| |
| |||||||
Log-Analyse und Auswertung: Windows 7 64bit: SmartSaver 15 eingefangen. Logs bereits erstellt.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.10.2014, 10:43
| #1 |
 |  Windows 7 64bit: SmartSaver 15 eingefangen. Logs bereits erstellt. Hallo, ich habe heute bemerkt das auf meinem Sytem etwas nicht stimmt. WIN7 64bit Norton 360 (hat Befall nicht festgestellt) Folgende Schritte habe ich in dieser Reienfolge ausgeführt. 1- Laufwerksemulationen abschalten mit Defogger 2- Systemscan mit FRST (log wieder gelöscht wegen Schritt 4 ) 3- Scan mit GMER (log wieder gelöscht wegen Schritt 4 ) 4- MaleWarebyts heruntergeladen und laufen gelassen um sicher zu gehen das Befall auch wirklich vorliegt. 5- Systemscan mit FRST ( log angehängt) 6- Scan mit GMER ( log angehängt) 7- Proxy im browser zurück gestellt um wieder ins Web zu können. Mbam log muesste einmal vor und einmal nach Bereinigung sein. Alle anderen Log´s sind nach der Bereinigung mit MaleWareBytes. Vielen Dank für eure Hilfe. |
|
28.10.2014, 10:48
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7 64bit: SmartSaver 15 eingefangen. Logs bereits erstellt. Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
28.10.2014, 11:05
| #3 |
| | Windows 7 64bit: SmartSaver 15 eingefangen. Logs bereits erstellt. Hallo und Danke,
__________________Aufgrund der Länge in 4 Posts. 1/4 Mbam_log Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 28.10.2014 Scan Time: 09:53:31 Logfile: Mbam_log.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.10.28.01 Rootkit Database: v2014.09.18.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: KI Scan Type: Threat Scan Result: Completed Objects Scanned: 359018 Time Elapsed: 5 min, 21 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 1 PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Client.exe, 1936, , [52bf9b7fff7d42f4a942b8e0f80c8779] Modules: 0 (No malicious items detected) Registry Keys: 58 PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611171196}, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110611171196}, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644174496}, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655175596}, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666176696}, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655175596}, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666176696}, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644174496}, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\CLASSES\f3b99230f329013156aa33422def983b0061796.BHO.1, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110611171196}, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110611171196}, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\CLASSES\f3b99230f329013156aa33422def983b0061796.BHO, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\f3b99230f329013156aa33422def983b0061796.BHO, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\f3b99230f329013156aa33422def983b0061796.BHO.1, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220622172296}, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\CLASSES\f3b99230f329013156aa33422def983b0061796.Sandbox.1, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\CLASSES\f3b99230f329013156aa33422def983b0061796.Sandbox, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\f3b99230f329013156aa33422def983b0061796.Sandbox, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\f3b99230f329013156aa33422def983b0061796.Sandbox.1, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220622172296}, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611171196}\INPROCSERVER32, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SearchExtensions.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RocketTab, , [52bf9b7fff7d42f4a942b8e0f80c8779], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\26549, , [b75ade3c5824d660e668aca3f310ed13], PUP.Optional.RocketTab.A, HKLM\SOFTWARE\WOW6432NODE\RocketTab, , [f41d87938eee03333f339c8dd0335aa6], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\WOW6432NODE\SmartSaver+ 15, , [b35e21f913697fb71a94a1b4808316ea], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\WOW6432NODE\SmartSaver+ 15-nv, , [28e903173b41d95db2fcc491ea19a15f], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, , [838e1604a9d3f5413f098fa50ff4dc24], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\26549, , [63aea8725923191d8ac487c87d8637c9], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, , [ac65c456ef8d38fe399a692bd3314fb1], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, , [ac65bc5e0e6ed16506ceb6deda2aeb15], PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, , [e32e3bdf8af2ba7c2044c274a063a55b], PUP.Optional.SmartSaver.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\SmartSaver+ 15, , [a26f1505aad2b77f575468ed8f749070], PUP.Optional.RocketTab.A, HKU\S-1-5-21-4212900307-3805612920-3004824622-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\RocketTabInstalled, , [8e83f327374588ae8ce7be6bcd36817f], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4212900307-3805612920-3004824622-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [61b0809ab7c5ce6899714f375ca8837d], PUP.Optional.SmartSaver.A, HKU\S-1-5-21-4212900307-3805612920-3004824622-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\SmartSaver+ 15, , [c54c94860676b2844a61ff56aa59ba46], PUP.Optional.InstallCore.A, HKU\S-1-5-21-4212900307-3805612920-3004824622-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [878a3ae0daa21a1cabdefd5ee2212bd5], PUP.Optional.InstallCore.A, HKU\S-1-5-21-4212900307-3805612920-3004824622-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [cf420713df9d2412c10eb0c17292d030], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4212900307-3805612920-3004824622-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\26549, , [9b76cf4bcfad072f2ddb9f8948bba858], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4212900307-3805612920-3004824622-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\smart-saverplus, , [977a3ae099e3979f996bdf4fde25af51], PUP.Optional.RocketTab.A, HKU\S-1-5-21-4212900307-3805612920-3004824622-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCH EXTENSIONS, , [d63b1bffc2ba3ff7c5292b6d3dc7857b], PUP.Optional.SystemSpeedup, HKU\S-1-5-21-4212900307-3805612920-3004824622-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, , [3bd6e832e79570c6f271bf77956e2dd3], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SmartSaver+ 15, , [3dd458c23a4279bd2cf194640af88d73], PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdate, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdatem, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.OneClickCtrl.10, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.Update3WebControl.4, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, , [e52c38e25824270fda573bd3986b53ad], Registry Values: 3 PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, , [838e1604a9d3f5413f098fa50ff4dc24] PUP.Optional.InstallCore.A, HKU\S-1-5-21-4212900307-3805612920-3004824622-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0X2O1C0R2R1R, , [cf420713df9d2412c10eb0c17292d030] PUP.Optional.RocketTab.A, HKU\S-1-5-21-4212900307-3805612920-3004824622-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCH EXTENSIONS|RocketTab, 1, , [d63b1bffc2ba3ff7c5292b6d3dc7857b] Registry Data: 0 (No malicious items detected) Folders: 23 PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions, , [52bf9b7fff7d42f4a942b8e0f80c8779], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources, , [52bf9b7fff7d42f4a942b8e0f80c8779], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15, , [3dd458c23a4279bd2cf194640af88d73], PUP.Optional.SystemSpeedup, C:\Users\KI\AppData\Roaming\systweak\ssd, , [967b32e8681477bf29d74ebf13f0b24e], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Download, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Install, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline\{83A45E96-CD53-4930-9F9D-C4814B3173A9}, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\api, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\defaults, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\defaults\preferences, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\userCode, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\locale, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\locale\en-US, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\skin, , [da3716042a524aece817fe17b25122de], Files: 187 PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\SmartSaver+ 15-bho64.dll, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\SmartSaver+ 15-bho.dll, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, C:\Users\KI\AppData\Roaming\CRAZB.exe, , [34dd3cdeacd0db5be73409696f92956b], PUP.Optional.SmartSaver.A, C:\Users\KI\AppData\Roaming\QVEOKK.exe, , [7f9278a29ce0bf77bc5f4230a85946ba], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-11.exe, , [bf521cfe611b21150e0d066c5ba6936d], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-2.exe, , [8d8448d20c70171fd2490f63ce33e917], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-3.exe, , [d33eea30b2ca51e58b904d2522df14ec], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-4.exe, , [39d82dedcfadb2841902561c40c1c040], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-5.exe, , [69a8aa70c5b7c47265b67cf6f50cbb45], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-6.exe, , [70a15dbdc3b971c5ae6d90e2c0417090], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-64.exe, , [7899b664314be1554ccfdc966f927d83], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-7.exe, , [16fb56c4512ba98df625e68c58a99a66], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\SmartSaver+ 15-bg.exe, , [5cb5bd5da1db999d37e483efe0215da3], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\SmartSaver+ 15-codedownloader.exe, , [fe1322f85f1d49ed29f21062df2257a9], PUP.Optional.CrossRider.A, C:\Program Files (x86)\SmartSaver+ 15\utils.exe, , [35dc04168cf0e3533424d76c7a8655ab], PUP.Optional.RocketTab.A, C:\Windows\System32\Tasks\RocketTab, , [7e9393876e0e39fd84f10e1bee15629e], PUP.Optional.RocketTab.A, C:\Windows\System32\Tasks\RocketTab Update Task, , [e72a7f9b65179f97225305243cc7916f], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-1, , [4ac760ba3d3fb77f212235ffe71c39c7], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-11, , [2de4a67493e96ec8df64a88c41c2f907], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-2, , [4fc23cdefc802016a0a36ec6739023dd], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-3, , [de33ae6c74080531e261e45054afdb25], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-4, , [0e03eb2f0c702610261d0b2948bb817f], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-5, , [030e908a69135cda85be2d0791728d73], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-5_user, , [b25f2eec7606d2646cd79b9917ec9868], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-6, , [d140ef2b7b0180b63d0693a18083867a], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-7, , [8c85ec2ed6a60a2c5fe472c21ae9bb45], PUP.Optional.CrossRider.T, C:\Windows\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-1.job, , [48c98d8d790366d08edba5edfc08b54b], PUP.Optional.CrossRider.T, C:\Windows\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-11.job, , [040db367522a40f66affaee48c78ee12], PUP.Optional.CrossRider.T, C:\Windows\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-2.job, , [de33f921bbc157df4f1a02907490ea16], PUP.Optional.CrossRider.T, C:\Windows\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-3.job, , [2ee33bdfaad2fe381d4c6b278a7aff01], PUP.Optional.CrossRider.T, C:\Windows\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-4.job, , [f918958594e879bda4c5286ade26fc04], PUP.Optional.CrossRider.T, C:\Windows\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-5.job, , [a46d51c94d2fc76f0762b4de22e23dc3], PUP.Optional.CrossRider.T, C:\Windows\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-5_user.job, , [56bbeb2fd3a9a39390d9c5cd897be41c], PUP.Optional.CrossRider.T, C:\Windows\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-6.job, , [8f8273a7a1db33033336a4eeff05f10f], PUP.Optional.CrossRider.T, C:\Windows\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-7.job, , [70a1e139bfbd84b24d1cf0a26c98b050], PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, , [c64b4bcf4a32280ef986eea417ed28d8], PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, , [5fb263b77a0290a66f110d856d9721df], PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, , [27ea21f93a426acc9fe2a3efcc3835cb], PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, , [ef220c0e8fed4beb364ce2b029dbf50b], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\TrustedRoot.cer, , [52bf9b7fff7d42f4a942b8e0f80c8779], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\certmanager.exe, , [52bf9b7fff7d42f4a942b8e0f80c8779], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Client.exe, , [52bf9b7fff7d42f4a942b8e0f80c8779], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\config.dat, , [52bf9b7fff7d42f4a942b8e0f80c8779], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\makecert.exe, , [52bf9b7fff7d42f4a942b8e0f80c8779], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\uninstall.exe, , [52bf9b7fff7d42f4a942b8e0f80c8779], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources\certutil.exe, , [52bf9b7fff7d42f4a942b8e0f80c8779], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources\libnspr4.dll, , [52bf9b7fff7d42f4a942b8e0f80c8779], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources\libplc4.dll, , [52bf9b7fff7d42f4a942b8e0f80c8779], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources\libplds4.dll, , [52bf9b7fff7d42f4a942b8e0f80c8779], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources\nss3.dll, , [52bf9b7fff7d42f4a942b8e0f80c8779], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources\smime3.dll, , [52bf9b7fff7d42f4a942b8e0f80c8779], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources\softokn3.dll, , [52bf9b7fff7d42f4a942b8e0f80c8779], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\54aadc8a-a5a9-4e36-bc10-270a39f9ee56.xpi, , [3dd458c23a4279bd2cf194640af88d73], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\1293297481.mxaddon, , [3dd458c23a4279bd2cf194640af88d73], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\25845abf-38fd-4069-af4f-d923e6e07cb0.crx, , [3dd458c23a4279bd2cf194640af88d73], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\25845abf-38fd-4069-af4f-d923e6e07cb0.dll, , [3dd458c23a4279bd2cf194640af88d73], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\54aadc8a-a5a9-4e36-bc10-270a39f9ee56.crx, , [3dd458c23a4279bd2cf194640af88d73], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\5ec23f86-1a1e-4962-814a-90397419f279.dll, , [3dd458c23a4279bd2cf194640af88d73], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\ac592ad1-7f3e-4abc-ad1a-747b2ff3a61a.crx, , [3dd458c23a4279bd2cf194640af88d73], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\background.html, , [3dd458c23a4279bd2cf194640af88d73], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\bgNova.html, , [3dd458c23a4279bd2cf194640af88d73], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\SmartSaver+ 15.ico, , [3dd458c23a4279bd2cf194640af88d73], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\Uninstall.exe, , [3dd458c23a4279bd2cf194640af88d73], PUP.Optional.SystemSpeedup, C:\Users\KI\AppData\Roaming\systweak\ssd\SSDPTstub.exe, , [967b32e8681477bf29d74ebf13f0b24e], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome.manifest, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\install.rdf, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\3c2f1c8965b52c1b2c98bc41a6411357.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\481dceca7b343f16883761a5b67e371d.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\540b7d586b01860ad111ef1186dae6ab.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\568c275ca4169ce992b9ab2ee7287106.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\919149ccdbb1d92538f151871f3c7779.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\ad30018e29074185139f16b7c48b148a.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\background.html, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\browser.xul, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\dialog.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\ffCoreFilesIndex.txt, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\options.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\options.xul, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\search_dialog.xul, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\api\001e1c75e12e5eeaa46b21d97604b8c5.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\api\05947b65f0cb45b7ff543eee25c738c2.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\api\1116faf3fbf2f66a6594aa0f08db1134.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\api\1cc16269c091d2b003f2f4649d78afdc.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\api\3fe18ff7d4759be3988938d25b3caaab.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\api\585703920f202961786eef2be4e892f1.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\api\7091fc1d47a8419a2d6c12903761e317.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\api\7393e6fdad0422d644468307140fb5c8.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\api\743aaf80fcd74638f6166f2003612b8d.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\api\758356b9776b6fb2b3b2b3fbe5425034.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\api\a0f279b4cad3e959688f2bbfdaea3d81.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\api\b045f1d347ac547499cc0b2a690e593e.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\api\b3b484047e626c2d52552a00e16e3a17.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\api\cae259b3c1e3c9d83c9a7ccd1bff452c.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\api\db944e2c02a01526b55d1ba840fb1b6e.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\api\f50c3cd465d9d32150883de1d130e6f6.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\03bbdaeb4a56b74a2b0ea24dd6015a07.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\048eb60965c3d1d25241edf82bb32e63.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\0884198296488d903d54b8ff196b2555.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\0c889a32c1bd2242e4167f1443661f17.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\0e66eb512346bd79c29cac4ada04e1c7.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\40b072da157019db999bf3e71be1e37b.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\41470a24b7583239c4e119296964ba51.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\4793b307df9265730d4f14cfe0c876aa.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\531a25cc13b5913d8bffd69df2c69e2d.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\5f240e06af56e5af2635cca51ba85360.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\6b614d14fd53a099f7cdcd1f94920d23.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\79693fdaf0c0d763f29c7934ff1f467b.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\a7967b83bd09ba8a07f96d3d1a018940.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\b8884614045917106503376b313c6201.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\c05f713a410bc98636d1d697b8f7c942.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\d23f20ac77d902180efae2f2ec1a1737.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\ee3570047902c71b9d5a2861287cde73.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\ee6018102f78135fcda74c16b1bc81f6.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\f49f2acf0d3abb21e9ed20cc9cb177f3.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\febc9880cccc1383ddc7a0e7cf04402e.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\installer.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\defaults\preferences\prefs.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\manifest.xml, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins.json, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\102.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\103.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\104.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\123.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\13.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\14.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\16.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\17.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\180.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\184.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\192.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\193.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\195.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\220.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\221.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\223.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\226.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\230.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\242.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\246.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\260.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\262.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\263.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\266.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\268.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\273.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\275.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\281.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\289.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\300.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\309.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\4.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\47.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\64.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\7.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\78.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\9.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\91.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\93.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\userCode\background.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\userCode\extension.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\locale\en-US\translations.dtd, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\skin\button1.png, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\skin\button2.png, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\skin\button3.png, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\skin\button4.png, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\skin\button5.png, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\skin\crossrider_statusbar.png, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\skin\icon128.png, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\skin\icon16.png, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\skin\icon24.png, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\skin\icon48.png, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\skin\panelarrow-up.png, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\skin\popup.html, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\skin\skin.css, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\skin\update.css, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "14950a76f24ce698129772050338eaaa");), ,[2de450ca512b72c453ea5411679ead53] Physical Sectors: 0 (No malicious items detected) (end) Aufgrund der Länge in 4 Posts. 2/4 Mbam_log_1 Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 28.10.2014 Scan Time: 09:53:31 Logfile: Mbam_log_1.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.10.28.01 Rootkit Database: v2014.09.18.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: KI Scan Type: Threat Scan Result: Completed Objects Scanned: 359018 Time Elapsed: 5 min, 21 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 1 PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Client.exe, 1936, , [52bf9b7fff7d42f4a942b8e0f80c8779] Modules: 0 (No malicious items detected) Registry Keys: 58 PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611171196}, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110611171196}, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644174496}, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655175596}, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666176696}, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550655175596}, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660666176696}, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440644174496}, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\CLASSES\f3b99230f329013156aa33422def983b0061796.BHO.1, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110611171196}, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110611171196}, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\CLASSES\f3b99230f329013156aa33422def983b0061796.BHO, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\f3b99230f329013156aa33422def983b0061796.BHO, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\f3b99230f329013156aa33422def983b0061796.BHO.1, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220622172296}, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\CLASSES\f3b99230f329013156aa33422def983b0061796.Sandbox.1, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\CLASSES\f3b99230f329013156aa33422def983b0061796.Sandbox, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\f3b99230f329013156aa33422def983b0061796.Sandbox, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\f3b99230f329013156aa33422def983b0061796.Sandbox.1, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220622172296}, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110611171196}\INPROCSERVER32, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SearchExtensions.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RocketTab, , [52bf9b7fff7d42f4a942b8e0f80c8779], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\26549, , [b75ade3c5824d660e668aca3f310ed13], PUP.Optional.RocketTab.A, HKLM\SOFTWARE\WOW6432NODE\RocketTab, , [f41d87938eee03333f339c8dd0335aa6], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\WOW6432NODE\SmartSaver+ 15, , [b35e21f913697fb71a94a1b4808316ea], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\WOW6432NODE\SmartSaver+ 15-nv, , [28e903173b41d95db2fcc491ea19a15f], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, , [838e1604a9d3f5413f098fa50ff4dc24], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\26549, , [63aea8725923191d8ac487c87d8637c9], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, , [ac65c456ef8d38fe399a692bd3314fb1], PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, , [ac65bc5e0e6ed16506ceb6deda2aeb15], PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, , [e32e3bdf8af2ba7c2044c274a063a55b], PUP.Optional.SmartSaver.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\SmartSaver+ 15, , [a26f1505aad2b77f575468ed8f749070], PUP.Optional.RocketTab.A, HKU\S-1-5-21-4212900307-3805612920-3004824622-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\RocketTabInstalled, , [8e83f327374588ae8ce7be6bcd36817f], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4212900307-3805612920-3004824622-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [61b0809ab7c5ce6899714f375ca8837d], PUP.Optional.SmartSaver.A, HKU\S-1-5-21-4212900307-3805612920-3004824622-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\SmartSaver+ 15, , [c54c94860676b2844a61ff56aa59ba46], PUP.Optional.InstallCore.A, HKU\S-1-5-21-4212900307-3805612920-3004824622-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [878a3ae0daa21a1cabdefd5ee2212bd5], PUP.Optional.InstallCore.A, HKU\S-1-5-21-4212900307-3805612920-3004824622-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [cf420713df9d2412c10eb0c17292d030], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4212900307-3805612920-3004824622-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\26549, , [9b76cf4bcfad072f2ddb9f8948bba858], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4212900307-3805612920-3004824622-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\smart-saverplus, , [977a3ae099e3979f996bdf4fde25af51], PUP.Optional.RocketTab.A, HKU\S-1-5-21-4212900307-3805612920-3004824622-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCH EXTENSIONS, , [d63b1bffc2ba3ff7c5292b6d3dc7857b], PUP.Optional.SystemSpeedup, HKU\S-1-5-21-4212900307-3805612920-3004824622-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, , [3bd6e832e79570c6f271bf77956e2dd3], PUP.Optional.SmartSaver.