 00000000 ____D () C:\Users\mmwin8\Downloads\BB_HiRes_Grungy_Watercolor_CS1.abr
2014-10-24 02:20 - 2014-10-24 02:20 - 00000000 ____D () C:\Users\mmwin8\Downloads\346-velvetcat__s_brush_set_by_velvetcat
2014-10-24 01:57 - 2014-10-24 02:01 - 19306695 _____ () C:\Users\mmwin8\Downloads\BB_HiRes_Grungy_Watercolor_CS1.abr.zip
2014-10-24 01:57 - 2014-10-24 02:01 - 14170242 _____ () C:\Users\mmwin8\Downloads\346-velvetcat__s_brush_set_by_velvetcat.zip
2014-10-24 01:57 - 2014-10-24 02:00 - 06896033 _____ () C:\Users\mmwin8\Downloads\Brushes_www_grafiki_info.zip
2014-10-24 00:32 - 2014-10-24 00:32 - 00000000 ____D () C:\Users\mmwin8\Downloads\Grunge_Brushes_005_by_Tackybrush
2014-10-24 00:32 - 2014-10-24 00:32 - 00000000 ____D () C:\Users\mmwin8\Downloads\Free_Grunge_Photoshop_Brushes_by_digitalrevolutions
2014-10-24 00:31 - 2014-10-24 00:32 - 05932344 _____ () C:\Users\mmwin8\Downloads\Free_Grunge_Photoshop_Brushes_by_digitalrevolutions.zip
2014-10-24 00:30 - 2014-10-24 00:31 - 00137120 _____ () C:\Users\mmwin8\Downloads\Grunge_Brushes_005_by_Tackybrush.zip
2014-10-23 20:37 - 2014-10-23 20:37 - 08800423 _____ () C:\Users\mmwin8\Downloads\farbe.zip
2014-10-23 20:36 - 2014-10-23 20:37 - 03162112 _____ () C:\Users\mmwin8\Downloads\republica_Farben.indd
2014-10-22 23:12 - 2014-10-22 23:12 - 00301728 _____ () C:\WINDOWS\Minidump\102314-35578-01.dmp
2014-10-15 20:47 - 2014-09-27 23:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-10-15 20:47 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-10-15 20:47 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-10-15 20:47 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-10-15 20:47 - 2014-09-08 04:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-10-15 20:47 - 2014-09-08 02:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-10-15 20:47 - 2014-09-08 02:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-10-15 20:47 - 2014-09-08 01:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-10-15 20:47 - 2014-09-08 01:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-10-15 20:47 - 2014-09-08 01:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-10-15 20:47 - 2014-09-08 01:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-10-15 20:47 - 2014-09-08 01:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-10-15 20:47 - 2014-09-08 01:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-10-15 20:47 - 2014-09-08 01:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-10-15 20:47 - 2014-09-08 00:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-10-15 20:47 - 2014-09-08 00:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-10-15 20:47 - 2014-09-08 00:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-10-15 20:47 - 2014-09-08 00:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-10-15 20:47 - 2014-09-04 01:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-10-15 20:47 - 2014-09-04 00:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-10-15 20:47 - 2014-09-04 00:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-10-15 20:46 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-10-15 20:46 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-10-15 20:46 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-10-15 20:46 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-10-15 20:46 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-10-15 20:46 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-10-15 20:46 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-10-15 20:46 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-10-15 20:46 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-10-15 20:46 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-10-15 20:46 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-10-15 20:46 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-10-15 20:46 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-10-15 20:46 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-10-15 20:46 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-10-15 20:46 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-10-15 20:46 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-10-15 20:46 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-10-15 20:46 - 2014-09-19 01:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-10-15 20:46 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-10-15 20:46 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-10-15 20:46 - 2014-09-19 01:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-10-15 20:46 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-10-15 20:46 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-10-15 20:46 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-10-15 20:46 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-10-15 20:46 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-10-15 20:46 - 2014-09-13 07:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-10-15 20:46 - 2014-09-13 06:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-10-15 20:46 - 2014-09-04 01:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-10-15 20:46 - 2014-09-04 01:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-10-15 20:46 - 2014-08-29 02:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-10-15 20:46 - 2014-08-29 00:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-10-15 20:46 - 2014-08-29 00:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-10-15 20:46 - 2014-08-16 05:08 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-10-15 20:46 - 2014-08-16 05:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-10-15 20:46 - 2014-08-16 05:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-10-15 20:46 - 2014-08-16 04:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-10-15 20:46 - 2014-08-16 04:57 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-10-15 20:46 - 2014-08-16 04:16 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-10-15 20:46 - 2014-08-16 04:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-10-15 20:46 - 2014-08-16 02:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2014-10-15 20:46 - 2014-08-16 01:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-10-15 20:46 - 2014-08-16 01:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-10-15 20:46 - 2014-08-16 01:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-10-15 20:46 - 2014-08-16 01:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-10-15 20:46 - 2014-08-16 01:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-10-15 20:46 - 2014-08-16 01:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-10-15 20:46 - 2014-08-16 01:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-10-15 20:46 - 2014-08-16 01:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-10-15 20:46 - 2014-08-16 01:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-10-15 20:46 - 2014-08-16 01:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-10-15 20:45 - 2014-10-09 23:16 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-10-15 20:45 - 2014-10-08 23:09 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-10-15 20:45 - 2014-09-19 02:24 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-10-15 20:45 - 2014-09-13 07:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-10-15 20:45 - 2014-09-13 06:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-10-15 20:45 - 2014-08-16 04:57 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-10-15 20:45 - 2014-08-16 04:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-10-15 20:45 - 2014-08-16 02:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-10-15 20:45 - 2014-08-16 01:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-10-15 20:45 - 2014-08-16 01:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-10-15 20:45 - 2014-08-16 01:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2014-10-15 20:45 - 2014-08-16 01:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-10-15 20:45 - 2014-08-16 01:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2014-10-15 20:45 - 2014-08-16 01:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-10-15 20:45 - 2014-08-16 01:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2014-10-15 20:45 - 2014-08-16 01:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-15 20:45 - 2014-08-16 01:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-10-15 20:45 - 2014-08-16 01:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-10-15 20:45 - 2014-08-16 01:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-15 20:45 - 2014-08-16 01:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-10-15 20:45 - 2014-08-16 01:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-10-15 20:45 - 2014-08-01 00:22 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-10-15 10:42 - 2014-10-15 10:42 - 01055608 _____ () C:\WINDOWS\Minidump\101514-18937-01.dmp
2014-10-15 10:30 - 2014-10-15 10:30 - 00301600 _____ () C:\WINDOWS\Minidump\101514-24484-01.dmp
2014-10-15 09:37 - 2014-10-15 00:38 - 11189539 _____ () C:\Users\mmwin8\Desktop\Sequenz 01_2.mp4
2014-10-15 09:34 - 2014-10-27 19:55 - 00000000 ____D () C:\Users\mmwin8\Desktop\Deskstop_temporal
2014-10-15 00:08 - 2014-10-15 00:08 - 05016119 _____ () C:\Users\mmwin8\Downloads\130808_MINI_Illus.ai
2014-10-14 16:24 - 2014-10-14 16:25 - 11658703 _____ () C:\Users\mmwin8\Downloads\sound.zip
2014-10-13 23:55 - 2014-10-13 23:55 - 01265448 _____ () C:\WINDOWS\Minidump\101414-23656-01.dmp
2014-10-12 00:24 - 2014-10-12 00:25 - 00298200 _____ () C:\WINDOWS\Minidump\101214-74156-01.dmp
2014-10-11 23:20 - 2014-10-14 19:19 - 00000000 ____D () C:\Users\mmwin8\Downloads\commercial_aircrafts_311464
2014-10-11 23:20 - 2014-10-11 23:20 - 01066618 _____ () C:\Users\mmwin8\Downloads\commercial_aircrafts_311464.zip
2014-10-11 17:31 - 2014-10-11 17:31 - 00108022 _____ () C:\Users\mmwin8\Downloads\Caslon Italic.ttf
2014-10-11 17:31 - 2014-10-11 17:31 - 00051564 _____ () C:\Users\mmwin8\Downloads\caslon_1.ttf
2014-10-11 15:57 - 2014-10-11 15:57 - 00048728 _____ () C:\Users\mmwin8\Downloads\supergroteskc-medlf.ttf
2014-10-11 15:56 - 2014-10-11 15:56 - 00047600 _____ () C:\Users\mmwin8\Downloads\supergroteskb-medlf.ttf
2014-10-11 15:56 - 2014-10-11 15:56 - 00047460 _____ () C:\Users\mmwin8\Downloads\supergroteska-medlf.ttf
2014-10-11 15:55 - 2014-10-11 15:55 - 00047500 _____ () C:\Users\mmwin8\Downloads\supergroteska-med.ttf
2014-10-11 15:55 - 2014-10-11 15:55 - 00047224 _____ () C:\Users\mmwin8\Downloads\supergroteska-cdbd.ttf
2014-10-11 15:55 - 2014-10-11 15:55 - 00047192 _____ () C:\Users\mmwin8\Downloads\supergroteska-bd.ttf
2014-10-11 15:55 - 2014-10-11 15:55 - 00047048 _____ () C:\Users\mmwin8\Downloads\supergroteska-rg.ttf
2014-10-11 14:22 - 2014-10-14 22:17 - 00000132 _____ () C:\Users\mmwin8\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2014-10-11 00:00 - 2014-10-11 00:00 - 01259816 _____ () C:\WINDOWS\Minidump\101114-35718-01.dmp
2014-10-09 19:57 - 2014-10-11 15:33 - 00000000 ____D () C:\Users\mmwin8\Downloads\origami falz
2014-10-09 19:54 - 2014-10-09 19:54 - 03823711 _____ () C:\Users\mmwin8\Downloads\origami falz.zip
2014-10-08 15:30 - 2014-10-27 08:39 - 00000000 ____D () C:\Users\mmwin8\Desktop\Republica
2014-10-07 22:44 - 2014-10-07 22:44 - 00092085 _____ () C:\Users\mmwin8\Downloads\F85.tmp
2014-10-06 17:03 - 2014-10-06 17:03 - 01101088 _____ () C:\WINDOWS\Minidump\100614-17796-01.dmp
2014-10-06 16:51 - 2014-10-06 16:51 - 01116848 _____ () C:\WINDOWS\Minidump\100614-16796-01.dmp
2014-10-04 07:05 - 2014-10-04 07:05 - 00298336 _____ () C:\WINDOWS\Minidump\100414-19109-01.dmp
2014-10-01 23:30 - 2014-10-01 23:30 - 00295800 _____ () C:\WINDOWS\Minidump\100214-20015-01.dmp
2014-09-29 08:51 - 2014-09-29 08:51 - 01108720 _____ () C:\WINDOWS\Minidump\092914-24015-01.dmp
2014-09-28 22:48 - 2014-09-28 22:48 - 00086318 _____ () C:\Users\mmwin8\Downloads\CDF9.tmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-27 20:13 - 2014-02-16 17:47 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-27 20:10 - 2014-03-18 11:03 - 01980934 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-27 20:10 - 2014-03-18 10:25 - 00842568 _____ () C:\WINDOWS\system32\perfh007.dat
2014-10-27 20:10 - 2014-03-18 10:25 - 00191764 _____ () C:\WINDOWS\system32\perfc007.dat
2014-10-27 20:10 - 2013-05-06 15:35 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-27 20:08 - 2014-06-17 05:58 - 00742912 ___SH () C:\Users\mmwin8\Desktop\Thumbs.db
2014-10-27 20:07 - 2014-05-31 08:53 - 00000000 __RDO () C:\Users\mmwin8\OneDrive
2014-10-27 20:05 - 2014-09-24 22:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-27 20:05 - 2014-03-18 02:50 - 00017468 _____ () C:\WINDOWS\PFRO.log
2014-10-27 20:05 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-27 20:05 - 2013-04-27 04:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-27 20:04 - 2014-05-31 08:08 - 01089838 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-27 20:04 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-10-27 20:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-27 19:39 - 2013-04-28 18:42 - 00000000 ____D () C:\Users\mmwin8\AppData\Local\Akamai
2014-10-26 23:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-10-26 23:10 - 2013-08-22 15:46 - 00348092 _____ () C:\WINDOWS\setupact.log
2014-10-26 22:15 - 2013-05-08 05:14 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2165703608-1458269777-427185745-1002UA.job
2014-10-26 22:15 - 2013-02-13 09:48 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2165703608-1458269777-427185745-1002
2014-10-26 20:53 - 2014-05-31 08:21 - 00000000 ____D () C:\Users\mmwin8
2014-10-26 20:41 - 2014-05-23 05:48 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-26 20:40 - 2013-04-27 04:20 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-26 20:02 - 2014-05-31 08:50 - 00001009 _____ () C:\Users\mmwin8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-26 19:34 - 2012-08-04 01:02 - 00000000 ____D () C:\SWSetup
2014-10-26 17:54 - 2013-09-14 13:16 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-26 17:51 - 2013-09-14 13:16 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-10-26 17:51 - 2013-09-14 13:16 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-10-26 17:51 - 2013-09-14 13:16 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-10-26 17:51 - 2013-09-14 13:16 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-10-26 17:51 - 2013-09-14 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-26 12:15 - 2013-05-01 21:56 - 00000000 ___RD () C:\Users\mmwin8\Dropbox