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SmartSaver+ 15, , [3dd458c23a4279bd2cf194640af88d73], PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdate, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdatem, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.OneClickCtrl.10, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.Update3WebControl.4, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, , [e52c38e25824270fda573bd3986b53ad], Registry Values: 3 PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, , [838e1604a9d3f5413f098fa50ff4dc24] PUP.Optional.InstallCore.A, HKU\S-1-5-21-4212900307-3805612920-3004824622-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0X2O1C0R2R1R, , [cf420713df9d2412c10eb0c17292d030] PUP.Optional.RocketTab.A, HKU\S-1-5-21-4212900307-3805612920-3004824622-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCH EXTENSIONS|RocketTab, 1, , [d63b1bffc2ba3ff7c5292b6d3dc7857b] Registry Data: 0 (No malicious items detected) Folders: 23 PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions, , [52bf9b7fff7d42f4a942b8e0f80c8779], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources, , [52bf9b7fff7d42f4a942b8e0f80c8779], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15, , [3dd458c23a4279bd2cf194640af88d73], PUP.Optional.SystemSpeedup, C:\Users\KI\AppData\Roaming\systweak\ssd, , [967b32e8681477bf29d74ebf13f0b24e], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Download, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Install, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\Offline\{83A45E96-CD53-4930-9F9D-C4814B3173A9}, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\api, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\defaults, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\defaults\preferences, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\userCode, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\locale, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\locale\en-US, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\skin, , [da3716042a524aece817fe17b25122de], Files: 187 PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\SmartSaver+ 15-bho64.dll, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\SmartSaver+ 15-bho.dll, , [1cf56dada6d6df5755c6413154ad23dd], PUP.Optional.SmartSaver.A, C:\Users\KI\AppData\Roaming\CRAZB.exe, , [34dd3cdeacd0db5be73409696f92956b], PUP.Optional.SmartSaver.A, C:\Users\KI\AppData\Roaming\QVEOKK.exe, , [7f9278a29ce0bf77bc5f4230a85946ba], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-11.exe, , [bf521cfe611b21150e0d066c5ba6936d], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-2.exe, , [8d8448d20c70171fd2490f63ce33e917], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-3.exe, , [d33eea30b2ca51e58b904d2522df14ec], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-4.exe, , [39d82dedcfadb2841902561c40c1c040], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-5.exe, , [69a8aa70c5b7c47265b67cf6f50cbb45], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-6.exe, , [70a15dbdc3b971c5ae6d90e2c0417090], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-64.exe, , [7899b664314be1554ccfdc966f927d83], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-7.exe, , [16fb56c4512ba98df625e68c58a99a66], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\SmartSaver+ 15-bg.exe, , [5cb5bd5da1db999d37e483efe0215da3], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\SmartSaver+ 15-codedownloader.exe, , [fe1322f85f1d49ed29f21062df2257a9], PUP.Optional.CrossRider.A, C:\Program Files (x86)\SmartSaver+ 15\utils.exe, , [35dc04168cf0e3533424d76c7a8655ab], PUP.Optional.RocketTab.A, C:\Windows\System32\Tasks\RocketTab, , [7e9393876e0e39fd84f10e1bee15629e], PUP.Optional.RocketTab.A, C:\Windows\System32\Tasks\RocketTab Update Task, , [e72a7f9b65179f97225305243cc7916f], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-1, , [4ac760ba3d3fb77f212235ffe71c39c7], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-11, , [2de4a67493e96ec8df64a88c41c2f907], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-2, , [4fc23cdefc802016a0a36ec6739023dd], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-3, , [de33ae6c74080531e261e45054afdb25], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-4, , [0e03eb2f0c702610261d0b2948bb817f], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-5, , [030e908a69135cda85be2d0791728d73], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-5_user, , [b25f2eec7606d2646cd79b9917ec9868], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-6, , [d140ef2b7b0180b63d0693a18083867a], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-7, , [8c85ec2ed6a60a2c5fe472c21ae9bb45], PUP.Optional.CrossRider.T, C:\Windows\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-1.job, , [48c98d8d790366d08edba5edfc08b54b], PUP.Optional.CrossRider.T, C:\Windows\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-11.job, , [040db367522a40f66affaee48c78ee12], PUP.Optional.CrossRider.T, C:\Windows\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-2.job, , [de33f921bbc157df4f1a02907490ea16], PUP.Optional.CrossRider.T, C:\Windows\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-3.job, , [2ee33bdfaad2fe381d4c6b278a7aff01], PUP.Optional.CrossRider.T, C:\Windows\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-4.job, , [f918958594e879bda4c5286ade26fc04], PUP.Optional.CrossRider.T, C:\Windows\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-5.job, , [a46d51c94d2fc76f0762b4de22e23dc3], PUP.Optional.CrossRider.T, C:\Windows\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-5_user.job, , [56bbeb2fd3a9a39390d9c5cd897be41c], PUP.Optional.CrossRider.T, C:\Windows\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-6.job, , [8f8273a7a1db33033336a4eeff05f10f], PUP.Optional.CrossRider.T, C:\Windows\Tasks\54aadc8a-a5a9-4e36-bc10-270a39f9ee56-7.job, , [70a1e139bfbd84b24d1cf0a26c98b050], PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, , [c64b4bcf4a32280ef986eea417ed28d8], PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, , [5fb263b77a0290a66f110d856d9721df], PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, , [27ea21f93a426acc9fe2a3efcc3835cb], PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, , [ef220c0e8fed4beb364ce2b029dbf50b], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\TrustedRoot.cer, , [52bf9b7fff7d42f4a942b8e0f80c8779], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\certmanager.exe, , [52bf9b7fff7d42f4a942b8e0f80c8779], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Client.exe, , [52bf9b7fff7d42f4a942b8e0f80c8779], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\config.dat, , [52bf9b7fff7d42f4a942b8e0f80c8779], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\makecert.exe, , [52bf9b7fff7d42f4a942b8e0f80c8779], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\uninstall.exe, , [52bf9b7fff7d42f4a942b8e0f80c8779], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources\certutil.exe, , [52bf9b7fff7d42f4a942b8e0f80c8779], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources\libnspr4.dll, , [52bf9b7fff7d42f4a942b8e0f80c8779], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources\libplc4.dll, , [52bf9b7fff7d42f4a942b8e0f80c8779], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources\libplds4.dll, , [52bf9b7fff7d42f4a942b8e0f80c8779], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources\nss3.dll, , [52bf9b7fff7d42f4a942b8e0f80c8779], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources\smime3.dll, , [52bf9b7fff7d42f4a942b8e0f80c8779], PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources\softokn3.dll, , [52bf9b7fff7d42f4a942b8e0f80c8779], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\54aadc8a-a5a9-4e36-bc10-270a39f9ee56.xpi, , [3dd458c23a4279bd2cf194640af88d73], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\1293297481.mxaddon, , [3dd458c23a4279bd2cf194640af88d73], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\25845abf-38fd-4069-af4f-d923e6e07cb0.crx, , [3dd458c23a4279bd2cf194640af88d73], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\25845abf-38fd-4069-af4f-d923e6e07cb0.dll, , [3dd458c23a4279bd2cf194640af88d73], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\54aadc8a-a5a9-4e36-bc10-270a39f9ee56.crx, , [3dd458c23a4279bd2cf194640af88d73], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\5ec23f86-1a1e-4962-814a-90397419f279.dll, , [3dd458c23a4279bd2cf194640af88d73], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\ac592ad1-7f3e-4abc-ad1a-747b2ff3a61a.crx, , [3dd458c23a4279bd2cf194640af88d73], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\background.html, , [3dd458c23a4279bd2cf194640af88d73], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\bgNova.html, , [3dd458c23a4279bd2cf194640af88d73], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\SmartSaver+ 15.ico, , [3dd458c23a4279bd2cf194640af88d73], PUP.Optional.SmartSaver.A, C:\Program Files (x86)\SmartSaver+ 15\Uninstall.exe, , [3dd458c23a4279bd2cf194640af88d73], PUP.Optional.SystemSpeedup, C:\Users\KI\AppData\Roaming\systweak\ssd\SSDPTstub.exe, , [967b32e8681477bf29d74ebf13f0b24e], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.GlobalUpdate.T, C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll, , [e52c38e25824270fda573bd3986b53ad], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome.manifest, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\install.rdf, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\3c2f1c8965b52c1b2c98bc41a6411357.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\481dceca7b343f16883761a5b67e371d.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\540b7d586b01860ad111ef1186dae6ab.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\568c275ca4169ce992b9ab2ee7287106.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\919149ccdbb1d92538f151871f3c7779.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\ad30018e29074185139f16b7c48b148a.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\background.html, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\browser.xul, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\dialog.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\ffCoreFilesIndex.txt, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\options.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\options.xul, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\search_dialog.xul, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\api\001e1c75e12e5eeaa46b21d97604b8c5.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\api\05947b65f0cb45b7ff543eee25c738c2.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\api\1116faf3fbf2f66a6594aa0f08db1134.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\api\1cc16269c091d2b003f2f4649d78afdc.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\api\3fe18ff7d4759be3988938d25b3caaab.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\api\585703920f202961786eef2be4e892f1.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\api\7091fc1d47a8419a2d6c12903761e317.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\api\7393e6fdad0422d644468307140fb5c8.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\api\743aaf80fcd74638f6166f2003612b8d.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\api\758356b9776b6fb2b3b2b3fbe5425034.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\api\a0f279b4cad3e959688f2bbfdaea3d81.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\api\b045f1d347ac547499cc0b2a690e593e.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\api\b3b484047e626c2d52552a00e16e3a17.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\api\cae259b3c1e3c9d83c9a7ccd1bff452c.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\api\db944e2c02a01526b55d1ba840fb1b6e.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\api\f50c3cd465d9d32150883de1d130e6f6.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\03bbdaeb4a56b74a2b0ea24dd6015a07.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\048eb60965c3d1d25241edf82bb32e63.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\0884198296488d903d54b8ff196b2555.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\0c889a32c1bd2242e4167f1443661f17.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\0e66eb512346bd79c29cac4ada04e1c7.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\40b072da157019db999bf3e71be1e37b.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\41470a24b7583239c4e119296964ba51.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\4793b307df9265730d4f14cfe0c876aa.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\531a25cc13b5913d8bffd69df2c69e2d.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\5f240e06af56e5af2635cca51ba85360.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\6b614d14fd53a099f7cdcd1f94920d23.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\79693fdaf0c0d763f29c7934ff1f467b.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\a7967b83bd09ba8a07f96d3d1a018940.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\b8884614045917106503376b313c6201.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\c05f713a410bc98636d1d697b8f7c942.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\d23f20ac77d902180efae2f2ec1a1737.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\ee3570047902c71b9d5a2861287cde73.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\ee6018102f78135fcda74c16b1bc81f6.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\f49f2acf0d3abb21e9ed20cc9cb177f3.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\febc9880cccc1383ddc7a0e7cf04402e.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\chrome\content\core\installer.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\defaults\preferences\prefs.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\manifest.xml, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins.json, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\102.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\103.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\104.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\123.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\13.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\14.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\16.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\17.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\180.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\184.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\192.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\193.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\195.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\220.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\221.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\223.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\226.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\230.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\242.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\246.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\260.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\262.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\263.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\266.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\268.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\273.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\275.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\281.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\289.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\300.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\309.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\4.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\47.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\64.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\7.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\78.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\9.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\91.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\plugins\93.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\userCode\background.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\extensionData\userCode\extension.js, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\locale\en-US\translations.dtd, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\skin\button1.png, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\skin\button2.png, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\skin\button3.png, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\skin\button4.png, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\skin\button5.png, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\skin\crossrider_statusbar.png, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\skin\icon128.png, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\skin\icon16.png, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\skin\icon24.png, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\skin\icon48.png, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\skin\panelarrow-up.png, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\skin\popup.html, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\skin\skin.css, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com\skin\update.css, , [da3716042a524aece817fe17b25122de], PUP.Optional.CrossRider.A, C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "14950a76f24ce698129772050338eaaa");), ,[2de450ca512b72c453ea5411679ead53] Physical Sectors: 0 (No malicious items detected) (end) |
|
28.10.2014, 11:09
| #4 |
| | Windows 7 64bit: SmartSaver 15 eingefangen. Logs bereits erstellt. Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014 01
Ran by KI at 2014-10-28 10:07:52
Running from E:\Arbeitsprogramme\Downloads\Remover Tools\Farbar
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton 360 Online (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 Online (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Online (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Lens Profile Downloader (HKLM-x32\...\AdobeLensProfileDownloader) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.3.2.15221 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
Brother MFL-Pro Suite MFC-7225N (HKLM-x32\...\{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
devolo Cockpit (HKLM-x32\...\dlancockpit) (Version: 4.2.1.0 - devolo AG)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free YouTube Download version 3.2.17.1125 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.17.1125 - DVDVideoSoft Ltd.)
FreeFileSync 6.6 (HKLM-x32\...\FreeFileSync) (Version: 6.6 - Zenju)
Freemake Video Converter Version 4.1.2 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.2 - Ellora Assets Corporation)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GML Matting 0.3 (HKLM-x32\...\GML Matting_is1) (Version: 0.3 - GML Computer Vision Group)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar North)
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version: - Rockstar North / Toronto)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.13.0.003 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.24.5 - HTC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.52.1176 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java Auto Updater (x32 Version: 2.1.71.14 - Oracle, Inc.) Hidden
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mediencenter 3.9.1055.64 (HKCU\...\Mediencenter) (Version: 3.9.1055.64 - Deutsche Telekom AG)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{F7930EE9-0929-439D-A57B-D40C2C69C890}) (Version: 6.3.9723.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 33.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 de)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSI Live Update (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.0.006 - MSI)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7069 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.)
Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.6 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.1.0 - Samsung Electronics)
Secure Eraser (HKLM-x32\...\Secure Eraser_is1) (Version: 4.2.0.1 - ASCOMP Software GmbH)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
SketchUp 2014 (HKLM-x32\...\{9E620BD5-AEEC-492D-9065-D71FCD4C52F1}) (Version: 14.1.1282 - Trimble Navigation Limited)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.31 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
VideoGenie (HKLM-x32\...\{FC54FD8D-789C-406D-BB88-F7C4421B7E83}_is1) (Version: 1.0.0.12 - MSI)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
virtualPhotographer 1.5.6 (HKLM-x32\...\virtualPhotographer_is1) (Version: - optikVerve Labs)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
x64 Components v4.6.9 (HKLM\...\Advanced x64Components_is1) (Version: 4.6.9 - Shark007)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4212900307-3805612920-3004824622-1000_Classes\CLSID\{268502F4-815D-4358-A8D6-B783FDB58EF0}\InprocServer32 -> C:\Users\KI\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.ContextMenuHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-4212900307-3805612920-3004824622-1000_Classes\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}\InprocServer32 -> C:\Users\KI\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-4212900307-3805612920-3004824622-1000_Classes\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}\InprocServer32 -> C:\Users\KI\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-4212900307-3805612920-3004824622-1000_Classes\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}\InprocServer32 -> C:\Users\KI\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {107B6BA2-B5EE-4C38-BED0-6318EDC0DDD5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: {16683886-7715-4740-A1D6-557EABF916A9} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {26856FD9-CA64-456E-98D9-6B7E9A598AD6} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {55DA122D-B5DD-44CD-BF79-F53F82AD0EEF} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {6F2A7823-6A56-4985-AC6F-691AB64C40C2} - System32\Tasks\CRAZB => C:\Users\KI\AppData\Roaming\CRAZB.exe <==== ATTENTION
Task: {74475117-015D-4156-BFF5-0C6C2ACEEF8F} - \RocketTab No Task File <==== ATTENTION
Task: {AFD136DB-A9DA-4E5F-AF4A-000C5DC3E4E6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)
Task: {C2797D0C-BCA0-48DA-B398-7B19B5253A00} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-11] (Adobe Systems Incorporated)
Task: {CFB23E1E-96BB-4973-9F65-36AB7E2770B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-04] (Google Inc.)
Task: {D39B856F-1667-4113-AD18-7E02F2C00DF3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-04] (Google Inc.)
Task: {E09BB99D-378C-467D-970A-364B1587D1EB} - System32\Tasks\QVEOKK => C:\Users\KI\AppData\Roaming\QVEOKK.exe <==== ATTENTION
Task: {E4803C04-B78B-414B-801F-7E4B5DA1D233} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: {E639A937-EB09-41BA-9C09-F215337F9E63} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {E9157649-F629-4E3E-8A2C-6D1797FC9E46} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CRAZB.job => C:\Users\KI\AppData\Roaming\CRAZB.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\QVEOKK.job => C:\Users\KI\AppData\Roaming\QVEOKK.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2013-12-04 19:41 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-14 20:21 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-07-26 20:54 - 2014-09-17 12:28 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2013-12-23 12:28 - 2005-04-22 13:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2014-08-06 13:42 - 2014-08-06 13:42 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2014-08-06 13:40 - 2014-08-06 13:40 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-08-06 13:41 - 2014-08-06 13:41 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-08-06 13:41 - 2014-08-06 13:41 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-08-06 13:41 - 2014-08-06 13:41 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-08-06 13:42 - 2014-08-06 13:42 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-08-06 13:44 - 2014-08-06 13:44 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-08-06 13:46 - 2014-08-06 13:46 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2013-12-23 12:28 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 01135616 _____ () E:\Samsung\AllShare\AllShareDMS\AllShareDMSWrap.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00656896 _____ () E:\Samsung\AllShare\AllShareDMS\ContentDirectoryPresenter.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00105472 _____ () E:\Samsung\AllShare\AllShareDMS\DCMCDP.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00098816 _____ () E:\Samsung\AllShare\AllShareDMS\FolderCDP.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00077312 _____ () E:\Samsung\AllShare\AllShareDMS\MetadataFramework.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00520234 _____ () E:\Samsung\AllShare\AllShareDMS\sqlite3.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00450560 _____ () E:\Samsung\AllShare\AllShareDMS\MoodExtractor.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 05717504 _____ () E:\Samsung\AllShare\AllShareDMS\DCMImgExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00029184 _____ () E:\Samsung\AllShare\AllShareDMS\AutoChaptering.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00147456 _____ () E:\Samsung\AllShare\AllShareDMS\libexpat.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00012288 _____ () E:\Samsung\AllShare\AllShareDMS\VideoThumb.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 04671488 _____ () E:\Samsung\AllShare\AllShareDMS\avcodec-52.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00070656 _____ () E:\Samsung\AllShare\AllShareDMS\avutil-50.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00686080 _____ () E:\Samsung\AllShare\AllShareDMS\avformat-52.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00152064 _____ () E:\Samsung\AllShare\AllShareDMS\swscale-0.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00027648 _____ () E:\Samsung\AllShare\AllShareDMS\AudioExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00063488 _____ () E:\Samsung\AllShare\AllShareDMS\ID3Driver.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00366592 _____ () E:\Samsung\AllShare\AllShareDMS\tag.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00289792 _____ () E:\Samsung\AllShare\AllShareDMS\libThumbnail.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00023040 _____ () E:\Samsung\AllShare\AllShareDMS\RichInfoDriver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00017920 _____ () E:\Samsung\AllShare\AllShareDMS\VideoExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00017920 _____ () E:\Samsung\AllShare\AllShareDMS\ThumbnailMaker.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00133120 _____ () E:\Samsung\AllShare\AllShareDMS\VideoMetadataDriver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00290304 _____ () E:\Samsung\AllShare\AllShareDMS\libKeyFrame.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00024064 _____ () E:\Samsung\AllShare\AllShareDMS\SECMetaDriver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00012288 _____ () E:\Samsung\AllShare\AllShareDMS\ImageExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00024064 _____ () E:\Samsung\AllShare\AllShareDMS\photoDriver.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00399826 _____ () E:\Samsung\AllShare\AllShareDMS\libexif-12.dll.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00013824 _____ () E:\Samsung\AllShare\AllShareDMS\TextExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00031232 _____ () E:\Samsung\AllShare\AllShareDMS\Autobackup.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00054784 _____ () E:\Samsung\AllShare\AllShareDMS\RosettaAllShare.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00044032 _____ () E:\Samsung\AllShare\AllShareDMS\us.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^KI^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mediencenter.lnk => C:\Windows\pss\Mediencenter.lnk.Startup
MSCONFIG\startupfolder: C:^Users^KI^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Magician.lnk => C:\Windows\pss\Samsung Magician.lnk.Startup
MSCONFIG\startupreg: AllShareAgent => E:\Samsung\AllShare\AllShareAgent.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DNS7reminder => "E:\Neuer Ordner\Diktat\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
MSCONFIG\startupreg: Live Update => E:\Arbeitsprogramme\Live Update\StartLiveUpdate.exe /REMINDER
MSCONFIG\startupreg: Live Update 5 => E:\Arbeitsprogramme\Live Update 5\BootStartLiveupdate.exe /reminder
MSCONFIG\startupreg: PMBVolumeWatcher => E:\Arbeitsprogramme\Sony A58\PMBVolumeWatcher.exe
MSCONFIG\startupreg: QuickTime Task => "E:\Arbeitsprogramme\QT\QTTask.exe" -atboottime
========================= Accounts: ==========================
Administrator (S-1-5-21-4212900307-3805612920-3004824622-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-4212900307-3805612920-3004824622-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4212900307-3805612920-3004824622-1002 - Limited - Enabled)
KI (S-1-5-21-4212900307-3805612920-3004824622-1000 - Administrator - Enabled) => C:\Users\KI
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/27/2014 09:04:32 AM) (Source: MsiInstaller) (EventID: 11309) (User: KI-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.