2014-10-26 12:15 - 2013-05-01 21:51 - 00000000 ____D () C:\Users\mmwin8\AppData\Roaming\Dropbox
2014-10-26 11:15 - 2013-05-08 05:14 - 00001078 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2165703608-1458269777-427185745-1002Core.job
2014-10-26 01:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-10-25 20:19 - 2014-06-21 10:28 - 00000000 ____D () C:\Users\mmwin8\Downloads\IXtract
2014-10-25 19:27 - 2013-05-05 20:28 - 00000000 ____D () C:\Users\mmwin8\AppData\Roaming\vlc
2014-10-25 04:46 - 2014-06-02 06:12 - 533745709 _____ () C:\WINDOWS\MEMORY.DMP
2014-10-25 04:46 - 2014-06-02 06:12 - 00000000 ____D () C:\WINDOWS\Minidump
2014-10-24 21:17 - 2013-08-09 23:13 - 00003158 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleFormmwin8
2014-10-24 21:17 - 2013-08-09 23:13 - 00000342 _____ () C:\WINDOWS\Tasks\HPCeeScheduleFormmwin8.job
2014-10-24 19:00 - 2013-05-10 13:13 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-10-24 19:00 - 2013-05-10 13:13 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-19 10:10 - 2013-05-08 05:14 - 00004082 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2165703608-1458269777-427185745-1002UA
2014-10-19 10:10 - 2013-05-08 05:14 - 00003702 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2165703608-1458269777-427185745-1002Core
2014-10-18 21:08 - 2014-02-16 17:47 - 00004096 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-18 21:08 - 2014-02-16 17:46 - 00003860 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-18 21:08 - 2014-02-16 17:46 - 00001120 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-18 20:47 - 2013-05-06 16:33 - 00001456 _____ () C:\Users\mmwin8\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-10-18 16:36 - 2013-04-27 05:18 - 00000000 ____D () C:\Users\mmwin8\AppData\Local\Adobe
2014-10-18 16:26 - 2013-05-06 15:35 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-10-18 16:20 - 2014-09-15 20:39 - 00000000 ____D () C:\Users\mmwin8\Downloads\emerge
2014-10-17 05:47 - 2013-07-15 09:52 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-17 05:43 - 2013-04-29 14:42 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-17 03:02 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-10-16 19:17 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-10-16 15:23 - 2013-07-14 20:13 - 02382336 ___SH () C:\Users\mmwin8\Downloads\Thumbs.db
2014-10-16 14:12 - 2013-08-22 15:44 - 09932680 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-16 10:22 - 2014-07-09 01:11 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-10-16 10:22 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-16 10:22 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-10-16 10:22 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-10-16 10:22 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-10-16 10:22 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-10-15 11:08 - 2014-05-23 06:25 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-13 01:32 - 2013-02-13 09:42 - 00000000 ____D () C:\Users\mmwin8\AppData\Roaming\Adobe
2014-10-13 00:34 - 2014-06-14 20:08 - 00000000 ___RD () C:\Users\mmwin8\Google Drive
2014-10-11 18:04 - 2013-05-01 21:53 - 00000000 ____D () C:\Users\mmwin8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-10-09 17:05 - 2013-04-30 18:58 - 00002481 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2014-10-09 17:05 - 2013-04-30 18:58 - 00002469 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2014-10-09 17:05 - 2013-04-30 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2014-10-06 20:40 - 2014-01-27 12:50 - 00000000 __SHD () C:\Users\mmwin8\wc
2014-10-06 09:46 - 2013-04-28 18:51 - 00000000 ____D () C:\ProgramData\Autodesk
2014-10-06 09:45 - 2013-04-28 18:43 - 00000000 ____D () C:\Users\mmwin8\AppData\Local\Autodesk
2014-10-05 17:38 - 2014-09-12 06:59 - 00000000 ____D () C:\Users\mmwin8\AppData\Local\Windows Live
2014-09-29 23:45 - 2014-09-15 08:53 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-09-29 23:45 - 2014-09-15 08:53 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-29 21:44 - 2013-10-23 22:03 - 00000000 ____D () C:\Users\mmwin8\Downloads\Susan
2014-09-29 19:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\tracing
2014-09-27 16:02 - 2014-06-10 06:50 - 00000000 ____D () C:\Users\mmwin8\Downloads\Simpleshow_Test
Some content of TEMP:
====================
C:\Users\mmwin8\AppData\Local\Temp\BackupSetup.exe
C:\Users\mmwin8\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgj00em.dll
C:\Users\mmwin8\AppData\Local\Temp\dxCy6.exe
C:\Users\mmwin8\AppData\Local\Temp\FoxTabUpdater.exe
C:\Users\mmwin8\AppData\Local\Temp\ICSW_0L1L2X1P.exe
C:\Users\mmwin8\AppData\Local\Temp\Quarantine.exe
C:\Users\mmwin8\AppData\Local\Temp\sqlite3.dll
C:\Users\mmwin8\AppData\Local\Temp\vcredist_x64.exe
C:\Users\mmwin8\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\mmwin8\AppData\Local\Temp\ZBZK8.dll
C:\Users\mmwin8\AppData\Local\Temp\ZBZK8.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-26 22:15
==================== End Of Log ============================
Und mein Google chrome funktioniert nicht mehr |
|
28.10.2014, 19:06
| #6 |
| /// the machine /// TB-Ausbilder | Omiga plus "gelöscht" und malwarebytes Anti-malware startet nicht.ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Omiga plus "gelöscht" und malwarebytes Anti-malware startet nicht. |
|
29.10.2014, 09:19
| #7 |
| | Omiga plus "gelöscht" und malwarebytes Anti-malware startet nicht. Hallo Schrauber, danke für deine hilfe. hier die log files: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=f9e4670c1455b344b31da1a616da1c65
# engine=20825
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-29 02:00:22
# local_time=2014-10-29 03:00:22 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Windows Defender'
# compatibility_mode=5896 16777213 100 94 13024944 13024947 0 0
# scanned=394388
# found=30
# cleaned=30
# scan_time=7850
sh=2D16A28E1F9D1BDF5F192FA91F73B2EB2FE9EFFA ft=1 fh=1d74670c6c6f71c7 vn="Variante von Win32/ExpressDownloader.K evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-2165703608-1458269777-427185745-1002\$R0HL2TO.exe"
sh=2B5C460D56EE0CB1F9BE4849750C33247037E931 ft=1 fh=0146f5b0134843a4 vn="Variante von Win32/bmMedia.DN evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-2165703608-1458269777-427185745-1002\$R1MDL1R.exe"
sh=2C45901A7732724684F10A039844DC252406218A ft=1 fh=5c845d9350204be3 vn="Variante von Win32/bmMedia.DN evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\$Recycle.Bin\S-1-5-21-2165703608-1458269777-427185745-1002\$RPIF8LT.exe"
sh=CC65D08E1346D6B7E04F823863C53B476C25E540 ft=1 fh=71b0107b933b30fe vn="Mehrere Bedrohungen (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\mmwin8\AppData\Local\Microsoft\Windows\INetCache\IE\FH8D1ZVW\5555-1001_NewPlayer[1].exe"