Error: (10/27/2014 09:04:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.0.0.5397, Zeitstempel: 0x543924b1
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.0.0.5397, Zeitstempel: 0x5438ffbb
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1020
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (10/17/2014 10:31:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ActivationUI.exe, Version: 4.6.4.0, Zeitstempel: 0x52ec158c
Name des fehlerhaften Moduls: ActivationUI.exe, Version: 4.6.4.0, Zeitstempel: 0x52ec158c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000a8cb6
ID des fehlerhaften Prozesses: 0xd14
Startzeit der fehlerhaften Anwendung: 0xActivationUI.exe0
Pfad der fehlerhaften Anwendung: ActivationUI.exe1
Pfad des fehlerhaften Moduls: ActivationUI.exe2
Berichtskennung: ActivationUI.exe3
Error: (10/06/2014 02:31:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 32.0.3.5379, Zeitstempel: 0x54224e6b
Name des fehlerhaften Moduls: mozalloc.dll, Version: 32.0.3.5379, Zeitstempel: 0x54221b67
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x11a4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (09/19/2014 01:34:15 PM) (Source: MsiInstaller) (EventID: 1023) (User: KI-PC)
Description: Produkt: Adobe Reader XI (11.0.08) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011009}" konnte nicht installiert werden. Fehlercode 1625. Weitere Informationen sind in der Protokolldatei C:\Users\KI\AppData\Local\Temp\MSI13310.LOG enthalten.
Error: (09/18/2014 10:15:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ActivationUI.exe, Version: 4.6.4.0, Zeitstempel: 0x52ec158c
Name des fehlerhaften Moduls: ActivationUI.exe, Version: 4.6.4.0, Zeitstempel: 0x52ec158c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000a8cb6
ID des fehlerhaften Prozesses: 0x1308
Startzeit der fehlerhaften Anwendung: 0xActivationUI.exe0
Pfad der fehlerhaften Anwendung: ActivationUI.exe1
Pfad des fehlerhaften Moduls: ActivationUI.exe2
Berichtskennung: ActivationUI.exe3
Error: (09/17/2014 03:07:33 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108
Error: (09/11/2014 01:41:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: bf4.exe, Version: 1.3.2.3825, Zeitstempel: 0x53a4d82a
Name des fehlerhaften Moduls: bf4.exe, Version: 1.3.2.3825, Zeitstempel: 0x53a4d82a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000001465b74
ID des fehlerhaften Prozesses: 0x137c
Startzeit der fehlerhaften Anwendung: 0xbf4.exe0
Pfad der fehlerhaften Anwendung: bf4.exe1
Pfad des fehlerhaften Moduls: bf4.exe2
Berichtskennung: bf4.exe3
Error: (09/05/2014 10:51:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: lightroom.exe, Version: 5.6.0.10, Zeitstempel: 0x53ce7bf8
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000c4102
ID des fehlerhaften Prozesses: 0x348
Startzeit der fehlerhaften Anwendung: 0xlightroom.exe0
Pfad der fehlerhaften Anwendung: lightroom.exe1
Pfad des fehlerhaften Moduls: lightroom.exe2
Berichtskennung: lightroom.exe3
Error: (09/05/2014 10:49:40 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (10/28/2014 09:41:57 AM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.
Error: (10/28/2014 09:41:57 AM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.
Error: (10/28/2014 09:40:46 AM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.
Error: (10/28/2014 09:40:46 AM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.
Error: (10/28/2014 09:39:21 AM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.
Error: (10/17/2014 07:53:23 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error: (10/17/2014 07:53:23 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error: (10/15/2014 10:32:56 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 12291) (User: NT-AUTORITÄT)
Description: Das SAM-Modul konnte den TCP/IP- bzw. SPX/IPX-Listening-Thread nicht starten.
Error: (10/14/2014 04:53:39 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error: (10/06/2014 02:31:44 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Microsoft Office Sessions:
=========================
Error: (10/27/2014 09:04:32 AM) (Source: MsiInstaller) (EventID: 11309) (User: KI-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (10/27/2014 09:04:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.0.0.5397543924b1mozalloc.dll33.0.0.53975438ffbb8000000300001425102001cff1bc61f647d7C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlld15e7a5b-5daf-11e4-a772-6c626d41abc3
Error: (10/17/2014 10:31:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ActivationUI.exe4.6.4.052ec158cActivationUI.exe4.6.4.052ec158cc0000005000a8cb6d1401cfe9ed163bc416C:\PROGRA~2\ORIGIN~1\BATTLE~1\Core\ActivationUI.exeC:\PROGRA~2\ORIGIN~1\BATTLE~1\Core\ActivationUI.exe54f76197-55e0-11e4-bd30-6c626d41abc3
Error: (10/06/2014 02:31:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.3.537954224e6bmozalloc.dll32.0.3.537954221b67800000030000141b11a401cfe14ce799fbbdC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll18295d20-4d5d-11e4-988f-6c626d41abc3
Error: (09/19/2014 01:34:15 PM) (Source: MsiInstaller) (EventID: 1023) (User: KI-PC)
Description: Adobe Reader XI (11.0.08) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011009}1625C:\Users\KI\AppData\Local\Temp\MSI13310.LOG(NULL)(NULL)
Error: (09/18/2014 10:15:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ActivationUI.exe4.6.4.052ec158cActivationUI.exe4.6.4.052ec158cc0000005000a8cb6130801cfd321102f6175C:\PROGRA~2\ORIGIN~1\BATTLE~1\Core\ActivationUI.exeC:\PROGRA~2\ORIGIN~1\BATTLE~1\Core\ActivationUI.exe4eb8caaa-3f14-11e4-83ce-6c626d41abc3
Error: (09/17/2014 03:07:33 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108
Error: (09/11/2014 01:41:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: bf4.exe1.3.2.382553a4d82abf4.exe1.3.2.382553a4d82ac00000050000000001465b74137c01cfcdad56e20a85E:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exeE:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exefb4403ff-39b0-11e4-8d64-6c626d41abc3
Error: (09/05/2014 10:51:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: lightroom.exe5.6.0.1053ce7bf8ntdll.dll6.1.7601.18247521eaf24c000037400000000000c410234801cfc95392e70f1dC:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exeC:\Windows\SYSTEM32\ntdll.dlld6198b60-3546-11e4-857d-6c626d41abc3
Error: (09/05/2014 10:49:40 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz
Percentage of memory in use: 27%
Total physical RAM: 8163.19 MB
Available physical RAM: 5897.64 MB
Total Pagefile: 8261.37 MB
Available Pagefile: 6037.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:390.26 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Volume) (Fixed) (Total:465.76 GB) (Free:278.43 GB) NTFS
Drive f: () (Fixed) (Total:55.8 GB) (Free:54.97 GB) NTFS
Drive i: (My Passport) (Fixed) (Total:931.48 GB) (Free:231.85 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 90B894D9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: 5391DA19)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 3651B604)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=42)
========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00023F15)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01 Ran by KI (administrator) on KI-PC on 28-10-2014 10:07:30 Running from E:\Arbeitsprogramme\Downloads\Remover Tools\Farbar Loaded Profile: KI (Available profiles: KI & Administrator) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Micro-Star International) E:\Arbeitsprogramme\Live Update\MSI_LiveUpdate_Service.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () C:\Windows\System32\PnkBstrA.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Elaborate Bytes AG) E:\Arbeitsprogramme\VirtualCloneDrive\VCDDaemon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe (Samsung Electronics Co., Ltd.) E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506136 2013-12-06] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [VirtualCloneDrive] => E:\Arbeitsprogramme\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKU\S-1-5-21-4212900307-3805612920-3004824622-1000\...\MountPoints2: J - J:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-4212900307-3805612920-3004824622-1000\...\MountPoints2: {7560e93b-2b62-11e4-aacf-6c626d41abc3} - I:\DPFMate.exe HKU\S-1-5-21-4212900307-3805612920-3004824622-1000\...\MountPoints2: {bbd4c9ab-6dba-11e3-a6f9-6c626d41abc3} - H:\start.exe HKU\S-1-5-21-4212900307-3805612920-3004824622-1000\...\MountPoints2: {ce815852-5818-11e4-aba3-6c626d41abc3} - J:\HTC_Sync_Manager_PC.exe HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-12-04] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [01Mediencenter_InSync] -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\KI\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG) ShellIconOverlayIdentifiers: [02Mediencenter_ToSync] -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\KI\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG) ShellIconOverlayIdentifiers: [03Mediencenter_Failed] -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\KI\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG) ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:49201;https=127.0.0.1:49201 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x74F7A64E24F1CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default FF Homepage: www.google.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.1 -> E:\Arbeitsprogramme\VCL\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: WOT - C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-04-15] FF Extension: NoScript - C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-09] FF Extension: BetterPrivacy - C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-01-11] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn [2014-10-28] FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake Converter\Freemake Video Converter\BrowserPlugin\Firefox FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake Converter\Freemake Video Converter\BrowserPlugin\Firefox [2014-01-01] FF Extension: No Name - C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\extensions\tylerkeith11@aol.com [Not Found] FF Extension: No Name - fmconverter@gmail.com [Not Found] FF Extension: No Name - tylerkeith11@aol.com [Not Found] FF Extension: No Name - {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} [Not Found] Chrome: ======= CHR DefaultSuggestURL: Default -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff CHR Profile: C:\Users\KI\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\KI\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-16] CHR Extension: (Regentropfen(Non-Aero)) - C:\Users\KI\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpagcfbbmlebfnkeogkigellbgmfkjfg [2014-09-29] CHR Extension: (Norton Identity Safe) - C:\Users\KI\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-15] CHR Extension: (Freemake Video Converter) - C:\Users\KI\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2014-01-02] CHR Extension: (Norton Security Toolbar) - C:\Users\KI\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-06-24] CHR Extension: (Norton Safe) - C:\Users\KI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2014-09-20] CHR Extension: (Google Wallet) - C:\Users\KI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-05] CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-06] CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake Converter\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-01-01] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-06] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-02-24] (BitRaider, LLC) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation) R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3611128 2014-02-11] (devolo AG) R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 MSI_LiveUpdate_Service; E:\Arbeitsprogramme\Live Update\MSI_LiveUpdate_Service.exe [84432 2014-07-01] (Micro-Star International) R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-09-17] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-09-16] () R2 SamsungAllShareV2.0; E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [25504 2012-03-02] (Samsung Electronics Co., Ltd.) S3 SimpleSlideShowServer; E:\Samsung\AllShare\AllShareSlideShowService.exe [27584 2012-03-02] (Samsung Electronics Co., Ltd.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\BASHDefs\20141024.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-11] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-11] (Symantec Corporation) S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated) R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\IPSDefs\20141027.001\IDSvia64.sys [633560 2014-08-28] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-28] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20141027.017\ENG64.SYS [129752 2014-10-09] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20141027.017\EX64.SYS [2137304 2014-10-09] (Symantec Corporation) R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2014-02-11] (CACE Technologies) S3 NTIOLib_1_0_4; E:\Arbeitsprogramme\Live Update\NTIOLib_X64.sys [14136 2010-10-22] (MSI) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-04] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-28 09:50 - 2014-10-28 10:03 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-28 09:50 - 2014-10-28 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-10-28 09:50 - 2014-10-28 09:50 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-28 09:50 - 2014-10-28 09:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-10-28 09:50 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-28 09:50 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-28 09:50 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-28 09:16 - 2014-10-28 10:07 - 00000000 ____D () C:\FRST 2014-10-28 09:09 - 2014-10-28 09:09 - 00000000 _____ () C:\Users\KI\defogger_reenable 2014-10-27 09:04 - 2014-10-28 10:03 - 00001326 _____ () C:\Windows\Tasks\QVEOKK.job 2014-10-27 09:04 - 2014-10-28 10:03 - 00001324 _____ () C:\Windows\Tasks\CRAZB.job 2014-10-27 09:04 - 2014-10-28 10:00 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2014-10-27 09:04 - 2014-10-27 09:04 - 00004340 _____ () C:\Windows\System32\Tasks\QVEOKK 2014-10-27 09:04 - 2014-10-27 09:04 - 00004338 _____ () C:\Windows\System32\Tasks\CRAZB 2014-10-27 09:04 - 2014-10-27 09:04 - 00000000 ____D () C:\Users\KI\AppData\Roaming\Shark007 2014-10-27 09:04 - 2014-10-27 09:04 - 00000000 ____D () C:\Users\KI\AppData\Local\globalUpdate 2014-10-27 09:04 - 2014-10-27 09:04 - 00000000 ____D () C:\ProgramData\Shark007 2014-10-27 09:04 - 2014-10-27 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark007 Codecs 2014-10-27 09:04 - 2014-10-27 09:04 - 00000000 ____D () C:\Program Files\Shark007 2014-10-27 09:04 - 2014-06-05 11:00 - 02050560 _____ (xy-VSFilter Team) C:\Windows\system32\VSFilter.dll 2014-10-27 09:04 - 2013-04-05 21:27 - 02231296 _____ () C:\Windows\system32\ac3filter.acm.new 2014-10-27 09:04 - 2013-04-05 21:27 - 02231296 _____ () C:\Windows\system32\ac3filter.acm 2014-10-27 09:04 - 2013-03-17 10:22 - 03554304 _____ (x264vfw project) C:\Windows\system32\x264vfw.dll 2014-10-27 09:04 - 2012-07-21 12:55 - 00180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm 2014-10-27 09:04 - 2012-07-21 12:54 - 00361472 _____ (fccHandler) C:\Windows\system32\aacacm.acm 2014-10-27 09:04 - 2012-07-17 15:21 - 00206336 _____ () C:\Windows\system32\unrar64.dll 2014-10-27 09:04 - 2011-12-07 20:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll 2014-10-27 09:04 - 2009-08-11 18:22 - 00580096 _____ () C:\Windows\system32\ac3filter.acm.old 2014-10-27 09:04 - 2009-01-22 22:51 - 00124909 _____ (Open Source Software community project) C:\Windows\system32\pthreadGC2.dll 2014-10-27 09:04 - 2007-02-05 17:05 - 00000038 _____ () C:\Windows\AviSplitter.INI 2014-10-27 08:27 - 2014-10-27 08:38 - 00000000 ____D () C:\Users\KI\AppData\Roaming\HTC 2014-10-27 08:26 - 2014-10-28 10:03 - 00000000 ____D () C:\Users\KI\AppData\Local\HTC MediaHub 2014-10-27 08:26 - 2014-10-27 08:27 - 00000000 ____D () C:\Users\KI\Divers\Documents\HTC 2014-10-27 08:26 - 2014-10-27 08:26 - 00002031 _____ () C:\Users\Public\Desktop\HTC Sync Manager.lnk 2014-10-27 08:26 - 2014-10-27 08:26 - 00000000 ____D () C:\Users\KI\AppData\Local\Apple Computer 2014-10-27 08:26 - 2014-10-27 08:26 - 00000000 ____D () C:\Users\KI\.android 2014-10-27 08:25 - 2014-10-27 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC 2014-10-27 08:25 - 2014-10-27 08:25 - 00000000 ____D () C:\Program Files (x86)\Spirent Communications 2014-10-27 08:23 - 2014-10-27 08:26 - 00000000 ____D () C:\Program Files (x86)\HTC 2014-10-27 08:23 - 2014-10-27 08:25 - 00027040 _____ () C:\Windows\DPINST.LOG 2014-10-27 08:23 - 2014-10-27 08:23 - 00000000 ____D () C:\ProgramData\HTC 2014-10-21 06:24 - 2014-10-21 06:24 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-10-21 06:24 - 2014-10-21 06:24 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-10-21 06:24 - 2014-10-21 06:24 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-10-21 06:24 - 2014-10-21 06:24 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-10-21 06:24 - 2014-10-21 06:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-10-21 06:24 - 2014-10-21 06:24 - 00000000 ____D () C:\Program Files (x86)\Java 2014-10-15 08:17 - 2014-10-15 08:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-15 07:18 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-15 07:18 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-15 07:18 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-15 07:18 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-15 07:18 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-15 07:18 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-15 07:18 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-15 07:18 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-15 07:18 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-15 07:18 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-15 07:18 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-15 07:18 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-15 07:18 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-15 07:18 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-15 07:18 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-15 07:18 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-15 07:18 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-15 07:18 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-15 07:18 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-15 07:18 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-15 07:18 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-15 07:18 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-15 07:18 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-15 07:18 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-15 07:18 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-15 07:18 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-15 07:18 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-15 07:18 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-15 07:18 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-10-15 07:18 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-15 07:18 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-15 07:18 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-15 07:18 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-15 07:18 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-10-15 07:18 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-15 07:18 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-15 07:18 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-15 07:18 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-15 07:18 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-15 07:18 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-10-15 07:18 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-10-15 07:18 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-10-15 07:18 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-10-15 07:18 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-10-15 07:18 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-15 07:18 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-15 07:18 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-15 07:18 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-15 07:18 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-15 07:18 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-10-15 07:18 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-15 07:18 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-15 07:18 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-15 07:18 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-15 07:18 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-15 07:18 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-15 07:18 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-15 07:18 - 2014-08-19 04:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2014-10-15 07:18 - 2014-08-19 04:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2014-10-15 07:18 - 2014-08-19 04:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2014-10-15 07:18 - 2014-08-19 04:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2014-10-15 07:18 - 2014-08-19 04:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2014-10-15 07:18 - 2014-08-19 04:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2014-10-15 07:18 - 2014-08-19 04:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2014-10-15 07:18 - 2014-08-19 04:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2014-10-15 07:18 - 2014-08-19 04:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2014-10-15 07:18 - 2014-08-19 04:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2014-10-15 07:18 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2014-10-15 07:18 - 2014-08-19 03:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2014-10-15 07:18 - 2014-08-19 03:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2014-10-15 07:18 - 2014-07-07 03:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-10-15 07:18 - 2014-07-07 03:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2014-10-15 07:18 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-10-15 07:18 - 2014-07-07 03:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2014-10-15 07:18 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-10-15 07:18 - 2014-07-07 03:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2014-10-15 07:18 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2014-10-15 07:18 - 2014-07-07 03:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-10-15 07:18 - 2014-07-07 03:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2014-10-15 07:18 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2014-10-15 07:18 - 2014-07-07 02:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2014-10-15 07:18 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2014-10-15 07:18 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2014-10-15 07:18 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2014-10-15 07:18 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-10-15 07:18 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-10-15 07:18 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2014-10-15 07:18 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2014-10-15 07:18 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2014-10-15 07:18 - 2014-06-28 01:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2014-10-15 07:18 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2014-10-15 07:18 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2014-10-15 07:18 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-15 07:18 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-15 07:18 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-15 07:18 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-15 07:18 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-15 07:18 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-15 07:17 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-15 07:17 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-15 07:17 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-15 07:17 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-15 07:17 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-15 07:17 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-15 07:17 - 2014-08-29 03:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-15 07:17 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-10-15 07:17 - 2014-08-29 03:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2014-10-15 07:17 - 2014-08-29 03:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-10-15 07:17 - 2014-08-29 03:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-10-15 07:17 - 2014-08-29 02:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-15 07:17 - 2014-08-29 02:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-10-15 07:17 - 2014-08-29 02:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2014-10-15 07:17 - 2014-08-29 02:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2014-10-15 07:17 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-15 07:17 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-15 07:17 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-15 07:17 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-15 07:17 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-15 07:17 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-15 07:17 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-15 07:17 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-10-15 07:17 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-10-15 07:17 