sh=AF023CD20C85601E6874CB788BCAA49AE325A40D ft=1 fh=da3b4c00ec0bc47d vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\mmwin8\AppData\Local\Microsoft\Windows\INetCache\IE\FH8D1ZVW\Cloud_Backup_Setup[1].exe"
sh=4BE0DD8AEE12FBB015614D20D14DB2E8DCF4C146 ft=1 fh=0480a5c07a2ce911 vn="Variante von Win32/LiMo.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\mmwin8\AppData\Local\Microsoft\Windows\INetCache\IE\FH8D1ZVW\lly_omiga-plus[1].exe"
sh=8AB98AD0676D2BA86C695194904E9269FE4087B8 ft=1 fh=d1ab0234e9bdb8b9 vn="Mehrere Bedrohungen (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\mmwin8\AppData\Local\Microsoft\Windows\INetCache\IE\FH8D1ZVW\OptimizerPro[1].exe"
sh=C1690F5AA9BFB0B445E2D3D9911F75D7DCF2434B ft=1 fh=2922313275bef1a1 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\mmwin8\AppData\Local\Microsoft\Windows\INetCache\IE\FH8D1ZVW\setup[1].exe"
sh=B2D19C8060F4EE5DE54628CD847A831920F26EBD ft=1 fh=1a9caf39e8e83a91 vn="Mehrere Bedrohungen (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\mmwin8\AppData\Local\Microsoft\Windows\INetCache\IE\FH8D1ZVW\setup_mbot_de[1].exe"
sh=4575013B89A5654F432558D742D61AC308A82E6C ft=1 fh=110bb36b0cd7162d vn="Win32/VOPackage.AJ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\mmwin8\AppData\Local\Microsoft\Windows\INetCache\IE\FH8D1ZVW\VOPackage[1].exe"
sh=00953ADA3A98AC0F25C4A39B3F2B52B8E8E3C2F3 ft=1 fh=de132a2560df2493 vn="Variante von Win32/VOPackage.AL evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\mmwin8\AppData\Local\Microsoft\Windows\INetCache\IE\IPS88FEA\dl[1].htm"
sh=771DFDE2DAEFA812748B36EEBB0E095BC1A9C1FA ft=1 fh=c5b413e131c57ef8 vn="Win32/SpeedingUpMyPC.R Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\mmwin8\AppData\Local\Microsoft\Windows\INetCache\IE\IPS88FEA\EasySpeedPC[1].exe"
sh=4AA75516F346DE3794783CEB1AED6E15B172CBD1 ft=1 fh=0c8bae4cfa47efa3 vn="Variante von Win32/VOPackage.AH evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\mmwin8\AppData\Local\Microsoft\Windows\INetCache\IE\XDHUSUTU\dl[1].htm"
sh=B7BD88818301EFB8ED7C2924B749A2331EED68EA ft=1 fh=4a90e9ead960fd3c vn="Win32/SpeedingUpMyPC.R Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\mmwin8\AppData\Local\Microsoft\Windows\INetCache\IE\XDHUSUTU\EasySpeedPC[1].app"
sh=17A85501E461D5F6BA5BBEC8E3350B0FBCFAEB55 ft=1 fh=062c89d6e551a95b vn="Variante von Win32/InstallCore.OZ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\mmwin8\AppData\Local\Microsoft\Windows\INetCache\IE\XDHUSUTU\Setup[1].exe"
sh=A304DE0E8179A14D4BBD2616DA692E2650B3979A ft=1 fh=c71c00119b4d5816 vn="Variante von Win32/Adware.AddLyrics.CL Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\mmwin8\AppData\Local\Temp\dxCy6.exe"
sh=C91C4486A20F1E2B6FBDCCFB2C9DC7256468C8A9 ft=1 fh=758793138bc2f631 vn="Variante von Win32/DealPly.S evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\mmwin8\AppData\Local\Temp\FoxTabUpdater.exe"
sh=9BA5864D1CA753AA8D7CB264BD7205BD49187B05 ft=1 fh=c2b20d8fe44d5dab vn="Variante von Win32/InstallCore.QW evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\mmwin8\AppData\Local\Temp\ICSW_0L1L2X1P.exe"
sh=41A82661B893D5100739EF4BB7A5FA84F6F65489 ft=1 fh=64f24fa730c58889 vn="Variante von Win32/SoftPulse.L evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\mmwin8\AppData\Local\Temp\k0V4riU6.exe.part"
sh=17A85501E461D5F6BA5BBEC8E3350B0FBCFAEB55 ft=1 fh=062c89d6e551a95b vn="Variante von Win32/InstallCore.OZ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\mmwin8\AppData\Local\Temp\nsfD27.tmp"
sh=AF023CD20C85601E6874CB788BCAA49AE325A40D ft=1 fh=da3b4c00ec0bc47d vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\mmwin8\AppData\Local\Temp\B716tmp\cloud_backup_setup.exe"
sh=4575013B89A5654F432558D742D61AC308A82E6C ft=1 fh=110bb36b0cd7162d vn="Win32/VOPackage.AJ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\mmwin8\AppData\Local\Temp\B718tmp\vopackage.exe"
sh=CC65D08E1346D6B7E04F823863C53B476C25E540 ft=1 fh=71b0107b933b30fe vn="Mehrere Bedrohungen (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\mmwin8\AppData\Local\Temp\B72Atmp\5555-1001_newplayer.exe"
sh=4BE0DD8AEE12FBB015614D20D14DB2E8DCF4C146 ft=1 fh=0480a5c07a2ce911 vn="Variante von Win32/LiMo.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\mmwin8\AppData\Local\Temp\B72Dtmp\lly_omiga-plus.exe"
sh=B2D19C8060F4EE5DE54628CD847A831920F26EBD ft=1 fh=1a9caf39e8e83a91 vn="Mehrere Bedrohungen (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\mmwin8\AppData\Local\Temp\B72Ftmp\mybestofferstoday.exe"
sh=8AB98AD0676D2BA86C695194904E9269FE4087B8 ft=1 fh=d1ab0234e9bdb8b9 vn="Mehrere Bedrohungen (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\mmwin8\AppData\Local\Temp\B730tmp\optimizerpro.exe"
sh=771DFDE2DAEFA812748B36EEBB0E095BC1A9C1FA ft=1 fh=c5b413e131c57ef8 vn="Win32/SpeedingUpMyPC.R Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\mmwin8\AppData\Local\Temp\B731tmp\easyspeedpc.exe"
sh=C1690F5AA9BFB0B445E2D3D9911F75D7DCF2434B ft=1 fh=2922313275bef1a1 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\mmwin8\AppData\Local\Temp\B732tmp\setup.exe"
sh=B82277979A16525F00193ED725A5C810A98ED68F ft=1 fh=22a33171ab3f1326 vn="Win32/VOPackage.AI evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\mmwin8\AppData\Local\Temp\is45637729\137948237_stp\Generic_vo.exe"
sh=2E37E30CEBA49537322557009FA630DB232DF0AA ft=1 fh=a75de15ce3d4bd74 vn="Variante von Win32/SoftPulse.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\mmwin8\Downloads\Player.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.89
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 15.0.0.189
Mozilla Firefox (33.0)
Google Chrome 38.0.2125.104
Google Chrome 38.0.2125.111
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2014
Ran by mmwin8 (administrator) on HP on 29-10-2014 09:14:41
Running from C:\Users\mmwin8\Desktop
Loaded Profiles: UpdatusUser & mmwin8 (Available profiles: UpdatusUser & mmwin8)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Akamai Technologies, Inc.) C:\Users\mmwin8\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\mmwin8\AppData\Local\Akamai\netsession_win.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
() C:\Users\mmwin8\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-15] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [ADSK DLMSession] => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1641368 2013-02-01] (Autodesk, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-09-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [mbot_de_195] => [X]
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2165703608-1458269777-427185745-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-2165703608-1458269777-427185745-1002\...\Run: [Akamai NetSession Interface] => C:\Users\mmwin8\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2165703608-1458269777-427185745-1002\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-2165703608-1458269777-427185745-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2165703608-1458269777-427185745-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2165703608-1458269777-427185745-1002\...\Run: [Google Update] => C:\Users\mmwin8\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-05-08] (Google Inc.)
HKU\S-1-5-21-2165703608-1458269777-427185745-1002\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\S-1-5-21-2165703608-1458269777-427185745-1002\...\Policies\Explorer: []
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-10-27] (NVIDIA Corporation)
AppInit_DLLs: acaptuser64.dll => C:\WINDOWS\system32\acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPNOT13/4
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {A28F0689-CA9E-46FF-ACB3-73BF34D4AC4B} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\mmwin8\AppData\Roaming\Mozilla\Firefox\Profiles\vnshqgf4.default-1414348600097
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\mmwin8\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\mmwin8\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Strict Pop-up Blocker - C:\Users\mmwin8\AppData\Roaming\Mozilla\Firefox\Profiles\vnshqgf4.default-1414348600097\Extensions\jid1-P34HaABBBpOerQ@jetpack.xpi [2014-10-27]
FF Extension: Adblock Plus - C:\Users\mmwin8\AppData\Roaming\Mozilla\Firefox\Profiles\vnshqgf4.default-1414348600097\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-27]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-04-30]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\mmwin8\AppData\Local\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\mmwin8\AppData\Local\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\mmwin8\AppData\Local\Google\Chrome\Application\38.0.2125.104\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AdobeExManDetect) - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\mmwin8\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Profile: C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-08]
CHR Extension: (Google Drive) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-08]
CHR Extension: (Adblock Plus) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-05-08]
CHR Extension: (Google-Suche) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-08]
CHR Extension: (AdBlock) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-05-08]
CHR Extension: (zate.tv) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\khoncmmfjdkoiamjpnhohoeanaefcdnj [2013-10-24]
CHR Extension: (Classic Popup Blocker) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp [2013-05-08]
CHR Extension: (Google Wallet) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Better Pop Up Blocker) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic [2013-05-08]
CHR Extension: (Google Mail) - C:\Users\mmwin8\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-08]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-06-15] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-06-15] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-05-31] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-05-31] (Microsoft Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-05-31] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-05-31] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-05-31] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-21] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-05-31] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-29 08:03 - 2014-10-29 08:04 - 00854448 _____ () C:\Users\mmwin8\Desktop\SecurityCheck.exe
2014-10-29 05:04 - 2014-10-29 05:05 - 01041800 _____ () C:\WINDOWS\Minidump\102914-26046-01.dmp
2014-10-29 00:14 - 2014-10-29 00:15 - 02347384 _____ (ESET) C:\Users\mmwin8\Downloads\esetsmartinstaller_deu.exe
2014-10-29 00:03 - 2014-10-29 00:03 - 00880272 _____ (Google Inc.) C:\Users\mmwin8\Downloads\ChromeSetup.exe
2014-10-27 20:10 - 2014-10-27 20:10 - 00001632 _____ () C:\Users\mmwin8\Desktop\JRT.txt
2014-10-27 20:08 - 2014-10-27 20:08 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-10-27 20:07 - 2014-10-27 20:07 - 00001308 _____ () C:\Users\mmwin8\Desktop\AdwCleaner[S3].txt
2014-10-27 19:56 - 2014-10-27 19:59 - 01706144 _____ (Thisisu) C:\Users\mmwin8\Desktop\JRT.exe
2014-10-27 19:55 - 2014-10-27 19:56 - 01998336 _____ () C:\Users\mmwin8\Desktop\AdwCleaner_4.002.exe
2014-10-26 21:08 - 2014-10-26 21:08 - 00008389 _____ () C:\Users\mmwin8\Desktop\Gmer.txt
2014-10-26 21:04 - 2014-10-26 21:04 - 00380416 _____ () C:\Users\mmwin8\Desktop\Gmer-19357.exe
2014-10-26 20:59 - 2014-10-26 21:00 - 00044387 _____ () C:\Users\mmwin8\Desktop\Addition.txt
2014-10-26 20:58 - 2014-10-29 09:14 - 00023786 _____ () C:\Users\mmwin8\Desktop\FRST.txt
2014-10-26 20:58 - 2014-10-29 09:14 - 00000000 ____D () C:\FRST
2014-10-26 20:56 - 2014-10-26 20:57 - 02113024 _____ (Farbar) C:\Users\mmwin8\Desktop\FRST64.exe
2014-10-26 20:53 - 2014-10-26 20:54 - 00000474 _____ () C:\Users\mmwin8\Desktop\defogger_disable.log
2014-10-26 20:53 - 2014-10-26 20:53 - 00050477 _____ () C:\Users\mmwin8\Desktop\Defogger.exe
2014-10-26 20:53 - 2014-10-26 20:53 - 00000000 _____ () C:\Users\mmwin8\defogger_reenable
2014-10-26 20:40 - 2014-10-26 20:40 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-26 20:36 - 2014-10-26 20:36 - 00259584 _____ (OldTimer Tools) C:\Users\mmwin8\Desktop\OTH.scr
2014-10-26 20:34 - 2014-10-26 20:34 - 00259584 _____ (OldTimer Tools) C:\Users\mmwin8\Downloads\102F.tmp
2014-10-26 20:33 - 2014-10-26 20:33 - 00244408 _____ () C:\Users\mmwin8\Downloads\Firefox Setup Stub 33.0.exe
2014-10-26 20:11 - 2014-10-26 20:11 - 00000000 ____D () C:\Users\mmwin8\Downloads\mbam-chameleon-3.1.7.0
2014-10-26 20:09 - 2014-10-26 20:11 - 04909382 _____ () C:\Users\mmwin8\Downloads\mbam-chameleon-3.1.7.0.zip
2014-10-26 19:58 - 2014-10-26 20:01 - 01838900 _____ () C:\Users\mmwin8\Downloads\Nicht bestätigt 518905.crdownload
2014-10-26 19:23 - 2014-10-27 20:04 - 00000000 ____D () C:\AdwCleaner
2014-10-26 19:22 - 2014-10-26 19:36 - 00000000 ____D () C:\Users\mmwin8\Desktop\Alte Firefox-Daten
2014-10-26 19:20 - 2014-10-26 19:20 - 01962496 _____ () C:\Users\mmwin8\Downloads\adwcleaner_4.001.exe
2014-10-26 18:57 - 2014-10-26 19:08 - 00002809 _____ () C:\WINDOWS\patsearch.bin
2014-10-26 18:57 - 2014-10-26 18:57 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-10-26 17:51 - 2014-10-26 18:11 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-26 12:02 - 2014-10-26 12:02 - 00638376 _____ (Oracle Corporation) C:\Users\mmwin8\Downloads\jre-8u25-windows-i586-iftw.exe
2014-10-25 04:46 - 2014-10-25 04:47 - 01367608 _____ () C:\WINDOWS\Minidump\102514-22718-01.dmp
2014-10-24 02:20 - 2014-10-24 02:20 - 00000000 ____D () C:\Users\mmwin8\Downloads\Brushes_www_grafiki_info
2014-10-24 02:20 - 2014-10-24 02:20 - 00000000 ____D () C:\Users\mmwin8\Downloads\BB_HiRes_Grungy_Watercolor_CS1.abr
2014-10-24 02:20 - 2014-10-24 02:20 - 00000000 ____D () C:\Users\mmwin8\Downloads\346-velvetcat__s_brush_set_by_velvetcat
2014-10-24 01:57 - 2014-10-24 02:01 - 19306695 _____ () C:\Users\mmwin8\Downloads\BB_HiRes_Grungy_Watercolor_CS1.abr.zip
2014-10-24 01:57 - 2014-10-24 02:01 - 14170242 _____ () C:\Users\mmwin8\Downloads\346-velvetcat__s_brush_set_by_velvetcat.zip