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-15 07:17 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-08 06:07 - 2014-10-28 10:02 - 00114784 _____ () C:\Windows\PFRO.log 2014-10-06 14:31 - 2014-10-06 14:31 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360 2014-10-01 11:43 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-10-01 11:43 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-09-30 11:34 - 2014-10-28 10:03 - 00013566 _____ () C:\Windows\setupact.log 2014-09-30 11:34 - 2014-09-30 11:34 - 00000000 _____ () C:\Windows\setuperr.log 2014-09-29 12:42 - 2014-09-29 12:42 - 00004506 _____ () C:\Users\KI\Divers\Documents\cc_20140929_134244.reg ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-28 10:06 - 2013-12-04 18:18 - 01473553 _____ () C:\Windows\WindowsUpdate.log 2014-10-28 10:03 - 2013-12-04 21:00 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-28 10:03 - 2013-12-04 19:41 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-10-28 10:03 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-28 10:00 - 2014-02-22 18:23 - 00000000 ____D () C:\Users\KI\AppData\Roaming\systweak 2014-10-28 09:55 - 2013-12-04 20:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-28 09:50 - 2009-07-14 05:45 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-28 09:50 - 2009-07-14 05:45 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-28 09:48 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat 2014-10-28 09:48 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat 2014-10-28 09:48 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-28 09:42 - 2013-12-04 21:00 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-28 09:09 - 2013-12-04 18:18 - 00000000 ____D () C:\Users\KI 2014-10-28 08:32 - 2009-07-14 05:45 - 00437520 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-27 22:09 - 2013-12-04 22:08 - 00000000 ____D () C:\ProgramData\Origin 2014-10-27 14:13 - 2013-12-05 00:29 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-10-27 13:52 - 2013-12-05 00:29 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2014-10-27 09:47 - 2014-09-16 19:09 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-10-27 09:08 - 2013-12-20 10:18 - 00000000 ____D () C:\Users\KI\AppData\Roaming\vlc 2014-10-27 09:04 - 2013-12-05 10:45 - 00000000 ____D () C:\Users\KI\AppData\Local\CrashDumps 2014-10-27 08:27 - 2013-12-04 20:42 - 00111832 _____ () C:\Users\KI\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-27 08:26 - 2014-06-24 09:53 - 00000000 ____D () C:\Users\KI\AppData\Roaming\Apple Computer 2014-10-27 08:23 - 2014-09-05 19:11 - 00000000 ____D () C:\Temp 2014-10-27 08:23 - 2014-01-12 16:33 - 00000000 ____D () C:\Users\KI\AppData\Local\Downloaded Installations 2014-10-26 09:11 - 2013-12-04 21:59 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-10-23 11:37 - 2013-12-04 21:00 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-23 11:37 - 2013-12-04 21:00 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-21 06:24 - 2014-06-04 16:24 - 00000000 ____D () C:\ProgramData\Oracle 2014-10-17 08:40 - 2013-12-05 10:00 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-10-16 08:04 - 2013-12-04 20:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-10-15 13:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-10-15 10:32 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-15 10:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-10-15 10:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-10-15 08:58 - 2013-12-04 20:31 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-15 08:56 - 2013-12-04 20:31 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-06 14:31 - 2013-12-04 20:23 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration 2014-10-06 14:31 - 2013-12-04 20:23 - 00002319 _____ () C:\Users\Public\Desktop\Norton 360.lnk 2014-10-06 14:31 - 2013-12-04 20:23 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 2014-10-06 14:31 - 2013-12-04 20:23 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64 Some content of TEMP: ==================== C:\Users\KI\AppData\Local\Temp\System.Data.SQLite.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-26 09:22 ==================== End Of Log ============================ --- --- --- |
|
28.10.2014, 11:11
| #5 |
| | Windows 7 64bit: SmartSaver 15 eingefangen. Logs bereits erstellt. Gmer.txt Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-10-28 10:12:34 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 Samsung_SSD_840_EVO_500GB rev.EXT0BB6Q 465,76GB Running: Gmer-19357.exe; Driver: C:\Users\KI\AppData\Local\Temp\pxldqpoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075131401 2 bytes JMP 756db21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1048] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075131419 2 bytes JMP 756db346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075131431 2 bytes JMP 75758ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007513144a 2 bytes CALL 756b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1048] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751314dd 2 bytes JMP 757587a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751314f5 2 bytes JMP 75758978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1048] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007513150d 2 bytes JMP 75758698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075131525 2 bytes JMP 75758a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007513153d 2 bytes JMP 756cfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1048] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075131555 2 bytes JMP 756d68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007513156d 2 bytes JMP 75758f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075131585 2 bytes JMP 75758ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1048] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007513159d 2 bytes JMP 7575865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751315b5 2 bytes JMP 756cfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751315cd 2 bytes JMP 756db2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751316b2 2 bytes JMP 75758e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1048] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751316bd 2 bytes JMP 757585f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075131401 2 bytes JMP 756db21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2188] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075131419 2 bytes JMP 756db346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075131431 2 bytes JMP 75758ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007513144a 2 bytes CALL 756b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2188] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751314dd 2 bytes JMP 757587a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751314f5 2 bytes JMP 75758978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2188] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007513150d 2 bytes JMP 75758698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075131525 2 bytes JMP 75758a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007513153d 2 bytes JMP 756cfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2188] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075131555 2 bytes JMP 756d68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007513156d 2 bytes JMP 75758f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075131585 2 bytes JMP 75758ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2188] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007513159d 2 bytes JMP 7575865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751315b5 2 bytes JMP 756cfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751315cd 2 bytes JMP 756db2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751316b2 2 bytes JMP 75758e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751316bd 2 bytes JMP 757585f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075131401 2 bytes JMP 756db21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2356] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075131419 2 bytes JMP 756db346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075131431 2 bytes JMP 75758ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007513144a 2 bytes CALL 756b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2356] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751314dd 2 bytes JMP 757587a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751314f5 2 bytes JMP 75758978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2356] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007513150d 2 bytes JMP 75758698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075131525 2 bytes JMP 75758a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007513153d 2 bytes JMP 756cfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2356] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075131555 2 bytes JMP 756d68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007513156d 2 bytes JMP 75758f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075131585 2 bytes JMP 75758ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2356] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007513159d 2 bytes JMP 7575865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751315b5 2 bytes JMP 756cfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751315cd 2 bytes JMP 756db2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751316b2 2 bytes JMP 75758e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2356] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751316bd 2 bytes JMP 757585f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075131401 2 bytes JMP 756db21b C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2520] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075131419 2 bytes JMP 756db346 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075131431 2 bytes JMP 75758ea9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007513144a 2 bytes CALL 756b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\system32\PnkBstrA.exe[2520] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751314dd 2 bytes JMP 757587a2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751314f5 2 bytes JMP 75758978 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2520] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007513150d 2 bytes JMP 75758698 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075131525 2 bytes JMP 75758a62 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007513153d 2 bytes JMP 756cfca8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2520] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075131555 2 bytes JMP 756d68ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007513156d 2 bytes JMP 75758f61 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075131585 2 bytes JMP 75758ac2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2520] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007513159d 2 bytes JMP 7575865c C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751315b5 2 bytes JMP 756cfd41 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751315cd 2 bytes JMP 756db2dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751316b2 2 bytes JMP 75758e24 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\PnkBstrA.exe[2520] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751316bd 2 bytes JMP 757585f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075131401 2 bytes JMP 756db21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3476] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075131419 2 bytes JMP 756db346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075131431 2 bytes JMP 75758ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007513144a 2 bytes CALL 756b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3476] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751314dd 2 bytes JMP 757587a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751314f5 2 bytes JMP 75758978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3476] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007513150d 2 bytes JMP 75758698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075131525 2 bytes JMP 75758a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007513153d 2 bytes JMP 756cfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3476] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075131555 2 bytes JMP 756d68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007513156d 2 bytes JMP 75758f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075131585 2 bytes JMP 75758ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3476] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007513159d 2 bytes JMP 7575865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751315b5 2 bytes JMP 756cfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751315cd 2 bytes JMP 756db2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751316b2 2 bytes JMP 75758e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751316bd 2 bytes JMP 757585f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4468] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075131401 2 bytes JMP 756db21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4468] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075131419 2 bytes JMP 756db346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075131431 2 bytes JMP 75758ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007513144a 2 bytes CALL 756b48ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4468] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751314dd 2 bytes JMP 757587a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4468] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751314f5 2 bytes JMP 75758978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4468] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007513150d 2 bytes JMP 75758698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4468] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075131525 2 bytes JMP 75758a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4468] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007513153d 2 bytes JMP 756cfca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4468] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075131555 2 bytes JMP 756d68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4468] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007513156d 2 bytes JMP 75758f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4468] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075131585 2 bytes JMP 75758ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4468] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007513159d 2 bytes JMP 7575865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4468] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751315b5 2 bytes JMP 756cfd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4468] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751315cd 2 bytes JMP 756db2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4468] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751316b2 2 bytes JMP 75758e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4468] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751316bd 2 bytes JMP 757585f1 C:\Windows\syswow64\kernel32.dll .text E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075131401 2 bytes JMP 756db21b C:\Windows\syswow64\KERNEL32.dll .text E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[4748] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075131419 2 bytes JMP 756db346 C:\Windows\syswow64\KERNEL32.dll .text E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075131431 2 bytes JMP 75758ea9 C:\Windows\syswow64\KERNEL32.dll .text E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007513144a 2 bytes CALL 756b48ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[4748] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000751314dd 2 bytes JMP 757587a2 C:\Windows\syswow64\KERNEL32.dll .text E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000751314f5 2 bytes JMP 75758978 C:\Windows\syswow64\KERNEL32.dll .text E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[4748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007513150d 2 bytes JMP 75758698 C:\Windows\syswow64\KERNEL32.dll .text E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075131525 2 bytes JMP 75758a62 C:\Windows\syswow64\KERNEL32.dll .text E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007513153d 2 bytes JMP 756cfca8 C:\Windows\syswow64\KERNEL32.dll .text E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[4748] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075131555 2 bytes JMP 756d68ef C:\Windows\syswow64\KERNEL32.dll .text E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007513156d 2 bytes JMP 75758f61 C:\Windows\syswow64\KERNEL32.dll .text E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075131585 2 bytes JMP 75758ac2 C:\Windows\syswow64\KERNEL32.dll .text E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[4748] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007513159d 2 bytes JMP 7575865c C:\Windows\syswow64\KERNEL32.dll .text E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000751315b5 2 bytes JMP 756cfd41 C:\Windows\syswow64\KERNEL32.dll .text E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000751315cd 2 bytes JMP 756db2dc C:\Windows\syswow64\KERNEL32.dll .text E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000751316b2 2 bytes JMP 75758e24 C:\Windows\syswow64\KERNEL32.dll .text E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[4748] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000751316bd 2 bytes JMP 757585f1 C:\Windows\syswow64\KERNEL32.dll ---- Processes - GMER 2.1 ---- Library C:\Users\KI\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1860] (Mediencenter Shell Icon Overlay Handler/Deutsche Telekom AG)(2013-10-01 12:56:44) 000007fef7bc0000 Process \\?\C:\Windows\system32\wbem\WMIADAP.EXE (*** suspicious ***) @ \\?\C:\Windows\system32\wbem\WMIADAP.EXE [1612] (WMI Reverse Performance Adapter Maintenance Utility/Microsoft Corporation)(2009-07-13 23:47:22) 00000000ff420000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot@OfficeODC ???k?????j?k?k?k?k?k??????N??????|????D??????i?j?j?j?j?k????WPD??????k?k?k???k?k?k??????????????s????j?k?j???k?l?k???????????????????????????????e??sl??? ??????????????s????????????????????k???????????????????f???1??sI??? ???????j?????k?????j?.?????????????????????E???????????L??BR???k?k????? ???????k???????????j?.????????b???????????{4d36e97d-e325-11ce-bfc1-08002be10318}???5??Microsoft-Systemverwaltungs-BIOS-Treiber???????k?&??ms_agilevpnminiport??V???????j???e??ap??? *??k?????????Win??@netrasa.inf,%msft%;Microsoft???{4d36e972-e325-11ce-bfc1-08002be10318}\0001?\W??root\vclone?????????????oem33.inf????????i???????????????????????????????????????????????????n???2??????????????????{4d36e972-e325-11ce-bfc1-08002be10318}???????????????5??????????????????MS???????????????????????k?k?3??{4d36e972-e325-11ce-bfc1-08002be10318}\0008??????????g??????s????????????k???k?k????? ??????????????x????????????????e???k???k???????????k???l?l??????<??k?????g?????k??? ???????j?????k?????j?.?????????????????????_????X??k????????? Reg HKLM\SYSTEM\ControlSet002\Control\BackupRestore\FilesNotToSnapshot@OfficeODC ???T?.???.??{00000000-0000-0000-ffff-ffffffffffff}??????? ???????-???????????-?,??????$????????????????-????? ???-?????????-???????????????????????????????????????????????????????????????????????????????? ???????? ???????,?????-???????.????????????????????? ???????-?????8???????.??"?????f??????????0???????-???????? ???????????????? ???????-???????????-?.??????"?h????????f???.?.?????.??? ???????.???????????.?,??????$?????????????????????????????????????????????? (??-?????????-????????????????????????????? ???????-?????:???????.??"?????v???????????Microsoft????????.???-???????r??????????????P?????N??-???-??????????{00000000-0000-0000-ffff-ffffffffffff}?????????.???????-????? ???????-???????????.?,??????$???????????????sr???????.?????.??????0???????????????? ???????-???????????.?.??????"?H????????f????H??- ???????????r?is??H???????????????????????????????????????? .??.???????????????.???? .#????????????R?????????????.?=???.??? ???????-?????-?????-?,????????&???=???????????????????????????????}????.??ACPI\INT3F0 ---- EOF - GMER 2.1 ---- |
|
28.10.2014, 13:06
| #6 |
| | Windows 7 64bit: SmartSaver 15 eingefangen. Logs bereits erstellt. Hab gerade gelesen man soll die Tools mit Adminrechten ausführen. Hab dies also nochmal so gemacht. Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014 01
Ran by KI at 2014-10-28 12:50:40
Running from E:\Arbeitsprogramme\Downloads\Remover Tools\Farbar
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton 360 Online (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 Online (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Online (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Lens Profile Downloader (HKLM-x32\...\AdobeLensProfileDownloader) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.3.2.15221 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
Brother MFL-Pro Suite MFC-7225N (HKLM-x32\...\{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
devolo Cockpit (HKLM-x32\...\dlancockpit) (Version: 4.2.1.0 - devolo AG)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free YouTube Download version 3.2.17.1125 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.17.1125 - DVDVideoSoft Ltd.)
FreeFileSync 6.6 (HKLM-x32\...\FreeFileSync) (Version: 6.6 - Zenju)
Freemake Video Converter Version 4.1.2 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.2 - Ellora Assets Corporation)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GML Matting 0.3 (HKLM-x32\...\GML Matting_is1) (Version: 0.3 - GML Computer Vision Group)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar North)
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version: - Rockstar North / Toronto)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.13.0.003 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.24.5 - HTC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.52.1176 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java Auto Updater (x32 Version: 2.1.71.14 - Oracle, Inc.) Hidden
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mediencenter 3.9.1055.64 (HKCU\...\Mediencenter) (Version: 3.9.1055.64 - Deutsche Telekom AG)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{F7930EE9-0929-439D-A57B-D40C2C69C890}) (Version: 6.3.9723.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 33.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 de)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSI Live Update (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.0.006 - MSI)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7069 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.)
Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.6 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.1.0 - Samsung Electronics)
Secure Eraser (HKLM-x32\...\Secure Eraser_is1) (Version: 4.2.0.1 - ASCOMP Software GmbH)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
SketchUp 2014 (HKLM-x32\...\{9E620BD5-AEEC-492D-9065-D71FCD4C52F1}) (Version: 14.1.1282 - Trimble Navigation Limited)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.31 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
VideoGenie (HKLM-x32\...\{FC54FD8D-789C-406D-BB88-F7C4421B7E83}_is1) (Version: 1.0.0.12 - MSI)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
virtualPhotographer 1.5.6 (HKLM-x32\...\virtualPhotographer_is1) (Version: - optikVerve Labs)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
x64 Components v4.6.9 (HKLM\...\Advanced x64Components_is1) (Version: 4.6.9 - Shark007)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4212900307-3805612920-3004824622-1000_Classes\CLSID\{268502F4-815D-4358-A8D6-B783FDB58EF0}\InprocServer32 -> C:\Users\KI\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.ContextMenuHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-4212900307-3805612920-3004824622-1000_Classes\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}\InprocServer32 -> C:\Users\KI\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-4212900307-3805612920-3004824622-1000_Classes\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}\InprocServer32 -> C:\Users\KI\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-4212900307-3805612920-3004824622-1000_Classes\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}\InprocServer32 -> C:\Users\KI\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {107B6BA2-B5EE-4C38-BED0-6318EDC0DDD5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: {16683886-7715-4740-A1D6-557EABF916A9} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {26856FD9-CA64-456E-98D9-6B7E9A598AD6} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {55DA122D-B5DD-44CD-BF79-F53F82AD0EEF} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {6F2A7823-6A56-4985-AC6F-691AB64C40C2} - System32\Tasks\CRAZB => C:\Users\KI\AppData\Roaming\CRAZB.exe <==== ATTENTION
Task: {74475117-015D-4156-BFF5-0C6C2ACEEF8F} - \RocketTab No Task File <==== ATTENTION
Task: {AFD136DB-A9DA-4E5F-AF4A-000C5DC3E4E6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)
Task: {C2797D0C-BCA0-48DA-B398-7B19B5253A00} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-11] (Adobe Systems Incorporated)
Task: {CFB23E1E-96BB-4973-9F65-36AB7E2770B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-04] (Google Inc.)
Task: {D39B856F-1667-4113-AD18-7E02F2C00DF3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-04] (Google Inc.)