2014-10-24 01:57 - 2014-10-24 02:00 - 06896033 _____ () C:\Users\mmwin8\Downloads\Brushes_www_grafiki_info.zip
2014-10-24 00:32 - 2014-10-24 00:32 - 00000000 ____D () C:\Users\mmwin8\Downloads\Grunge_Brushes_005_by_Tackybrush
2014-10-24 00:32 - 2014-10-24 00:32 - 00000000 ____D () C:\Users\mmwin8\Downloads\Free_Grunge_Photoshop_Brushes_by_digitalrevolutions
2014-10-24 00:31 - 2014-10-24 00:32 - 05932344 _____ () C:\Users\mmwin8\Downloads\Free_Grunge_Photoshop_Brushes_by_digitalrevolutions.zip
2014-10-24 00:30 - 2014-10-24 00:31 - 00137120 _____ () C:\Users\mmwin8\Downloads\Grunge_Brushes_005_by_Tackybrush.zip
2014-10-23 20:37 - 2014-10-23 20:37 - 08800423 _____ () C:\Users\mmwin8\Downloads\farbe.zip
2014-10-23 20:36 - 2014-10-23 20:37 - 03162112 _____ () C:\Users\mmwin8\Downloads\republica_Farben.indd
2014-10-22 23:12 - 2014-10-22 23:12 - 00301728 _____ () C:\WINDOWS\Minidump\102314-35578-01.dmp
2014-10-15 20:47 - 2014-09-27 23:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-10-15 20:47 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-10-15 20:47 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-10-15 20:47 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-10-15 20:47 - 2014-09-08 04:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-10-15 20:47 - 2014-09-08 02:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-10-15 20:47 - 2014-09-08 02:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-10-15 20:47 - 2014-09-08 01:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-10-15 20:47 - 2014-09-08 01:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-10-15 20:47 - 2014-09-08 01:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-10-15 20:47 - 2014-09-08 01:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-10-15 20:47 - 2014-09-08 01:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-10-15 20:47 - 2014-09-08 01:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-10-15 20:47 - 2014-09-08 01:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-10-15 20:47 - 2014-09-08 00:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-10-15 20:47 - 2014-09-08 00:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-10-15 20:47 - 2014-09-08 00:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-10-15 20:47 - 2014-09-08 00:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-10-15 20:47 - 2014-09-04 01:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-10-15 20:47 - 2014-09-04 00:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-10-15 20:47 - 2014-09-04 00:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-10-15 20:46 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-10-15 20:46 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-10-15 20:46 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-10-15 20:46 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-10-15 20:46 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-10-15 20:46 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-10-15 20:46 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-10-15 20:46 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-10-15 20:46 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-10-15 20:46 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-10-15 20:46 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-10-15 20:46 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-10-15 20:46 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-10-15 20:46 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-10-15 20:46 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-10-15 20:46 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-10-15 20:46 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-10-15 20:46 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-10-15 20:46 - 2014-09-19 01:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-10-15 20:46 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-10-15 20:46 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-10-15 20:46 - 2014-09-19 01:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-10-15 20:46 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-10-15 20:46 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-10-15 20:46 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-10-15 20:46 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-10-15 20:46 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-10-15 20:46 - 2014-09-13 07:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-10-15 20:46 - 2014-09-13 06:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-10-15 20:46 - 2014-09-04 01:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-10-15 20:46 - 2014-09-04 01:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-10-15 20:46 - 2014-08-29 02:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-10-15 20:46 - 2014-08-29 00:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-10-15 20:46 - 2014-08-29 00:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-10-15 20:46 - 2014-08-16 05:08 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-10-15 20:46 - 2014-08-16 05:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-10-15 20:46 - 2014-08-16 05:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-10-15 20:46 - 2014-08-16 04:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-10-15 20:46 - 2014-08-16 04:57 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-10-15 20:46 - 2014-08-16 04:16 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-10-15 20:46 - 2014-08-16 04:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-10-15 20:46 - 2014-08-16 02:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2014-10-15 20:46 - 2014-08-16 01:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-10-15 20:46 - 2014-08-16 01:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-10-15 20:46 - 2014-08-16 01:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-10-15 20:46 - 2014-08-16 01:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-10-15 20:46 - 2014-08-16 01:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-10-15 20:46 - 2014-08-16 01:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-10-15 20:46 - 2014-08-16 01:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-10-15 20:46 - 2014-08-16 01:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-10-15 20:46 - 2014-08-16 01:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-10-15 20:46 - 2014-08-16 01:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-10-15 20:45 - 2014-10-09 23:16 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-10-15 20:45 - 2014-10-08 23:09 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-10-15 20:45 - 2014-09-19 02:24 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-10-15 20:45 - 2014-09-13 07:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-10-15 20:45 - 2014-09-13 06:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-10-15 20:45 - 2014-08-16 04:57 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-10-15 