Task: {E09BB99D-378C-467D-970A-364B1587D1EB} - System32\Tasks\QVEOKK => C:\Users\KI\AppData\Roaming\QVEOKK.exe <==== ATTENTION
Task: {E4803C04-B78B-414B-801F-7E4B5DA1D233} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: {E639A937-EB09-41BA-9C09-F215337F9E63} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {E9157649-F629-4E3E-8A2C-6D1797FC9E46} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CRAZB.job => C:\Users\KI\AppData\Roaming\CRAZB.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\QVEOKK.job => C:\Users\KI\AppData\Roaming\QVEOKK.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2013-12-04 19:41 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-14 20:21 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-12-22 12:48 - 2012-09-07 16:57 - 00559424 _____ () E:\Arbeitsprogramme\Secure Eraser\SecEraser64.dll
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-07-26 20:54 - 2014-09-17 12:28 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2013-12-23 12:28 - 2005-04-22 13:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2014-08-06 13:42 - 2014-08-06 13:42 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2014-08-06 13:40 - 2014-08-06 13:40 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-08-06 13:41 - 2014-08-06 13:41 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-08-06 13:41 - 2014-08-06 13:41 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-08-06 13:41 - 2014-08-06 13:41 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-08-06 13:42 - 2014-08-06 13:42 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-08-06 13:44 - 2014-08-06 13:44 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-08-06 13:46 - 2014-08-06 13:46 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2013-12-23 12:28 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 01135616 _____ () E:\Samsung\AllShare\AllShareDMS\AllShareDMSWrap.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00656896 _____ () E:\Samsung\AllShare\AllShareDMS\ContentDirectoryPresenter.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00105472 _____ () E:\Samsung\AllShare\AllShareDMS\DCMCDP.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00098816 _____ () E:\Samsung\AllShare\AllShareDMS\FolderCDP.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00077312 _____ () E:\Samsung\AllShare\AllShareDMS\MetadataFramework.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00520234 _____ () E:\Samsung\AllShare\AllShareDMS\sqlite3.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00450560 _____ () E:\Samsung\AllShare\AllShareDMS\MoodExtractor.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 05717504 _____ () E:\Samsung\AllShare\AllShareDMS\DCMImgExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00029184 _____ () E:\Samsung\AllShare\AllShareDMS\AutoChaptering.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00147456 _____ () E:\Samsung\AllShare\AllShareDMS\libexpat.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00012288 _____ () E:\Samsung\AllShare\AllShareDMS\VideoThumb.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 04671488 _____ () E:\Samsung\AllShare\AllShareDMS\avcodec-52.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00070656 _____ () E:\Samsung\AllShare\AllShareDMS\avutil-50.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00686080 _____ () E:\Samsung\AllShare\AllShareDMS\avformat-52.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00152064 _____ () E:\Samsung\AllShare\AllShareDMS\swscale-0.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00027648 _____ () E:\Samsung\AllShare\AllShareDMS\AudioExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00063488 _____ () E:\Samsung\AllShare\AllShareDMS\ID3Driver.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00366592 _____ () E:\Samsung\AllShare\AllShareDMS\tag.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00289792 _____ () E:\Samsung\AllShare\AllShareDMS\libThumbnail.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00023040 _____ () E:\Samsung\AllShare\AllShareDMS\RichInfoDriver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00017920 _____ () E:\Samsung\AllShare\AllShareDMS\VideoExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00017920 _____ () E:\Samsung\AllShare\AllShareDMS\ThumbnailMaker.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00133120 _____ () E:\Samsung\AllShare\AllShareDMS\VideoMetadataDriver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00290304 _____ () E:\Samsung\AllShare\AllShareDMS\libKeyFrame.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00024064 _____ () E:\Samsung\AllShare\AllShareDMS\SECMetaDriver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00012288 _____ () E:\Samsung\AllShare\AllShareDMS\ImageExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00024064 _____ () E:\Samsung\AllShare\AllShareDMS\photoDriver.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00399826 _____ () E:\Samsung\AllShare\AllShareDMS\libexif-12.dll.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00013824 _____ () E:\Samsung\AllShare\AllShareDMS\TextExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00031232 _____ () E:\Samsung\AllShare\AllShareDMS\Autobackup.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00054784 _____ () E:\Samsung\AllShare\AllShareDMS\RosettaAllShare.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00044032 _____ () E:\Samsung\AllShare\AllShareDMS\us.dll
2014-09-16 19:10 - 2014-09-16 19:10 - 00962560 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-09-16 19:10 - 2014-09-16 19:10 - 00024064 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-09-16 19:10 - 2014-09-16 19:10 - 00025088 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-09-16 19:10 - 2014-09-16 19:10 - 00217088 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-09-16 19:10 - 2014-09-16 19:10 - 00261632 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-09-16 19:10 - 2014-09-16 19:10 - 00019968 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-09-16 19:10 - 2014-09-16 19:10 - 00302592 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-09-16 19:10 - 2014-09-16 19:10 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^KI^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mediencenter.lnk => C:\Windows\pss\Mediencenter.lnk.Startup
MSCONFIG\startupfolder: C:^Users^KI^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Magician.lnk => C:\Windows\pss\Samsung Magician.lnk.Startup
MSCONFIG\startupreg: AllShareAgent => E:\Samsung\AllShare\AllShareAgent.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DNS7reminder => "E:\Neuer Ordner\Diktat\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
MSCONFIG\startupreg: Live Update => E:\Arbeitsprogramme\Live Update\StartLiveUpdate.exe /REMINDER
MSCONFIG\startupreg: Live Update 5 => E:\Arbeitsprogramme\Live Update 5\BootStartLiveupdate.exe /reminder
MSCONFIG\startupreg: PMBVolumeWatcher => E:\Arbeitsprogramme\Sony A58\PMBVolumeWatcher.exe
MSCONFIG\startupreg: QuickTime Task => "E:\Arbeitsprogramme\QT\QTTask.exe" -atboottime
========================= Accounts: ==========================
Administrator (S-1-5-21-4212900307-3805612920-3004824622-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-4212900307-3805612920-3004824622-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4212900307-3805612920-3004824622-1002 - Limited - Enabled)
KI (S-1-5-21-4212900307-3805612920-3004824622-1000 - Administrator - Enabled) => C:\Users\KI
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/27/2014 09:04:32 AM) (Source: MsiInstaller) (EventID: 11309) (User: KI-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.
Error: (10/27/2014 09:04:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.0.0.5397, Zeitstempel: 0x543924b1
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.0.0.5397, Zeitstempel: 0x5438ffbb
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1020
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (10/17/2014 10:31:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ActivationUI.exe, Version: 4.6.4.0, Zeitstempel: 0x52ec158c
Name des fehlerhaften Moduls: ActivationUI.exe, Version: 4.6.4.0, Zeitstempel: 0x52ec158c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000a8cb6
ID des fehlerhaften Prozesses: 0xd14
Startzeit der fehlerhaften Anwendung: 0xActivationUI.exe0
Pfad der fehlerhaften Anwendung: ActivationUI.exe1
Pfad des fehlerhaften Moduls: ActivationUI.exe2
Berichtskennung: ActivationUI.exe3
Error: (10/06/2014 02:31:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 32.0.3.5379, Zeitstempel: 0x54224e6b
Name des fehlerhaften Moduls: mozalloc.dll, Version: 32.0.3.5379, Zeitstempel: 0x54221b67
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x11a4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (09/19/2014 01:34:15 PM) (Source: MsiInstaller) (EventID: 1023) (User: KI-PC)
Description: Produkt: Adobe Reader XI (11.0.08) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011009}" konnte nicht installiert werden. Fehlercode 1625. Weitere Informationen sind in der Protokolldatei C:\Users\KI\AppData\Local\Temp\MSI13310.LOG enthalten.
Error: (09/18/2014 10:15:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ActivationUI.exe, Version: 4.6.4.0, Zeitstempel: 0x52ec158c
Name des fehlerhaften Moduls: ActivationUI.exe, Version: 4.6.4.0, Zeitstempel: 0x52ec158c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000a8cb6
ID des fehlerhaften Prozesses: 0x1308
Startzeit der fehlerhaften Anwendung: 0xActivationUI.exe0
Pfad der fehlerhaften Anwendung: ActivationUI.exe1
Pfad des fehlerhaften Moduls: ActivationUI.exe2
Berichtskennung: ActivationUI.exe3
Error: (09/17/2014 03:07:33 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108
Error: (09/11/2014 01:41:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: bf4.exe, Version: 1.3.2.3825, Zeitstempel: 0x53a4d82a
Name des fehlerhaften Moduls: bf4.exe, Version: 1.3.2.3825, Zeitstempel: 0x53a4d82a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000001465b74
ID des fehlerhaften Prozesses: 0x137c
Startzeit der fehlerhaften Anwendung: 0xbf4.exe0
Pfad der fehlerhaften Anwendung: bf4.exe1
Pfad des fehlerhaften Moduls: bf4.exe2
Berichtskennung: bf4.exe3
Error: (09/05/2014 10:51:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: lightroom.exe, Version: 5.6.0.10, Zeitstempel: 0x53ce7bf8
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000c4102
ID des fehlerhaften Prozesses: 0x348
Startzeit der fehlerhaften Anwendung: 0xlightroom.exe0
Pfad der fehlerhaften Anwendung: lightroom.exe1
Pfad des fehlerhaften Moduls: lightroom.exe2
Berichtskennung: lightroom.exe3
Error: (09/05/2014 10:49:40 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (10/28/2014 09:41:57 AM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.
Error: (10/28/2014 09:41:57 AM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.
Error: (10/28/2014 09:40:46 AM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.
Error: (10/28/2014 09:40:46 AM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.
Error: (10/28/2014 09:39:21 AM) (Source: SRTSP) (EventID: 4) (User: )
Description: Error loading virus definitions.
Error: (10/17/2014 07:53:23 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error: (10/17/2014 07:53:23 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error: (10/15/2014 10:32:56 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 12291) (User: NT-AUTORITÄT)
Description: Das SAM-Modul konnte den TCP/IP- bzw. SPX/IPX-Listening-Thread nicht starten.
Error: (10/14/2014 04:53:39 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error: (10/06/2014 02:31:44 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Microsoft Office Sessions:
=========================
Error: (10/27/2014 09:04:32 AM) (Source: MsiInstaller) (EventID: 11309) (User: KI-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (10/27/2014 09:04:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.0.0.5397543924b1mozalloc.dll33.0.0.53975438ffbb8000000300001425102001cff1bc61f647d7C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlld15e7a5b-5daf-11e4-a772-6c626d41abc3
Error: (10/17/2014 10:31:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ActivationUI.exe4.6.4.052ec158cActivationUI.exe4.6.4.052ec158cc0000005000a8cb6d1401cfe9ed163bc416C:\PROGRA~2\ORIGIN~1\BATTLE~1\Core\ActivationUI.exeC:\PROGRA~2\ORIGIN~1\BATTLE~1\Core\ActivationUI.exe54f76197-55e0-11e4-bd30-6c626d41abc3
Error: (10/06/2014 02:31:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.3.537954224e6bmozalloc.dll32.0.3.537954221b67800000030000141b11a401cfe14ce799fbbdC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll18295d20-4d5d-11e4-988f-6c626d41abc3
Error: (09/19/2014 01:34:15 PM) (Source: MsiInstaller) (EventID: 1023) (User: KI-PC)
Description: Adobe Reader XI (11.0.08) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011009}1625C:\Users\KI\AppData\Local\Temp\MSI13310.LOG(NULL)(NULL)
Error: (09/18/2014 10:15:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ActivationUI.exe4.6.4.052ec158cActivationUI.exe4.6.4.052ec158cc0000005000a8cb6130801cfd321102f6175C:\PROGRA~2\ORIGIN~1\BATTLE~1\Core\ActivationUI.exeC:\PROGRA~2\ORIGIN~1\BATTLE~1\Core\ActivationUI.exe4eb8caaa-3f14-11e4-83ce-6c626d41abc3
Error: (09/17/2014 03:07:33 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108
Error: (09/11/2014 01:41:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: bf4.exe1.3.2.382553a4d82abf4.exe1.3.2.382553a4d82ac00000050000000001465b74137c01cfcdad56e20a85E:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exeE:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exefb4403ff-39b0-11e4-8d64-6c626d41abc3
Error: (09/05/2014 10:51:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: lightroom.exe5.6.0.1053ce7bf8ntdll.dll6.1.7601.18247521eaf24c000037400000000000c410234801cfc95392e70f1dC:\Program Files\Adobe\Adobe Photoshop Lightroom 5.6\lightroom.exeC:\Windows\SYSTEM32\ntdll.dlld6198b60-3546-11e4-857d-6c626d41abc3
Error: (09/05/2014 10:49:40 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz
Percentage of memory in use: 22%
Total physical RAM: 8163.19 MB
Available physical RAM: 6294.78 MB
Total Pagefile: 8261.37 MB
Available Pagefile: 6219.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:390.22 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Volume) (Fixed) (Total:465.76 GB) (Free:278.43 GB) NTFS
Drive f: () (Fixed) (Total:55.8 GB) (Free:54.97 GB) NTFS
Drive i: (My Passport) (Fixed) (Total:931.48 GB) (Free:231.85 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 90B894D9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 3651B604)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=42)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: 5391DA19)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00023F15)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01 Ran by KI (administrator) on KI-PC on 28-10-2014 12:50:25 Running from E:\Arbeitsprogramme\Downloads\Remover Tools\Farbar Loaded Profile: KI (Available profiles: KI & Administrator) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Micro-Star International) E:\Arbeitsprogramme\Live Update\MSI_LiveUpdate_Service.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () C:\Windows\System32\PnkBstrA.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Elaborate Bytes AG) E:\Arbeitsprogramme\VirtualCloneDrive\VCDDaemon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe (Samsung Electronics Co., Ltd.) E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506136 2013-12-06] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [VirtualCloneDrive] => E:\Arbeitsprogramme\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKU\S-1-5-21-4212900307-3805612920-3004824622-1000\...\MountPoints2: J - J:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-4212900307-3805612920-3004824622-1000\...\MountPoints2: {7560e93b-2b62-11e4-aacf-6c626d41abc3} - I:\DPFMate.exe HKU\S-1-5-21-4212900307-3805612920-3004824622-1000\...\MountPoints2: {bbd4c9ab-6dba-11e3-a6f9-6c626d41abc3} - H:\start.exe HKU\S-1-5-21-4212900307-3805612920-3004824622-1000\...\MountPoints2: {ce815852-5818-11e4-aba3-6c626d41abc3} - J:\HTC_Sync_Manager_PC.exe HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-12-04] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [01Mediencenter_InSync] -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\KI\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG) ShellIconOverlayIdentifiers: [02Mediencenter_ToSync] -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\KI\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG) ShellIconOverlayIdentifiers: [03Mediencenter_Failed] -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\KI\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG) ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: http=127.0.0.1:49201;https=127.0.0.1:49201 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x74F7A64E24F1CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default FF Homepage: www.google.de FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.1 -> E:\Arbeitsprogramme\VCL\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: WOT - C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-04-15] FF Extension: NoScript - C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-09] FF Extension: BetterPrivacy - C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-01-11] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn [2014-10-28] FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake Converter\Freemake Video Converter\BrowserPlugin\Firefox FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake Converter\Freemake Video Converter\BrowserPlugin\Firefox [2014-01-01] FF Extension: No Name - fmconverter@gmail.com [Not Found] FF Extension: No Name - {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} [Not Found] Chrome: ======= CHR DefaultSuggestURL: Default -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff CHR Profile: C:\Users\KI\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\KI\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-16] CHR Extension: (Regentropfen(Non-Aero)) - C:\Users\KI\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpagcfbbmlebfnkeogkigellbgmfkjfg [2014-09-29] CHR Extension: (Norton Identity Safe) - C:\Users\KI\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-15] CHR Extension: (Freemake Video Converter) - C:\Users\KI\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2014-01-02] CHR Extension: (Norton Security Toolbar) - C:\Users\KI\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-06-24] CHR Extension: (Norton Safe) - C:\Users\KI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2014-09-20] CHR Extension: (Google Wallet) - C:\Users\KI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-05] CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-06] CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake Converter\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-01-01] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-06] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-02-24] (BitRaider, LLC) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation) R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3611128 2014-02-11] (devolo AG) R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 MSI_LiveUpdate_Service; E:\Arbeitsprogramme\Live Update\MSI_LiveUpdate_Service.exe [84432 2014-07-01] (Micro-Star International) R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-09-17] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-09-16] () R2 SamsungAllShareV2.0; E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [25504 2012-03-02] (Samsung Electronics Co., Ltd.) S3 SimpleSlideShowServer; E:\Samsung\AllShare\AllShareSlideShowService.exe [27584 2012-03-02] (Samsung Electronics Co., Ltd.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\BASHDefs\20141024.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-11] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-11] (Symantec Corporation) S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated) R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\IPSDefs\20141027.001\IDSvia64.sys [633560 2014-08-28] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-28] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20141027.017\ENG64.SYS [129752 2014-10-09] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20141027.017\EX64.SYS [2137304 2014-10-09] (Symantec Corporation) R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2014-02-11] (CACE Technologies) S3 NTIOLib_1_0_4; E:\Arbeitsprogramme\Live Update\NTIOLib_X64.sys [14136 2010-10-22] (MSI) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-04] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-28 09:50 - 2014-10-28 12:26 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-28 09:50 - 2014-10-28 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-10-28 09:50 - 2014-10-28 09:50 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-28 09:50 - 2014-10-28 09:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-10-28 09:50 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-28 09:50 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-28 09:50 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-28 09:16 - 2014-10-28 12:50 - 00000000 ____D () C:\FRST 2014-10-28 09:09 - 2014-10-28 09:09 - 00000000 _____ () C:\Users\KI\defogger_reenable 2014-10-27 09:04 - 2014-10-28 10:15 - 00001326 _____ () C:\Windows\Tasks\QVEOKK.job 2014-10-27 09:04 - 2014-10-28 10:15 - 00001324 _____ () C:\Windows\Tasks\CRAZB.job 2014-10-27 09:04 - 2014-10-28 10:00 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2014-10-27 09:04 - 2014-10-27 09:04 - 00004340 _____ () C:\Windows\System32\Tasks\QVEOKK 2014-10-27 09:04 - 2014-10-27 09:04 - 00004338 _____ () C:\Windows\System32\Tasks\CRAZB 2014-10-27 09:04 - 2014-10-27 09:04 - 00000000 ____D () C:\Users\KI\AppData\Roaming\Shark007 2014-10-27 09:04 - 2014-10-27 09:04 - 00000000 ____D () C:\Users\KI\AppData\Local\globalUpdate 2014-10-27 09:04 - 2014-10-27 09:04 - 00000000 ____D () C:\ProgramData\Shark007 2014-10-27 09:04 - 2014-10-27 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark007 Codecs 2014-10-27 09:04 - 2014-10-27 09:04 - 00000000 ____D () C:\Program Files\Shark007 2014-10-27 09:04 - 2014-06-05 11:00 - 02050560 _____ (xy-VSFilter Team) C:\Windows\system32\VSFilter.dll 2014-10-27 09:04 - 2013-04-05 21:27 - 02231296 _____ () C:\Windows\system32\ac3filter.acm.new 2014-10-27 09:04 - 2013-04-05 21:27 - 02231296 _____ () C:\Windows\system32\ac3filter.acm 2014-10-27 09:04 - 2013-03-17 10:22 - 03554304 _____ (x264vfw project) C:\Windows\system32\x264vfw.dll 2014-10-27 09:04 - 2012-07-21 12:55 - 00180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm 2014-10-27 09:04 - 2012-07-21 12:54 - 00361472 _____ (fccHandler) C:\Windows\system32\aacacm.acm 2014-10-27 09:04 - 2012-07-17 15:21 - 00206336 _____ () C:\Windows\system32\unrar64.dll 2014-10-27 09:04 - 2011-12-07 20:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll 2014-10-27 09:04 - 2009-08-11 18:22 - 00580096 _____ () C:\Windows\system32\ac3filter.acm.old 2014-10-27 09:04 - 2009-01-22 22:51 - 00124909 _____ (Open Source Software community project) C:\Windows\system32\pthreadGC2.dll 2014-10-27 09:04 - 2007-02-05 17:05 - 00000038 _____ () C:\Windows\AviSplitter.INI 2014-10-27 08:27 - 2014-10-27 08:38 - 00000000 ____D () C:\Users\KI\AppData\Roaming\HTC 2014-10-27 08:26 - 2014-10-28 10:15 - 00000000 ____D () C:\Users\KI\AppData\Local\HTC MediaHub 2014-10-27 08:26 - 2014-10-27 08:27 - 00000000 ____D () C:\Users\KI\Divers\Documents\HTC 2014-10-27 08:26 - 2014-10-27 08:26 - 00002031 _____ () C:\Users\Public\Desktop\HTC Sync Manager.lnk 2014-10-27 08:26 - 2014-10-27 08:26 - 00000000 ____D () C:\Users\KI\AppData\Local\Apple Computer 2014-10-27 08:26 - 2014-10-27 08:26 - 00000000 ____D () C:\Users\KI\.android 2014-10-27 08:25 - 2014-10-27 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC 2014-10-27 08:25 - 2014-10-27 08:25 - 00000000 ____D () C:\Program Files (x86)\Spirent Communications 2014-10-27 08:23 - 2014-10-27 08:26 - 00000000 ____D () C:\Program Files (x86)\HTC 2014-10-27 08:23 - 2014-10-27 08:25 - 00027040 _____ () C:\Windows\DPINST.LOG 2014-10-27 08:23 - 2014-10-27 08:23 - 00000000 ____D () C:\ProgramData\HTC 2014-10-21 06:24 - 2014-10-21 06:24 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-10-21 06:24 - 2014-10-21 06:24 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-10-21 06:24 - 2014-10-21 06:24 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-10-21 06:24 - 2014-10-21 06:24 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-10-21 06:24 - 2014-10-21 06:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-10-21 06:24 - 2014-10-21 06:24 - 00000000 ____D () C:\Program Files (x86)\Java 2014-10-15 08:17 - 2014-10-15 08:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-15 07:18 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-15 07:18 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-15 07:18 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-15 07:18 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-15 07:18 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-15 07:18 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-15 07:18 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-15 07:18 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-15 07:18 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-15 07:18 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-15 07:18 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-15 07:18 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-15 07:18 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-15 07:18 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-15 07:18 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-15 07:18 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-15 07:18 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-15 07:18 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-15 07:18 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-15 07:18 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-15 07:18 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-15 07:18 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-15 07:18 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-15 07:18 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-15 07:18 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-15 07:18 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-15 07:18 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-15 07:18 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-15 07:18 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-10-15 07:18 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-15 07:18 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-15 07:18 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-15 07:18 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-15 07:18 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-10-15 07:18 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-15 07:18 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-15 07:18 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-15 07:18 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-15 07:18 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-15 07:18 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-10-15 07:18 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-10-15 07:18 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-10-15 07:18 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-10-15 07:18 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-10-15 07:18 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-15 07:18 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-15 07:18 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-15 07:18 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-15 07:18 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-15 07:18 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-10-15 07:18 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-15 07:18 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-15 07:18 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-15 07:18 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-15 07:18 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-15 07:18 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-15 07:18 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-15 07:18 - 2014-08-19 04:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2014-10-15 07:18 - 2014-08-19 04:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2014-10-15 07:18 - 2014-08-19 04:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2014-10-15 07:18 - 2014-08-19 04:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2014-10-15 07:18 - 2014-08-19 04:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2014-10-15 07:18 - 2014-08-19 04:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2014-10-15 07:18 - 2014-08-19 04:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2014-10-15 07:18 - 2014-08-19 04:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2014-10-15 07:18 - 2014-08-19 04:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2014-10-15 07:18 - 2014-08-19 04:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2014-10-15 07:18 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2014-10-15 07:18 - 2014-08-19 03:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2014-10-15 07:18 - 2014-08-19 03:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2014-10-15 07:18 - 2014-07-07 03:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-10-15 07:18 - 2014-07-07 03:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2014-10-15 07:18 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-10-15 07:18 - 2014-07-07 03:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2014-10-15 07:18 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-10-15 07:18 - 2014-07-07 03:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2014-10-15 07:18 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2014-10-15 07:18 - 2014-07-07 03:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-10-15 07:18 - 2014-07-07 03:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2014-10-15 07:18 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2014-10-15 07:18 - 2014-07-07 02:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2014-10-15 07:18 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2014-10-15 07:18 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2014-10-15 07:18 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2014-10-15 07:18 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-10-15 07:18 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-10-15 07:18 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2014-10-15 07:18 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2014-10-15 07:18 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2014-10-15 07:18 - 2014-06-28 01:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2014-10-15 07:18 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2014-10-15 07:18 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2014-10-15 07:18 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-15 07:18 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-15 07:18 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-15 07:18 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-15 07:18 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-15 07:18 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-15 07:17 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-15 07:17 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-15 07:17 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-15 07:17 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-15 07:17 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-15 07:17 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-15 07:17 - 2014-08-29 03:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-15 07:17 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-10-15 07:17 - 2014-08-29 03:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2014-10-15 07:17 - 2014-08-29 03:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-10-15 07:17 - 2014-08-29 03:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-10-15 07:17 - 2014-08-29 02:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-15 07:17 - 2014-08-29 02:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-10-15 07:17 - 2014-08-29 02:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2014-10-15 07:17 - 2014-08-29 02:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2014-10-15 07:17 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-15 07:17 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-15 07:17 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-15 07:17 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-15 07:17 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-15 07:17 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-15 07:17 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-15 07:17 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-10-15 07:17 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-10-15 07:17 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-15 07:17 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-08 06:07 - 2014-10-28 10:15 - 00115142 _____ () C:\Windows\PFRO.log 2014-10-06 14:31 - 2014-10-06 14:31 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360 2014-10-01 11:43 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-10-01 11:43 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-09-30 11:34 - 2014-10-28 10:15 - 00013734 _____ () C:\Windows\setupact.log 2014-09-30 11:34 - 2014-09-30 11:34 - 00000000 _____ () C:\Windows\setuperr.log 2014-09-29 12:42 - 2014-09-29 12:42 - 00004506 _____ () C:\Users\KI\Divers\Documents\cc_20140929_134244.reg ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-28 12:48 - 2013-12-04 18:18 - 01481701 _____ () C:\Windows\WindowsUpdate.log 2014-10-28 12:42 - 2013-12-04 21:00 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-28 12:42 - 2013-12-04 21:00 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-28 11:55 - 2013-12-04 20:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-28 11:32 - 2013-12-05 00:29 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-10-28 11:32 - 2013-12-05 00:29 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2014-10-28 11:26 - 2014-09-16 19:09 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-10-28 11:26 - 2013-12-04 22:08 - 00000000 ____D () C:\ProgramData\Origin 2014-10-28 10:22 - 2009-07-14 05:45 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-28 10:22 - 2009-07-14 05:45 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-28 10:21 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat 2014-10-28 10:21 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat 2014-10-28 10:21 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-28 10:15 - 2013-12-04 19:41 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-10-28 10:15 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-28 10:00 - 2014-02-22 18:23 - 00000000 ____D () C:\Users\KI\AppData\Roaming\systweak 2014-10-28 09:09 - 2013-12-04 18:18 - 00000000 ____D () C:\Users\KI 2014-10-28 08:32 - 2009-07-14 05:45 - 00437520 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-27 09:08 - 2013-12-20 10:18 - 00000000 ____D () C:\Users\KI\AppData\Roaming\vlc 2014-10-27 09:04 - 2013-12-05 10:45 - 00000000 ____D () C:\Users\KI\AppData\Local\CrashDumps 2014-10-27 08:27 - 2013-12-04 20:42 - 00111832 _____ () C:\Users\KI\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-27 08:26 - 2014-06-24 09:53 - 00000000 ____D () C:\Users\KI\AppData\Roaming\Apple Computer 2014-10-27 08:23 - 2014-09-05 19:11 - 00000000 ____D () C:\Temp 2014-10-27 08:23 - 2014-01-12 16:33 - 00000000 ____D () C:\Users\KI\AppData\Local\Downloaded Installations 2014-10-26 09:11 - 2013-12-04 21:59 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-10-23 11:37 - 2013-12-04 21:00 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-23 11:37 - 2013-12-04 21:00 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-21 06:24 - 2014-06-04 16:24 - 00000000 ____D () C:\ProgramData\Oracle 2014-10-17 08:40 - 2013-12-05 10:00 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-10-16 08:04 - 2013-12-04 20:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-10-15 13:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-10-15 10:32 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-15 10:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-10-15 10:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-10-15 08:58 - 2013-12-04 20:31 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-15 08:56 - 2013-12-04 20:31 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-06 14:31 - 2013-12-04 20:23 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration 2014-10-06 14:31 - 2013-12-04 20:23 - 00002319 _____ () C:\Users\Public\Desktop\Norton 360.lnk 2014-10-06 14:31 - 2013-12-04 20:23 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 2014-10-06 14:31 - 2013-12-04 20:23 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64 Some content of TEMP: ==================== C:\Users\KI\AppData\Local\Temp\System.Data.SQLite.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-26 09:22 ==================== End Of Log ============================ |
|
28.10.2014, 13:08
| #7 |
| | Windows 7 64bit: SmartSaver 15 eingefangen. Logs bereits erstellt. Hab gerade gelesen man soll die Tools mit Adminrechten ausführen. Hab dies also nochmal so gemacht. 2/2 GMER.txt (als Admin) Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-28 12:55:50
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 Samsung_SSD_840_EVO_500GB rev.EXT0BB6Q 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\KI\AppData\Local\Temp\pxldqpoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800023b5000 16 bytes [8B, E3, 41, 5F, 41, 5E, 41, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 545 fffff800023b5011 35 bytes {LEA ECX, [RSP+0x70]; CALL 0x3d64f}
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1220] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c61401 2 bytes JMP 7584b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1220] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c61419 2 bytes JMP 7584b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c61431 2 bytes JMP 758c8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c6144a 2 bytes CALL 758248ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1220] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c614dd 2 bytes JMP 758c87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1220] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c614f5 2 bytes JMP 758c8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1220] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c6150d 2 bytes JMP 758c8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1220] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c61525 2 bytes JMP 758c8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1220] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c6153d 2 bytes JMP 7583fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1220] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c61555 2 bytes JMP 758468ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1220] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c6156d 2 bytes JMP 758c8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1220] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c61585 2 bytes JMP 758c8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1220] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c6159d 2 bytes JMP 758c865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1220] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c615b5 2 bytes JMP 7583fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1220] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c615cd 2 bytes JMP 7584b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1220] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c616b2 2 bytes JMP 758c8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1220] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c616bd 2 bytes JMP 758c85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c61401 2 bytes JMP 7584b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2380] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c61419 2 bytes JMP 7584b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c61431 2 bytes JMP 758c8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c6144a 2 bytes CALL 758248ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2380] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c614dd 2 bytes JMP 758c87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c614f5 2 bytes JMP 758c8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2380] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c6150d 2 bytes JMP 758c8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c61525 2 bytes JMP 758c8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c6153d 2 bytes JMP 7583fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2380] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c61555 2 bytes JMP 758468ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c6156d 2 bytes JMP 758c8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c61585 2 bytes JMP 758c8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2380] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c6159d 2 bytes JMP 758c865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c615b5 2 bytes JMP 7583fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c615cd 2 bytes JMP 7584b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c616b2 2 bytes JMP 758c8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2380] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c616bd 2 bytes JMP 758c85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c61401 2 bytes JMP 7584b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2476] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c61419 2 bytes JMP 7584b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c61431 2 bytes JMP 758c8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c6144a 2 bytes CALL 758248ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2476] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c614dd 2 bytes JMP 758c87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c614f5 2 bytes JMP 758c8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2476] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c6150d 2 bytes JMP 758c8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c61525 2 bytes JMP 758c8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c6153d 2 bytes JMP 7583fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2476] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c61555 2 bytes JMP 758468ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c6156d 2 bytes JMP 758c8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c61585 2 bytes JMP 758c8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2476] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c6159d 2 bytes JMP 758c865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c615b5 2 bytes JMP 7583fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c615cd 2 bytes JMP 7584b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c616b2 2 bytes JMP 758c8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2476] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c616bd 2 bytes JMP 758c85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c61401 2 bytes JMP 7584b21b C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2816] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c61419 2 bytes JMP 7584b346 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c61431 2 bytes JMP 758c8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c6144a 2 bytes CALL 758248ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Windows\system32\PnkBstrA.exe[2816] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c614dd 2 bytes JMP 758c87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c614f5 2 bytes JMP 758c8978 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2816] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c6150d 2 bytes JMP 758c8698 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c61525 2 bytes JMP 758c8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c6153d 2 bytes JMP 7583fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2816] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c61555 2 bytes JMP 758468ef C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c6156d 2 bytes JMP 758c8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c61585 2 bytes JMP 758c8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2816] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c6159d 2 bytes JMP 758c865c C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c615b5 2 bytes JMP 7583fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c615cd 2 bytes JMP 7584b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c616b2 2 bytes JMP 758c8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c616bd 2 bytes JMP 758c85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4600] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c61401 2 bytes JMP 7584b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4600] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c61419 2 bytes JMP 7584b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c61431 2 bytes JMP 758c8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c6144a 2 bytes CALL 758248ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4600] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c614dd 2 bytes JMP 758c87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4600] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c614f5 2 bytes JMP 758c8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4600] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c6150d 2 bytes JMP 758c8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4600] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c61525 2 bytes JMP 758c8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4600] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c6153d 2 bytes JMP 7583fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4600] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c61555 2 bytes JMP 758468ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4600] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c6156d 2 bytes JMP 758c8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4600] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c61585 2 bytes JMP 758c8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4600] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c6159d 2 bytes JMP 758c865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4600] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c615b5 2 bytes JMP 7583fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4600] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c615cd 2 bytes JMP 7584b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4600] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c616b2 2 bytes JMP 758c8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[4600] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c616bd 2 bytes JMP 758c85f1 C:\Windows\syswow64\kernel32.dll
.text E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c61401 2 bytes JMP 7584b21b C:\Windows\syswow64\KERNEL32.dll
.text E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5736] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c61419 2 bytes JMP 7584b346 C:\Windows\syswow64\KERNEL32.dll
.text E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c61431 2 bytes JMP 758c8ea9 C:\Windows\syswow64\KERNEL32.dll
.text E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c6144a 2 bytes CALL 758248ad C:\Windows\syswow64\KERNEL32.dll
.text ... * 9
.text E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5736] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c614dd 2 bytes JMP 758c87a2 C:\Windows\syswow64\KERNEL32.dll
.text E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c614f5 2 bytes JMP 758c8978 C:\Windows\syswow64\KERNEL32.dll
.text E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5736] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c6150d 2 bytes JMP 758c8698 C:\Windows\syswow64\KERNEL32.dll
.text E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c61525 2 bytes JMP 758c8a62 C:\Windows\syswow64\KERNEL32.dll
.text E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c6153d 2 bytes JMP 7583fca8 C:\Windows\syswow64\KERNEL32.dll
.text E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5736] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c61555 2 bytes JMP 758468ef C:\Windows\syswow64\KERNEL32.dll
.text E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c6156d 2 bytes JMP 758c8f61 C:\Windows\syswow64\KERNEL32.dll
.text E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c61585 2 bytes JMP 758c8ac2 C:\Windows\syswow64\KERNEL32.dll
.text E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5736] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c6159d 2 bytes JMP 758c865c C:\Windows\syswow64\KERNEL32.dll
.text E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c615b5 2 bytes JMP 7583fd41 C:\Windows\syswow64\KERNEL32.dll
.text E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c615cd 2 bytes JMP 7584b2dc C:\Windows\syswow64\KERNEL32.dll
.text E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c616b2 2 bytes JMP 758c8e24 C:\Windows\syswow64\KERNEL32.dll
.text E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe[5736] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c616bd 2 bytes JMP 758c85f1 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Origin\Origin.exe[3780] C:\Windows\syswow64\kernel32.dll!CreateFileW 0000000075823f1c 5 bytes JMP 000000015e5d9970
.text C:\Program Files (x86)\Origin\Origin.exe[3780] C:\Windows\syswow64\USER32.dll!SetWindowPos 0000000074fb8e4e 5 bytes JMP 000000015e5d9120
.text C:\Program Files (x86)\Origin\Origin.exe[3780] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000074fc0dfb 5 bytes JMP 000000015e5d90b0
.text C:\Program Files (x86)\Origin\Origin.exe[3780] C:\Windows\syswow64\USER32.dll!SetFocus 0000000074fc2175 5 bytes JMP 000000015e5d9100
.text C:\Program Files (x86)\Origin\Origin.exe[3780] C:\Windows\syswow64\USER32.dll!SetActiveWindow 0000000074fc3208 5 bytes JMP 000000015e5d9170
.text C:\Program Files (x86)\Origin\Origin.exe[3780] C:\Windows\syswow64\USER32.dll!BringWindowToTop 0000000074fc7b3b 5 bytes JMP 000000015e5d9010
.text C:\Program Files (x86)\Origin\Origin.exe[3780] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 0000000074fdf170 5 bytes JMP 000000015e5d8fe0
.text C:\Program Files (x86)\Origin\Origin.exe[3780] C:\Windows\syswow64\USER32.dll!SwitchToThisWindow 0000000074ff90fc 5 bytes JMP 000000015e5d9040
.text C:\Program Files (x86)\Origin\Origin.exe[3780] C:\Windows\syswow64\USER32.dll!ShowWindowAsync 0000000075017d97 5 bytes JMP 000000015e5d9060
.text C:\Program Files (x86)\Origin\Origin.exe[3780] C:\Windows\syswow64\ole32.dll!DoDragDrop 000000007545a827 5 bytes JMP 000000015e5d8fc0
.text C:\Program Files (x86)\Origin\Origin.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076c61401 2 bytes JMP 7584b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Origin\Origin.exe[3780] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076c61419 2 bytes JMP 7584b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Origin\Origin.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076c61431 2 bytes JMP 758c8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Origin\Origin.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076c6144a 2 bytes CALL 758248ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Origin\Origin.exe[3780] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076c614dd 2 bytes JMP 758c87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Origin\Origin.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076c614f5 2 bytes JMP 758c8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Origin\Origin.exe[3780] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076c6150d 2 bytes JMP 758c8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Origin\Origin.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076c61525 2 bytes JMP 758c8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Origin\Origin.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076c6153d 2 bytes JMP 7583fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Origin\Origin.exe[3780] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076c61555 2 bytes JMP 758468ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Origin\Origin.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076c6156d 2 bytes JMP 758c8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Origin\Origin.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076c61585 2 bytes JMP 758c8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Origin\Origin.exe[3780] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076c6159d 2 bytes JMP 758c865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Origin\Origin.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076c615b5 2 bytes JMP 7583fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Origin\Origin.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076c615cd 2 bytes JMP 7584b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Origin\Origin.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076c616b2 2 bytes JMP 758c8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Origin\Origin.exe[3780] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076c616bd 2 bytes JMP 758c85f1 C:\Windows\syswow64\kernel32.dll
---- Processes - GMER 2.1 ----
Library C:\Users\KI\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1860] (Mediencenter Shell Icon Overlay Handler/Deutsche Telekom AG)(2013-10-01 12:56:44) 000007fef7b20000
Library C:\Users\KI\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.ContextMenuHandler.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [1860] (Mediencenter Shell Context Menu Handler/Deutsche Telekom AG)(2013-10-01 12:56:44) 000007fef23b0000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot@OfficeODC ???k?????j?k?k?k?k?k??????N??????|????D??????i?j?j?j?j?k????WPD??????k?k?k???k?k?k??????????????s????j?k?j???k?l?k???????????????????????????????e??sl??? ??????????????s????????????????????k???????????????????f???1??sI??? ???????j?????k?????j?.?????????????????????E???????????L??BR???k?k????? ???????k?????????????.????????b???????????{4d36e97d-e325-11ce-bfc1-08002be10318}???5??Microsoft-Systemverwaltungs-BIOS-Treiber???????k?&??ms_agilevpnminiport??V???????j???e??ap??? *??k?????????Win??@netrasa.inf,%msft%;Microsoft???{4d36e972-e325-11ce-bfc1-08002be10318}\0001?\W????X??k??????????????????oem33.inf????????i???????????????????????????????????????????????????n???2??????????????????{4d36e972-e325-11ce-bfc1-08002be10318}???????????????5??????????????????MS???????????????????????k?k?3??{4d36e972-e325-11ce-bfc1-08002be10318}\0008??????????g??????s????????????k???k?k????? ??????????????x????????????????e???k???k???????????k???l?l??????<??k?????g?????k??? ???????j?????k?????j?.?????????????????????_????X??k?????????