20:45 - 2014-08-16 04:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-10-15 20:45 - 2014-08-16 02:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-10-15 20:45 - 2014-08-16 01:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-10-15 20:45 - 2014-08-16 01:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-10-15 20:45 - 2014-08-16 01:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2014-10-15 20:45 - 2014-08-16 01:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-10-15 20:45 - 2014-08-16 01:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2014-10-15 20:45 - 2014-08-16 01:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-10-15 20:45 - 2014-08-16 01:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2014-10-15 20:45 - 2014-08-16 01:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-15 20:45 - 2014-08-16 01:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-10-15 20:45 - 2014-08-16 01:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-10-15 20:45 - 2014-08-16 01:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-15 20:45 - 2014-08-16 01:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-10-15 20:45 - 2014-08-16 01:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-10-15 20:45 - 2014-08-01 00:22 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-10-15 10:42 - 2014-10-15 10:42 - 01055608 _____ () C:\WINDOWS\Minidump\101514-18937-01.dmp
2014-10-15 10:30 - 2014-10-15 10:30 - 00301600 _____ () C:\WINDOWS\Minidump\101514-24484-01.dmp
2014-10-15 09:37 - 2014-10-15 00:38 - 11189539 _____ () C:\Users\mmwin8\Desktop\Sequenz 01_2.mp4
2014-10-15 09:34 - 2014-10-27 19:55 - 00000000 ____D () C:\Users\mmwin8\Desktop\Deskstop_temporal
2014-10-15 00:08 - 2014-10-15 00:08 - 05016119 _____ () C:\Users\mmwin8\Downloads\130808_MINI_Illus.ai
2014-10-14 16:24 - 2014-10-14 16:25 - 11658703 _____ () C:\Users\mmwin8\Downloads\sound.zip
2014-10-13 23:55 - 2014-10-13 23:55 - 01265448 _____ () C:\WINDOWS\Minidump\101414-23656-01.dmp
2014-10-12 00:24 - 2014-10-12 00:25 - 00298200 _____ () C:\WINDOWS\Minidump\101214-74156-01.dmp
2014-10-11 23:20 - 2014-10-14 19:19 - 00000000 ____D () C:\Users\mmwin8\Downloads\commercial_aircrafts_311464
2014-10-11 23:20 - 2014-10-11 23:20 - 01066618 _____ () C:\Users\mmwin8\Downloads\commercial_aircrafts_311464.zip
2014-10-11 17:31 - 2014-10-11 17:31 - 00108022 _____ () C:\Users\mmwin8\Downloads\Caslon Italic.ttf
2014-10-11 17:31 - 2014-10-11 17:31 - 00051564 _____ () C:\Users\mmwin8\Downloads\caslon_1.ttf
2014-10-11 15:57 - 2014-10-11 15:57 - 00048728 _____ () C:\Users\mmwin8\Downloads\supergroteskc-medlf.ttf
2014-10-11 15:56 - 2014-10-11 15:56 - 00047600 _____ () C:\Users\mmwin8\Downloads\supergroteskb-medlf.ttf
2014-10-11 15:56 - 2014-10-11 15:56 - 00047460 _____ () C:\Users\mmwin8\Downloads\supergroteska-medlf.ttf
2014-10-11 15:55 - 2014-10-11 15:55 - 00047500 _____ () C:\Users\mmwin8\Downloads\supergroteska-med.ttf
2014-10-11 15:55 - 2014-10-11 15:55 - 00047224 _____ () C:\Users\mmwin8\Downloads\supergroteska-cdbd.ttf
2014-10-11 15:55 - 2014-10-11 15:55 - 00047192 _____ () C:\Users\mmwin8\Downloads\supergroteska-bd.ttf
2014-10-11 15:55 - 2014-10-11 15:55 - 00047048 _____ () C:\Users\mmwin8\Downloads\supergroteska-rg.ttf
2014-10-11 14:22 - 2014-10-14 22:17 - 00000132 _____ () C:\Users\mmwin8\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2014-10-11 00:00 - 2014-10-11 00:00 - 01259816 _____ () C:\WINDOWS\Minidump\101114-35718-01.dmp
2014-10-09 19:57 - 2014-10-11 15:33 - 00000000 ____D () C:\Users\mmwin8\Downloads\origami falz
2014-10-09 19:54 - 2014-10-09 19:54 - 03823711 _____ () C:\Users\mmwin8\Downloads\origami falz.zip
2014-10-08 15:30 - 2014-10-28 21:36 - 00000000 ____D () C:\Users\mmwin8\Desktop\Republica
2014-10-07 22:44 - 2014-10-07 22:44 - 00092085 _____ () C:\Users\mmwin8\Downloads\F85.tmp
2014-10-06 17:03 - 2014-10-06 17:03 - 01101088 _____ () C:\WINDOWS\Minidump\100614-17796-01.dmp
2014-10-06 16:51 - 2014-10-06 16:51 - 01116848 _____ () C:\WINDOWS\Minidump\100614-16796-01.dmp
2014-10-04 07:05 - 2014-10-04 07:05 - 00298336 _____ () C:\WINDOWS\Minidump\100414-19109-01.dmp
2014-10-01 23:30 - 2014-10-01 23:30 - 00295800 _____ () C:\WINDOWS\Minidump\100214-20015-01.dmp
2014-09-29 08:51 - 2014-09-29 08:51 - 01108720 _____ () C:\WINDOWS\Minidump\092914-24015-01.dmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-29 09:15 - 2013-05-08 05:14 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2165703608-1458269777-427185745-1002UA.job
2014-10-29 09:13 - 2014-02-16 17:47 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-29 09:10 - 2013-05-06 15:35 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-29 09:09 - 2013-05-05 20:28 - 00000000 ____D () C:\Users\mmwin8\AppData\Roaming\vlc
2014-10-29 09:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-29 08:53 - 2014-05-31 08:08 - 01283237 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-29 08:02 - 2013-02-13 09:48 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2165703608-1458269777-427185745-1002
2014-10-29 07:58 - 2014-03-18 11:03 - 01980934 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-29 07:58 - 2014-03-18 10:25 - 00842568 _____ () C:\WINDOWS\system32\perfh007.dat
2014-10-29 07:58 - 2014-03-18 10:25 - 00191764 _____ () C:\WINDOWS\system32\perfc007.dat
2014-10-29 07:58 - 2013-04-28 18:42 - 00000000 ____D () C:\Users\mmwin8\AppData\Local\Akamai
2014-10-29 07:57 - 2014-05-31 08:53 - 00000000 __RDO () C:\Users\mmwin8\OneDrive
2014-10-29 05:28 - 2014-05-31 08:21 - 00000000 ____D () C:\Users\mmwin8
2014-10-29 05:05 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-29 05:04 - 2014-06-02 06:12 - 761036789 _____ () C:\WINDOWS\MEMORY.DMP
2014-10-29 05:04 - 2014-06-02 06:12 - 00000000 ____D () C:\WINDOWS\Minidump
2014-10-28 22:17 - 2013-08-09 23:13 - 00003158 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleFormmwin8
2014-10-28 22:17 - 2013-08-09 23:13 - 00000342 _____ () C:\WINDOWS\Tasks\HPCeeScheduleFormmwin8.job
2014-10-28 21:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-10-28 21:15 - 2014-06-17 05:58 - 00742912 ___SH () C:\Users\mmwin8\Desktop\Thumbs.db
2014-10-28 01:01 - 2013-09-14 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-28 00:57 - 2014-05-23 05:48 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-27 20:27 - 2013-05-01 21:56 - 00000000 ___RD () C:\Users\mmwin8\Dropbox
2014-10-27 20:27 - 2013-05-01 21:51 - 00000000 ____D () C:\Users\mmwin8\AppData\Roaming\Dropbox
2014-10-27 20:05 - 2014-09-24 22:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-27 20:05 - 2014-03-18 02:50 - 00017468 _____ () C:\WINDOWS\PFRO.log
2014-10-27 20:05 - 2013-04-27 04:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-27 20:04 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-10-26 23:10 - 2013-08-22 15:46 - 00348092 _____ () C:\WINDOWS\setupact.log