Reg HKLM\SYSTEM\ControlSet002\Control\BackupRestore\FilesNotToSnapshot@OfficeODC ???T?.???.??{00000000-0000-0000-ffff-ffffffffffff}??????? ???????-???????????-?,??????$????????????????-????? ???-?????????-???????????????????????????????????????????????????????????????????????????????? ???????? ???????,?????-???????.????????????????????? ???????-?????8???????.??"?????f??????????0???????-???????? ???????????????? ???????-???????????-?.??????"?h????????f???.?.?????.??? ???????.???????????.?,??????$?????????????????????????????????????????????? (??-?????????-????????????????????????????? ???????-?????:???????.??"?????v???????????Microsoft????????.???-???????r??????????????P?????N??-???-??????????{00000000-0000-0000-ffff-ffffffffffff}?????????.???????-????? ???????-???????????.?,??????$???????????????sr???????.?????.??????0???????????????? ???????-???????????.?.??????"?H????????f????H??- ???????????r?is??H???????????????????????????????????????? .??.???????????????.???? .#????????????R?????????????.?=???.??? ???????-?????-?????-?,????????&???=???????????????????????????????}????.??ACPI\INT3F0
---- EOF - GMER 2.1 ----
|
|
29.10.2014, 08:16
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7 64bit: SmartSaver 15 eingefangen. Logs bereits erstellt. MBAM updaten, scannen, funde löschen. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.10.2014, 19:46
| #9 |
| | Windows 7 64bit: SmartSaver 15 eingefangen. Logs bereits erstellt. Danke für die Hilfe zu aller erst. :-) MBAM hat nichts neues mehr ergeben. Folgend nun txt´s von - AdwCleaner - Junkwear Removal Tool - FRST ( Addition + FRST) AdwCleaner Code:
ATTFilter # AdwCleaner v4.002 - Bericht erstellt am 29/10/2014 um 19:22:50
# DB v2014-10-26.6
# Aktualisiert 27/10/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : KI - KI-PC
# Gestartet von : C:\Users\KI\Divers\Desktop\AdwCleaner_4.002.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\KI\AppData\Roaming\Advanced System Protector
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Users\KI\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\KI\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\KI\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Ordner Gelöscht : C:\Users\KI\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
[!] Ordner Gelöscht : C:\Users\KI\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Datei Gelöscht : C:\Users\KI\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\KI\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Tasks ] *****
Task Gelöscht : RocketTab Update Task
Task Gelöscht : RocketTab
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v33.0 (x86 de)
-\\ Google Chrome v38.0.2125.111
*************************
AdwCleaner[R0].txt - [6725 octets] - [29/10/2014 19:20:44]
AdwCleaner[S0].txt - [6219 octets] - [29/10/2014 19:22:50]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6279 octets] ##########
Junkwear Removal Tool Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Home Premium x64
Ran by KI on 29.10.2014 at 19:30:07,33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\KI\AppData\Roaming\mozilla\firefox\profiles\w9tklx3l.default\prefs.js
user_pref("extensions.atylerkeith11aolcom61796.61796.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22d
Emptied folder: C:\Users\KI\AppData\Roaming\mozilla\firefox\profiles\w9tklx3l.default\minidumps [77 files]
~~~ Chrome
Successfully deleted: [Folder] C:\Users\KI\appdata\local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.10.2014 at 19:32:55,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-10-2014 01
Ran by KI at 2014-10-29 19:37:31
Running from E:\Arbeitsprogramme\Downloads\Remover Tools\Farbar
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton 360 Online (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 Online (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Online (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Lens Profile Downloader (HKLM-x32\...\AdobeLensProfileDownloader) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.3.2.15221 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
Brother MFL-Pro Suite MFC-7225N (HKLM-x32\...\{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
devolo Cockpit (HKLM-x32\...\dlancockpit) (Version: 4.2.1.0 - devolo AG)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free YouTube Download version 3.2.17.1125 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.17.1125 - DVDVideoSoft Ltd.)
FreeFileSync 6.6 (HKLM-x32\...\FreeFileSync) (Version: 6.6 - Zenju)
Freemake Video Converter Version 4.1.2 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.2 - Ellora Assets Corporation)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GML Matting 0.3 (HKLM-x32\...\GML Matting_is1) (Version: 0.3 - GML Computer Vision Group)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar North)
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version: - Rockstar North / Toronto)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.13.0.003 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.24.5 - HTC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.52.1176 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mediencenter 3.9.1055.64 (HKCU\...\Mediencenter) (Version: 3.9.1055.64 - Deutsche Telekom AG)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{F7930EE9-0929-439D-A57B-D40C2C69C890}) (Version: 6.3.9723.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 33.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 de)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSI Live Update (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.0.006 - MSI)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7069 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.)
Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.6 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.1.0 - Samsung Electronics)
Secure Eraser (HKLM-x32\...\Secure Eraser_is1) (Version: 4.2.0.1 - ASCOMP Software GmbH)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
SketchUp 2014 (HKLM-x32\...\{9E620BD5-AEEC-492D-9065-D71FCD4C52F1}) (Version: 14.1.1282 - Trimble Navigation Limited)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.31 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
VideoGenie (HKLM-x32\...\{FC54FD8D-789C-406D-BB88-F7C4421B7E83}_is1) (Version: 1.0.0.12 - MSI)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
virtualPhotographer 1.5.6 (HKLM-x32\...\virtualPhotographer_is1) (Version: - optikVerve Labs)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4212900307-3805612920-3004824622-1000_Classes\CLSID\{268502F4-815D-4358-A8D6-B783FDB58EF0}\InprocServer32 -> C:\Users\KI\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.ContextMenuHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-4212900307-3805612920-3004824622-1000_Classes\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}\InprocServer32 -> C:\Users\KI\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-4212900307-3805612920-3004824622-1000_Classes\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}\InprocServer32 -> C:\Users\KI\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
CustomCLSID: HKU\S-1-5-21-4212900307-3805612920-3004824622-1000_Classes\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}\InprocServer32 -> C:\Users\KI\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {107B6BA2-B5EE-4C38-BED0-6318EDC0DDD5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: {16683886-7715-4740-A1D6-557EABF916A9} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {55DA122D-B5DD-44CD-BF79-F53F82AD0EEF} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {6F2A7823-6A56-4985-AC6F-691AB64C40C2} - System32\Tasks\CRAZB => C:\Users\KI\AppData\Roaming\CRAZB.exe <==== ATTENTION
Task: {AFD136DB-A9DA-4E5F-AF4A-000C5DC3E4E6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)
Task: {C2797D0C-BCA0-48DA-B398-7B19B5253A00} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-11] (Adobe Systems Incorporated)
Task: {CFB23E1E-96BB-4973-9F65-36AB7E2770B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-04] (Google Inc.)
Task: {D39B856F-1667-4113-AD18-7E02F2C00DF3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-04] (Google Inc.)
Task: {E09BB99D-378C-467D-970A-364B1587D1EB} - System32\Tasks\QVEOKK => C:\Users\KI\AppData\Roaming\QVEOKK.exe <==== ATTENTION
Task: {E4803C04-B78B-414B-801F-7E4B5DA1D233} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: {E639A937-EB09-41BA-9C09-F215337F9E63} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {E9157649-F629-4E3E-8A2C-6D1797FC9E46} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CRAZB.job => C:\Users\KI\AppData\Roaming\CRAZB.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\QVEOKK.job => C:\Users\KI\AppData\Roaming\QVEOKK.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2013-12-04 19:41 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-14 20:21 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-12-22 12:48 - 2012-09-07 16:57 - 00559424 _____ () E:\Arbeitsprogramme\Secure Eraser\SecEraser64.dll
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-08-06 13:42 - 2014-08-06 13:42 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2014-07-26 20:54 - 2014-09-17 12:28 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2013-12-23 12:28 - 2005-04-22 13:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2014-08-06 13:40 - 2014-08-06 13:40 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-08-06 13:41 - 2014-08-06 13:41 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-08-06 13:41 - 2014-08-06 13:41 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-08-06 13:41 - 2014-08-06 13:41 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-08-06 13:42 - 2014-08-06 13:42 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-08-06 13:44 - 2014-08-06 13:44 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-08-06 13:46 - 2014-08-06 13:46 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2013-12-23 12:28 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 01135616 _____ () E:\Samsung\AllShare\AllShareDMS\AllShareDMSWrap.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00656896 _____ () E:\Samsung\AllShare\AllShareDMS\ContentDirectoryPresenter.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00105472 _____ () E:\Samsung\AllShare\AllShareDMS\DCMCDP.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00098816 _____ () E:\Samsung\AllShare\AllShareDMS\FolderCDP.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00077312 _____ () E:\Samsung\AllShare\AllShareDMS\MetadataFramework.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00520234 _____ () E:\Samsung\AllShare\AllShareDMS\sqlite3.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00450560 _____ () E:\Samsung\AllShare\AllShareDMS\MoodExtractor.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 05717504 _____ () E:\Samsung\AllShare\AllShareDMS\DCMImgExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00029184 _____ () E:\Samsung\AllShare\AllShareDMS\AutoChaptering.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00147456 _____ () E:\Samsung\AllShare\AllShareDMS\libexpat.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00012288 _____ () E:\Samsung\AllShare\AllShareDMS\VideoThumb.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 04671488 _____ () E:\Samsung\AllShare\AllShareDMS\avcodec-52.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00070656 _____ () E:\Samsung\AllShare\AllShareDMS\avutil-50.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00686080 _____ () E:\Samsung\AllShare\AllShareDMS\avformat-52.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00152064 _____ () E:\Samsung\AllShare\AllShareDMS\swscale-0.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00027648 _____ () E:\Samsung\AllShare\AllShareDMS\AudioExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00063488 _____ () E:\Samsung\AllShare\AllShareDMS\ID3Driver.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00366592 _____ () E:\Samsung\AllShare\AllShareDMS\tag.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00289792 _____ () E:\Samsung\AllShare\AllShareDMS\libThumbnail.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00023040 _____ () E:\Samsung\AllShare\AllShareDMS\RichInfoDriver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00017920 _____ () E:\Samsung\AllShare\AllShareDMS\VideoExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00017920 _____ () E:\Samsung\AllShare\AllShareDMS\ThumbnailMaker.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00133120 _____ () E:\Samsung\AllShare\AllShareDMS\VideoMetadataDriver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00290304 _____ () E:\Samsung\AllShare\AllShareDMS\libKeyFrame.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00024064 _____ () E:\Samsung\AllShare\AllShareDMS\SECMetaDriver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00012288 _____ () E:\Samsung\AllShare\AllShareDMS\ImageExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00024064 _____ () E:\Samsung\AllShare\AllShareDMS\photoDriver.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00399826 _____ () E:\Samsung\AllShare\AllShareDMS\libexif-12.dll.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00013824 _____ () E:\Samsung\AllShare\AllShareDMS\TextExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00031232 _____ () E:\Samsung\AllShare\AllShareDMS\Autobackup.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00054784 _____ () E:\Samsung\AllShare\AllShareDMS\RosettaAllShare.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00044032 _____ () E:\Samsung\AllShare\AllShareDMS\us.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^KI^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mediencenter.lnk => C:\Windows\pss\Mediencenter.lnk.Startup
MSCONFIG\startupfolder: C:^Users^KI^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Magician.lnk => C:\Windows\pss\Samsung Magician.lnk.Startup
MSCONFIG\startupreg: AllShareAgent => E:\Samsung\AllShare\AllShareAgent.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DNS7reminder => "E:\Neuer Ordner\Diktat\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
MSCONFIG\startupreg: Live Update => E:\Arbeitsprogramme\Live Update\StartLiveUpdate.exe /REMINDER
MSCONFIG\startupreg: Live Update 5 => E:\Arbeitsprogramme\Live Update 5\BootStartLiveupdate.exe /reminder
MSCONFIG\startupreg: PMBVolumeWatcher => E:\Arbeitsprogramme\Sony A58\PMBVolumeWatcher.exe
MSCONFIG\startupreg: QuickTime Task => "E:\Arbeitsprogramme\QT\QTTask.exe" -atboottime
========================= Accounts: ==========================
Administrator (S-1-5-21-4212900307-3805612920-3004824622-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-4212900307-3805612920-3004824622-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4212900307-3805612920-3004824622-1002 - Limited - Enabled)
KI (S-1-5-21-4212900307-3805612920-3004824622-1000 - Administrator - Enabled) => C:\Users\KI
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz
Percentage of memory in use: 20%
Total physical RAM: 8163.19 MB
Available physical RAM: 6502.5 MB
Total Pagefile: 8261.37 MB
Available Pagefile: 6527.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:390.02 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Volume) (Fixed) (Total:465.76 GB) (Free:278.42 GB) NTFS
Drive f: () (Fixed) (Total:55.8 GB) (Free:54.93 GB) NTFS
Drive i: (My Passport) (Fixed) (Total:931.48 GB) (Free:231.85 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 90B894D9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 3651B604)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=42)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: 5391DA19)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00023F15)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-10-2014 01 Ran by KI (administrator) on KI-PC on 29-10-2014 19:37:12 Running from E:\Arbeitsprogramme\Downloads\Remover Tools\Farbar Loaded Profile: KI (Available profiles: KI & Administrator) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Micro-Star International) E:\Arbeitsprogramme\Live Update\MSI_LiveUpdate_Service.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe () C:\Windows\System32\PnkBstrA.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Elaborate Bytes AG) E:\Arbeitsprogramme\VirtualCloneDrive\VCDDaemon.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe (Samsung Electronics Co., Ltd.) E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506136 2013-12-06] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [VirtualCloneDrive] => E:\Arbeitsprogramme\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKU\S-1-5-21-4212900307-3805612920-3004824622-1000\...\MountPoints2: J - J:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-4212900307-3805612920-3004824622-1000\...\MountPoints2: {7560e93b-2b62-11e4-aacf-6c626d41abc3} - I:\DPFMate.exe HKU\S-1-5-21-4212900307-3805612920-3004824622-1000\...\MountPoints2: {bbd4c9ab-6dba-11e3-a6f9-6c626d41abc3} - H:\start.exe HKU\S-1-5-21-4212900307-3805612920-3004824622-1000\...\MountPoints2: {ce815852-5818-11e4-aba3-6c626d41abc3} - J:\HTC_Sync_Manager_PC.exe HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-12-04] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [01Mediencenter_InSync] -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\KI\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG) ShellIconOverlayIdentifiers: [02Mediencenter_ToSync] -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\KI\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG) ShellIconOverlayIdentifiers: [03Mediencenter_Failed] -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\KI\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG) ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: http=127.0.0.1:49201;https=127.0.0.1:49201 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x74F7A64E24F1CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default FF Homepage: www.google.de FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.1 -> E:\Arbeitsprogramme\VCL\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: WOT - C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-04-15] FF Extension: NoScript - C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-09] FF Extension: BetterPrivacy - C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-01-11] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn [2014-10-29] FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake Converter\Freemake Video Converter\BrowserPlugin\Firefox FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake Converter\Freemake Video Converter\BrowserPlugin\Firefox [2014-01-01] FF Extension: No Name - fmconverter@gmail.com [Not Found] FF Extension: No Name - {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} [Not Found] Chrome: ======= CHR DefaultSuggestURL: Default -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff CHR Profile: C:\Users\KI\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\KI\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-16] CHR Extension: (Regentropfen(Non-Aero)) - C:\Users\KI\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpagcfbbmlebfnkeogkigellbgmfkjfg [2014-09-29] CHR Extension: (Norton Identity Safe) - C:\Users\KI\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-15] CHR Extension: (Norton Safe) - C:\Users\KI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2014-09-20] CHR Extension: (Google Wallet) - C:\Users\KI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-05] CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-06] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-02-24] (BitRaider, LLC) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation) R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3611128 2014-02-11] (devolo AG) R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 MSI_LiveUpdate_Service; E:\Arbeitsprogramme\Live Update\MSI_LiveUpdate_Service.exe [84432 2014-07-01] (Micro-Star International) R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-09-17] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-09-16] () R2 SamsungAllShareV2.0; E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [25504 2012-03-02] (Samsung Electronics Co., Ltd.) S3 SimpleSlideShowServer; E:\Samsung\AllShare\AllShareSlideShowService.exe [27584 2012-03-02] (Samsung Electronics Co., Ltd.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\BASHDefs\20141024.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-11] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-11] (Symantec Corporation) S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated) R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\IPSDefs\20141028.001\IDSvia64.sys [633560 2014-08-28] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-29] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20141028.025\ENG64.SYS [129752 2014-10-09] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20141028.025\EX64.SYS [2137304 2014-10-09] (Symantec Corporation) R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2014-02-11] (CACE Technologies) S3 NTIOLib_1_0_4; E:\Arbeitsprogramme\Live Update\NTIOLib_X64.sys [14136 2010-10-22] (MSI) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-04] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-29 19:30 - 2014-10-29 19:30 - 00000000 ____D () C:\Windows\ERUNT 2014-10-29 19:19 - 2014-10-29 19:22 - 00000000 ____D () C:\AdwCleaner 2014-10-28 09:50 - 2014-10-29 19:35 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-28 09:50 - 2014-10-28 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-10-28 09:50 - 2014-10-28 09:50 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-28 09:50 - 2014-10-28 09:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-10-28 09:50 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-28 09:50 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-28 09:50 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-28 09:16 - 2014-10-29 19:37 - 00000000 ____D () C:\FRST 2014-10-28 09:09 - 2014-10-28 09:09 - 00000000 _____ () C:\Users\KI\defogger_reenable 2014-10-27 09:04 - 2014-10-29 19:35 - 00001326 _____ () C:\Windows\Tasks\QVEOKK.job 2014-10-27 09:04 - 2014-10-29 19:35 - 00001324 _____ () C:\Windows\Tasks\CRAZB.job 2014-10-27 09:04 - 2014-10-27 09:04 - 00004340 _____ () C:\Windows\System32\Tasks\QVEOKK 2014-10-27 09:04 - 2014-10-27 09:04 - 00004338 _____ () C:\Windows\System32\Tasks\CRAZB 2014-10-27 09:04 - 2014-10-27 09:04 - 00000000 ____D () C:\Users\KI\AppData\Roaming\Shark007 2014-10-27 09:04 - 2014-06-05 11:00 - 02050560 _____ (xy-VSFilter Team) C:\Windows\system32\VSFilter.dll 2014-10-27 09:04 - 2013-04-05 21:27 - 02231296 _____ () C:\Windows\system32\ac3filter.acm.new 2014-10-27 09:04 - 2013-04-05 21:27 - 02231296 _____ () C:\Windows\system32\ac3filter.acm 2014-10-27 09:04 - 2013-03-17 10:22 - 03554304 _____ (x264vfw project) C:\Windows\system32\x264vfw.dll 2014-10-27 09:04 - 2012-07-21 12:55 - 00180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm 2014-10-27 09:04 - 2012-07-21 12:54 - 00361472 _____ (fccHandler) C:\Windows\system32\aacacm.acm 2014-10-27 09:04 - 2012-07-17 15:21 - 00206336 _____ () C:\Windows\system32\unrar64.dll 2014-10-27 09:04 - 2011-12-07 20:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll 2014-10-27 09:04 - 2009-08-11 18:22 - 00580096 _____ () C:\Windows\system32\ac3filter.acm.old 2014-10-27 09:04 - 2009-01-22 22:51 - 00124909 _____ (Open Source Software community project) C:\Windows\system32\pthreadGC2.dll 2014-10-27 09:04 - 2007-02-05 17:05 - 00000038 _____ () C:\Windows\AviSplitter.INI 2014-10-27 08:27 - 2014-10-27 08:38 - 00000000 ____D () C:\Users\KI\AppData\Roaming\HTC 2014-10-27 08:26 - 2014-10-29 19:35 - 00000000 ____D () C:\Users\KI\AppData\Local\HTC MediaHub 2014-10-27 08:26 - 2014-10-27 08:27 - 00000000 ____D () C:\Users\KI\Divers\Documents\HTC 2014-10-27 08:26 - 2014-10-27 08:26 - 00002031 _____ () C:\Users\Public\Desktop\HTC Sync Manager.lnk 2014-10-27 08:26 - 2014-10-27 08:26 - 00000000 ____D () C:\Users\KI\AppData\Local\Apple Computer 2014-10-27 08:26 - 2014-10-27 08:26 - 00000000 ____D () C:\Users\KI\.android 2014-10-27 08:25 - 2014-10-27 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC 2014-10-27 08:25 - 2014-10-27 08:25 - 00000000 ____D () C:\Program Files (x86)\Spirent Communications 2014-10-27 08:23 - 2014-10-27 08:26 - 00000000 ____D () C:\Program Files (x86)\HTC 2014-10-27 08:23 - 2014-10-27 08:25 - 00027040 _____ () C:\Windows\DPINST.LOG 2014-10-27 08:23 - 2014-10-27 08:23 - 00000000 ____D () C:\ProgramData\HTC 2014-10-21 06:24 - 2014-10-21 06:24 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-10-21 06:24 - 2014-10-21 06:24 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-10-21 06:24 - 2014-10-21 06:24 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-10-21 06:24 - 2014-10-21 06:24 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-10-21 06:24 - 2014-10-21 06:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-10-21 06:24 - 2014-10-21 06:24 - 00000000 ____D () C:\Program Files (x86)\Java 2014-10-15 08:17 - 2014-10-15 08:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-15 07:18 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-15 07:18 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-15 07:18 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-15 07:18 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-15 07:18 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-15 07:18 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-15 07:18 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-15 07:18 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-15 07:18 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-15 07:18 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-15 07:18 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-15 07:18 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-15 07:18 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-15 07:18 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-15 07:18 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-15 07:18 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-15 07:18 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-15 07:18 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-15 07:18 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-15 07:18 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-15 07:18 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-15 07:18 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-15 07:18 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-15 07:18 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-15 07:18 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-15 07:18 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-15 07:18 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-15 07:18 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-15 07:18 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-10-15 07:18 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-15 07:18 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-15 07:18 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-15 07:18 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-15 07:18 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-10-15 07:18 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-15 07:18 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-15 07:18 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-15 07:18 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-15 07:18 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-15 07:18 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-10-15 07:18 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-10-15 07:18 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-10-15 07:18 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-10-15 07:18 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-10-15 07:18 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-15 07:18 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-15 07:18 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-15 07:18 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-15 07:18 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-15 07:18 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-10-15 07:18 