2014-10-26 20:40 - 2013-04-27 04:20 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-26 20:02 - 2014-05-31 08:50 - 00001009 _____ () C:\Users\mmwin8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-26 19:34 - 2012-08-04 01:02 - 00000000 ____D () C:\SWSetup
2014-10-26 17:54 - 2013-09-14 13:16 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-26 17:51 - 2013-09-14 13:16 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-10-26 17:51 - 2013-09-14 13:16 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-10-26 17:51 - 2013-09-14 13:16 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-10-26 11:15 - 2013-05-08 05:14 - 00001078 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2165703608-1458269777-427185745-1002Core.job
2014-10-26 01:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-10-25 20:19 - 2014-06-21 10:28 - 00000000 ____D () C:\Users\mmwin8\Downloads\IXtract
2014-10-24 19:00 - 2013-05-10 13:13 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-10-24 19:00 - 2013-05-10 13:13 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-19 10:10 - 2013-05-08 05:14 - 00004082 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2165703608-1458269777-427185745-1002UA
2014-10-19 10:10 - 2013-05-08 05:14 - 00003702 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2165703608-1458269777-427185745-1002Core
2014-10-18 21:08 - 2014-02-16 17:47 - 00004096 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-18 21:08 - 2014-02-16 17:46 - 00003860 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-18 21:08 - 2014-02-16 17:46 - 00001120 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-18 20:47 - 2013-05-06 16:33 - 00001456 _____ () C:\Users\mmwin8\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-10-18 16:36 - 2013-04-27 05:18 - 00000000 ____D () C:\Users\mmwin8\AppData\Local\Adobe
2014-10-18 16:26 - 2013-05-06 15:35 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-10-18 16:20 - 2014-09-15 20:39 - 00000000 ____D () C:\Users\mmwin8\Downloads\emerge
2014-10-17 05:47 - 2013-07-15 09:52 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-17 05:43 - 2013-04-29 14:42 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-17 03:02 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-10-16 19:17 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-10-16 15:23 - 2013-07-14 20:13 - 02382336 ___SH () C:\Users\mmwin8\Downloads\Thumbs.db
2014-10-16 14:12 - 2013-08-22 15:44 - 09932680 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-16 10:22 - 2014-07-09 01:11 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-10-16 10:22 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-16 10:22 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-10-16 10:22 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-10-16 10:22 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-10-16 10:22 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-10-15 11:08 - 2014-05-23 06:25 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-13 01:32 - 2013-02-13 09:42 - 00000000 ____D () C:\Users\mmwin8\AppData\Roaming\Adobe
2014-10-13 00:34 - 2014-06-14 20:08 - 00000000 ___RD () C:\Users\mmwin8\Google Drive
2014-10-11 18:04 - 2013-05-01 21:53 - 00000000 ____D () C:\Users\mmwin8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-10-09 17:05 - 2013-04-30 18:58 - 00002481 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2014-10-09 17:05 - 2013-04-30 18:58 - 00002469 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2014-10-09 17:05 - 2013-04-30 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2014-10-06 20:40 - 2014-01-27 12:50 - 00000000 __SHD () C:\Users\mmwin8\wc
2014-10-06 09:46 - 2013-04-28 18:51 - 00000000 ____D () C:\ProgramData\Autodesk
2014-10-06 09:45 - 2013-04-28 18:43 - 00000000 ____D () C:\Users\mmwin8\AppData\Local\Autodesk
2014-10-05 17:38 - 2014-09-12 06:59 - 00000000 ____D () C:\Users\mmwin8\AppData\Local\Windows Live
2014-09-29 23:45 - 2014-09-15 08:53 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-09-29 23:45 - 2014-09-15 08:53 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-29 21:44 - 2013-10-23 22:03 - 00000000 ____D () C:\Users\mmwin8\Downloads\Susan
2014-09-29 19:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\tracing
Some content of TEMP:
====================
C:\Users\mmwin8\AppData\Local\Temp\BackupSetup.exe
C:\Users\mmwin8\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcg2qz_.dll
C:\Users\mmwin8\AppData\Local\Temp\Quarantine.exe
C:\Users\mmwin8\AppData\Local\Temp\sqlite3.dll
C:\Users\mmwin8\AppData\Local\Temp\vcredist_x64.exe
C:\Users\mmwin8\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\mmwin8\AppData\Local\Temp\ZBZK8.dll
C:\Users\mmwin8\AppData\Local\Temp\ZBZK8.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-29 05:16
==================== End Of Log ============================
ich kann noch nicht mein Anti-Malware aufmachen... soll/darf ich das program deinstalliert und wieder installieren? Viele Grüße |
|
29.10.2014, 20:30
| #8 |
| /// the machine /// TB-Ausbilder | Omiga plus "gelöscht" und malwarebytes Anti-malware startet nicht. Ja mach das mal. Und nutze dazwischen auch das MBAM-eigene Cleanup Tool
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.10.2014, 16:05
| #9 |
| | Omiga plus "gelöscht" und malwarebytes Anti-malware startet nicht. alles is (soweit) wieder normal! Vieeeeeeeelen Dank! viele grüße Raf |
|
31.10.2014, 10:01
| #10 |
| /// the machine /// TB-Ausbilder | Omiga plus "gelöscht" und malwarebytes Anti-malware startet nicht. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM-x32\...\Run: [mbot_de_195] => [X]
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.11.2014, 23:33
| #11 |
| | Omiga plus "gelöscht" und malwarebytes Anti-malware startet nicht. hier: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-11-2014
Ran by mmwin8 at 2014-11-01 23:14:44 Run:1
Running from C:\Users\mmwin8\Desktop
Loaded Profiles: UpdatusUser & mmwin8 & (Available profiles: UpdatusUser & mmwin8)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM-x32\...\Run: [mbot_de_195] => [X]
Emptytemp:
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mbot_de_195 => Value not found.
EmptyTemp: => Removed 15.3 GB temporary data.
The system needed a reboot.
==== End of Fixlog ====
|
|
02.11.2014, 15:09
| #12 |
| /// the machine /// TB-Ausbilder | Omiga plus "gelöscht" und malwarebytes Anti-malware startet nicht. fertig
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Omiga plus "gelöscht" und malwarebytes Anti-malware startet nicht. |
| anti-malware, fehlercode 0x40000015, malwarebytes, malwarebytes anti-malware, omiga plus, omiga-plus, startet nicht, versucht, warscheinlich, win32/adware.addlyrics.cl, win32/bmmedia.dn, win32/dealply.s, win32/expressdownloader.k, win32/installcore.oz, win32/installcore.qw, win32/limo.c, win32/mypcbackup.a, win32/softpulse.b, win32/softpulse.l, win32/speedingupmypc.r, win32/toolbar.crossrider.bm, win32/vopackage.ah, win32/vopackage.ai, win32/vopackage.aj, win32/vopackage.al |
Linear-Darstellung