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-15 07:18 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-15 07:18 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-15 07:18 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-15 07:18 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-15 07:18 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-15 07:18 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-15 07:18 - 2014-08-19 04:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2014-10-15 07:18 - 2014-08-19 04:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2014-10-15 07:18 - 2014-08-19 04:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2014-10-15 07:18 - 2014-08-19 04:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2014-10-15 07:18 - 2014-08-19 04:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2014-10-15 07:18 - 2014-08-19 04:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2014-10-15 07:18 - 2014-08-19 04:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2014-10-15 07:18 - 2014-08-19 04:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2014-10-15 07:18 - 2014-08-19 04:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2014-10-15 07:18 - 2014-08-19 04:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2014-10-15 07:18 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2014-10-15 07:18 - 2014-08-19 03:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2014-10-15 07:18 - 2014-08-19 03:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2014-10-15 07:18 - 2014-07-07 03:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-10-15 07:18 - 2014-07-07 03:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2014-10-15 07:18 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-10-15 07:18 - 2014-07-07 03:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2014-10-15 07:18 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-10-15 07:18 - 2014-07-07 03:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2014-10-15 07:18 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2014-10-15 07:18 - 2014-07-07 03:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-10-15 07:18 - 2014-07-07 03:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2014-10-15 07:18 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2014-10-15 07:18 - 2014-07-07 02:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2014-10-15 07:18 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2014-10-15 07:18 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2014-10-15 07:18 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2014-10-15 07:18 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-10-15 07:18 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-10-15 07:18 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2014-10-15 07:18 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2014-10-15 07:18 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2014-10-15 07:18 - 2014-06-28 01:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2014-10-15 07:18 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2014-10-15 07:18 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2014-10-15 07:18 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-15 07:18 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-15 07:18 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-15 07:18 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-15 07:18 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-15 07:18 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-15 07:17 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-15 07:17 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-15 07:17 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-15 07:17 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-15 07:17 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-15 07:17 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-15 07:17 - 2014-08-29 03:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-15 07:17 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-10-15 07:17 - 2014-08-29 03:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2014-10-15 07:17 - 2014-08-29 03:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-10-15 07:17 - 2014-08-29 03:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-10-15 07:17 - 2014-08-29 02:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-15 07:17 - 2014-08-29 02:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-10-15 07:17 - 2014-08-29 02:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2014-10-15 07:17 - 2014-08-29 02:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2014-10-15 07:17 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-15 07:17 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-15 07:17 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-15 07:17 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-15 07:17 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-15 07:17 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-15 07:17 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-15 07:17 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-10-15 07:17 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-10-15 07:17 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-15 07:17 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-08 06:07 - 2014-10-29 19:23 - 00115834 _____ () C:\Windows\PFRO.log 2014-10-06 14:31 - 2014-10-06 14:31 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360 2014-10-01 11:43 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-10-01 11:43 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-09-30 11:34 - 2014-10-29 19:35 - 00014574 _____ () C:\Windows\setupact.log 2014-09-30 11:34 - 2014-09-30 11:34 - 00000000 _____ () C:\Windows\setuperr.log 2014-09-29 12:42 - 2014-09-29 12:42 - 00004506 _____ () C:\Users\KI\Divers\Documents\cc_20140929_134244.reg ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-29 19:35 - 2013-12-04 21:00 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-29 19:35 - 2013-12-04 19:41 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-10-29 19:35 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-29 19:34 - 2013-12-04 18:18 - 01525965 _____ () C:\Windows\WindowsUpdate.log 2014-10-29 19:31 - 2009-07-14 05:45 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-29 19:31 - 2009-07-14 05:45 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-29 19:30 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat 2014-10-29 19:30 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat 2014-10-29 19:30 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-28 22:42 - 2013-12-04 21:00 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-28 21:55 - 2013-12-04 20:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-28 18:43 - 2013-12-05 10:00 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-10-28 15:13 - 2013-12-05 00:29 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-10-28 15:13 - 2013-12-05 00:29 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2014-10-28 14:27 - 2014-09-16 19:09 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-10-28 14:27 - 2013-12-04 22:08 - 00000000 ____D () C:\ProgramData\Origin 2014-10-28 09:09 - 2013-12-04 18:18 - 00000000 ____D () C:\Users\KI 2014-10-28 08:32 - 2009-07-14 05:45 - 00437520 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-27 09:08 - 2013-12-20 10:18 - 00000000 ____D () C:\Users\KI\AppData\Roaming\vlc 2014-10-27 09:04 - 2013-12-05 10:45 - 00000000 ____D () C:\Users\KI\AppData\Local\CrashDumps 2014-10-27 08:27 - 2013-12-04 20:42 - 00111832 _____ () C:\Users\KI\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-27 08:26 - 2014-06-24 09:53 - 00000000 ____D () C:\Users\KI\AppData\Roaming\Apple Computer 2014-10-27 08:23 - 2014-09-05 19:11 - 00000000 ____D () C:\Temp 2014-10-27 08:23 - 2014-01-12 16:33 - 00000000 ____D () C:\Users\KI\AppData\Local\Downloaded Installations 2014-10-26 09:11 - 2013-12-04 21:59 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-10-23 11:37 - 2013-12-04 21:00 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-23 11:37 - 2013-12-04 21:00 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-21 06:24 - 2014-06-04 16:24 - 00000000 ____D () C:\ProgramData\Oracle 2014-10-16 08:04 - 2013-12-04 20:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-10-15 13:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-10-15 10:32 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-15 10:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-10-15 10:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-10-15 08:58 - 2013-12-04 20:31 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-15 08:56 - 2013-12-04 20:31 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-06 14:31 - 2013-12-04 20:23 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration 2014-10-06 14:31 - 2013-12-04 20:23 - 00002319 _____ () C:\Users\Public\Desktop\Norton 360.lnk 2014-10-06 14:31 - 2013-12-04 20:23 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 2014-10-06 14:31 - 2013-12-04 20:23 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64 Some content of TEMP: ==================== C:\Users\KI\AppData\Local\Temp\Quarantine.exe C:\Users\KI\AppData\Local\Temp\sqlite3.dll C:\Users\KI\AppData\Local\Temp\System.Data.SQLite.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-26 09:22 ==================== End Of Log ============================ --- --- --- --- --- --- Danke nochmal´s. |
|
30.10.2014, 15:50
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7 64bit: SmartSaver 15 eingefangen. Logs bereits erstellt.ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
31.10.2014, 10:25
| #11 |
| | Windows 7 64bit: SmartSaver 15 eingefangen. Logs bereits erstellt. Anbei die Logs. ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=7aba11cd947d2d47aaf48656bce3f3b1
# engine=20864
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-10-31 08:56:54
# local_time=2014-10-31 09:56:54 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Norton 360'
# compatibility_mode=3598 16777213 100 100 1392749 165408310 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 28350450 166375664 0 0
# scanned=307173
# found=2
# cleaned=0
# scan_time=5387
sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\KI\AppData\Roaming\CRAZB"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\KI\AppData\Roaming\QVEOKK"
Checkup Code:
ATTFilter Results of screen317's Security Check version 0.99.89 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Norton 360 Online WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 71 Java version out of Date! Adobe Flash Player 15.0.0.152 Adobe Reader XI Mozilla Firefox (33.0) Google Chrome 38.0.2125.104 Google Chrome 38.0.2125.111 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-10-2014 01 Ran by KI (administrator) on KI-PC on 31-10-2014 10:16:51 Running from E:\Arbeitsprogramme\Downloads\Remover Tools\Farbar Loaded Profile: KI (Available profiles: KI & Administrator) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Micro-Star International) E:\Arbeitsprogramme\Live Update\MSI_LiveUpdate_Service.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () C:\Windows\System32\PnkBstrA.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Elaborate Bytes AG) E:\Arbeitsprogramme\VirtualCloneDrive\VCDDaemon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Samsung Electronics Co., Ltd.) E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506136 2013-12-06] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [VirtualCloneDrive] => E:\Arbeitsprogramme\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKU\S-1-5-21-4212900307-3805612920-3004824622-1000\...\MountPoints2: J - J:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-4212900307-3805612920-3004824622-1000\...\MountPoints2: {7560e93b-2b62-11e4-aacf-6c626d41abc3} - I:\DPFMate.exe HKU\S-1-5-21-4212900307-3805612920-3004824622-1000\...\MountPoints2: {bbd4c9ab-6dba-11e3-a6f9-6c626d41abc3} - H:\start.exe HKU\S-1-5-21-4212900307-3805612920-3004824622-1000\...\MountPoints2: {ce815852-5818-11e4-aba3-6c626d41abc3} - J:\HTC_Sync_Manager_PC.exe HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-12-04] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [01Mediencenter_InSync] -> {77BC4082-DB5F-439A-8DC8-F9E24A63B0DE} => C:\Users\KI\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG) ShellIconOverlayIdentifiers: [02Mediencenter_ToSync] -> {528EE335-5034-4EFC-834E-63E5F02D2BC2} => C:\Users\KI\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG) ShellIconOverlayIdentifiers: [03Mediencenter_Failed] -> {6066ADF0-9EB0-43E5-ADB6-990F5A3B979C} => C:\Users\KI\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll (Deutsche Telekom AG) ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: http=127.0.0.1:49201;https=127.0.0.1:49201 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x74F7A64E24F1CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default FF Homepage: www.google.de FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.1 -> E:\Arbeitsprogramme\VCL\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: WOT - C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-04-15] FF Extension: NoScript - C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-09] FF Extension: BetterPrivacy - C:\Users\KI\AppData\Roaming\Mozilla\Firefox\Profiles\w9tklx3l.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-01-11] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn [2014-10-29] FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake Converter\Freemake Video Converter\BrowserPlugin\Firefox FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake Converter\Freemake Video Converter\BrowserPlugin\Firefox [2014-01-01] FF Extension: No Name - fmconverter@gmail.com [Not Found] FF Extension: No Name - {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} [Not Found] Chrome: ======= CHR DefaultSuggestURL: Default -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff CHR Profile: C:\Users\KI\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\KI\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-16] CHR Extension: (Regentropfen(Non-Aero)) - C:\Users\KI\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpagcfbbmlebfnkeogkigellbgmfkjfg [2014-09-29] CHR Extension: (Norton Identity Safe) - C:\Users\KI\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-15] CHR Extension: (Norton Safe) - C:\Users\KI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2014-09-20] CHR Extension: (Google Wallet) - C:\Users\KI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-05] CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-06] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-02-24] (BitRaider, LLC) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation) R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3611128 2014-02-11] (devolo AG) R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 MSI_LiveUpdate_Service; E:\Arbeitsprogramme\Live Update\MSI_LiveUpdate_Service.exe [84432 2014-07-01] (Micro-Star International) R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-09-17] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-09-16] () R2 SamsungAllShareV2.0; E:\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [25504 2012-03-02] (Samsung Electronics Co., Ltd.) S3 SimpleSlideShowServer; E:\Samsung\AllShare\AllShareSlideShowService.exe [27584 2012-03-02] (Samsung Electronics Co., Ltd.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\BASHDefs\20141024.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-11] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-11] (Symantec Corporation) S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated) R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\IPSDefs\20141030.001\IDSvia64.sys [633560 2014-08-28] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-31] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20141030.019\ENG64.SYS [129752 2014-10-09] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20141030.019\EX64.SYS [2137304 2014-10-09] (Symantec Corporation) R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2014-02-11] (CACE Technologies) S3 NTIOLib_1_0_4; E:\Arbeitsprogramme\Live Update\NTIOLib_X64.sys [14136 2010-10-22] (MSI) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-04] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-29 19:30 - 2014-10-29 19:30 - 00000000 ____D () C:\Windows\ERUNT 2014-10-29 19:19 - 2014-10-29 19:22 - 00000000 ____D () C:\AdwCleaner 2014-10-28 09:50 - 2014-10-31 08:19 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-28 09:50 - 2014-10-28 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-10-28 09:50 - 2014-10-28 09:50 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-28 09:50 - 2014-10-28 09:50 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-10-28 09:50 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-28 09:50 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-28 09:50 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-28 09:16 - 2014-10-31 10:16 - 00000000 ____D () C:\FRST 2014-10-28 09:09 - 2014-10-28 09:09 - 00000000 _____ () C:\Users\KI\defogger_reenable 2014-10-27 09:04 - 2014-10-31 09:04 - 00001326 _____ () C:\Windows\Tasks\QVEOKK.job 2014-10-27 09:04 - 2014-10-31 09:04 - 00001324 _____ () C:\Windows\Tasks\CRAZB.job 2014-10-27 09:04 - 2014-10-27 09:04 - 00004340 _____ () C:\Windows\System32\Tasks\QVEOKK 2014-10-27 09:04 - 2014-10-27 09:04 - 00004338 _____ () C:\Windows\System32\Tasks\CRAZB 2014-10-27 09:04 - 2014-10-27 09:04 - 00000000 ____D () C:\Users\KI\AppData\Roaming\Shark007 2014-10-27 09:04 - 2014-06-05 11:00 - 02050560 _____ (xy-VSFilter Team) C:\Windows\system32\VSFilter.dll 2014-10-27 09:04 - 2013-04-05 21:27 - 02231296 _____ () C:\Windows\system32\ac3filter.acm.new 2014-10-27 09:04 - 2013-04-05 21:27 - 02231296 _____ () C:\Windows\system32\ac3filter.acm 2014-10-27 09:04 - 2013-03-17 10:22 - 03554304 _____ (x264vfw project) C:\Windows\system32\x264vfw.dll 2014-10-27 09:04 - 2012-07-21 12:55 - 00180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm 2014-10-27 09:04 - 2012-07-21 12:54 - 00361472 _____ (fccHandler) C:\Windows\system32\aacacm.acm 2014-10-27 09:04 - 2012-07-17 15:21 - 00206336 _____ () C:\Windows\system32\unrar64.dll 2014-10-27 09:04 - 2011-12-07 20:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll 2014-10-27 09:04 - 2009-08-11 18:22 - 00580096 _____ () C:\Windows\system32\ac3filter.acm.old 2014-10-27 09:04 - 2009-01-22 22:51 - 00124909 _____ (Open Source Software community project) C:\Windows\system32\pthreadGC2.dll 2014-10-27 09:04 - 2007-02-05 17:05 - 00000038 _____ () C:\Windows\AviSplitter.INI 2014-10-27 08:27 - 2014-10-27 08:38 - 00000000 ____D () C:\Users\KI\AppData\Roaming\HTC 2014-10-27 08:26 - 2014-10-31 08:19 - 00000000 ____D () C:\Users\KI\AppData\Local\HTC MediaHub 2014-10-27 08:26 - 2014-10-27 08:27 - 00000000 ____D () C:\Users\KI\Divers\Documents\HTC 2014-10-27 08:26 - 2014-10-27 08:26 - 00002031 _____ () C:\Users\Public\Desktop\HTC Sync Manager.lnk 2014-10-27 08:26 - 2014-10-27 08:26 - 00000000 ____D () C:\Users\KI\AppData\Local\Apple Computer 2014-10-27 08:26 - 2014-10-27 08:26 - 00000000 ____D () C:\Users\KI\.android 2014-10-27 08:25 - 2014-10-27 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC 2014-10-27 08:25 - 2014-10-27 08:25 - 00000000 ____D () C:\Program Files (x86)\Spirent Communications 2014-10-27 08:23 - 2014-10-27 08:26 - 00000000 ____D () C:\Program Files (x86)\HTC 2014-10-27 08:23 - 2014-10-27 08:25 - 00027040 _____ () C:\Windows\DPINST.LOG 2014-10-27 08:23 - 2014-10-27 08:23 - 00000000 ____D () C:\ProgramData\HTC 2014-10-21 06:24 - 2014-10-21 06:24 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-10-21 06:24 - 2014-10-21 06:24 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-10-21 06:24 - 2014-10-21 06:24 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-10-21 06:24 - 2014-10-21 06:24 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-10-21 06:24 - 2014-10-21 06:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-10-21 06:24 - 2014-10-21 06:24 - 00000000 ____D () C:\Program Files (x86)\Java 2014-10-15 08:17 - 2014-10-15 08:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-15 07:18 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-15 07:18 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-15 07:18 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-15 07:18 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-15 07:18 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-15 07:18 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-15 07:18 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-15 07:18 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-15 07:18 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-15 07:18 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-15 07:18 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-15 07:18 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-15 07:18 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-15 07:18 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-15 07:18 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-15 07:18 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-15 07:18 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-15 07:18 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-15 07:18 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-15 07:18 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-15 07:18 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-15 07:18 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-15 07:18 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-15 07:18 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-15 07:18 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-15 07:18 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-15 07:18 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-15 07:18 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-15 07:18 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-10-15 07:18 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-15 07:18 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-15 07:18 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-15 07:18 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-15 07:18 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-10-15 07:18 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-15 07:18 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-15 07:18 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-15 07:18 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-15 07:18 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-15 07:18 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-10-15 07:18 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-10-15 07:18 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-10-15 07:18 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-10-15 07:18 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-10-15 07:18 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-15 07:18 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-15 07:18 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-15 07:18 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-15 07:18 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-15 07:18 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-10-15 07:18 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-15 07:18 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-15 07:18 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-15 07:18 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-15 07:18 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-15 07:18 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-15 07:18 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-15 07:18 - 2014-08-19 04:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2014-10-15 07:18 - 2014-08-19 04:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2014-10-15 07:18 - 2014-08-19 04:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2014-10-15 07:18 - 2014-08-19 04:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2014-10-15 07:18 - 2014-08-19 04:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2014-10-15 07:18 - 2014-08-19 04:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2014-10-15 07:18 - 2014-08-19 04:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2014-10-15 07:18 - 2014-08-19 04:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2014-10-15 07:18 - 2014-08-19 04:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2014-10-15 07:18 - 2014-08-19 04:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2014-10-15 07:18 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2014-10-15 07:18 - 2014-08-19 03:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2014-10-15 07:18 - 2014-08-19 03:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2014-10-15 07:18 - 2014-07-07 03:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-10-15 07:18 - 2014-07-07 03:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2014-10-15 07:18 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-10-15 07:18 - 2014-07-07 03:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2014-10-15 07:18 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-10-15 07:18 - 2014-07-07 03:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2014-10-15 07:18 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2014-10-15 07:18 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2014-10-15 07:18 - 2014-07-07 03:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-10-15 07:18 - 2014-07-07 03:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2014-10-15 07:18 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2014-10-15 07:18 - 2014-07-07 02:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2014-10-15 07:18 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2014-10-15 07:18 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2014-10-15 07:18 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2014-10-15 07:18 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2014-10-15 07:18 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-10-15 07:18 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-10-15 07:18 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2014-10-15 07:18 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2014-10-15 07:18 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2014-10-15 07:18 - 2014-06-28 01:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2014-10-15 07:18 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2014-10-15 07:18 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2014-10-15 07:18 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-15 07:18 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-15 07:18 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-15 07:18 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-15 07:18 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-15 07:18 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-15 07:17 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-15 07:17 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-15 07:17 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-15 07:17 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-15 07:17 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-15 07:17 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-15 07:17 - 2014-08-29 03:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-15 07:17 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-10-15 07:17 - 2014-08-29 03:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2014-10-15 07:17 - 2014-08-29 03:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-10-15 07:17 - 2014-08-29 03:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-10-15 07:17 - 2014-08-29 02:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-15 07:17 - 2014-08-29 02:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-10-15 07:17 - 2014-08-29 02:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2014-10-15 07:17 - 2014-08-29 02:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2014-10-15 07:17 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-15 07:17 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-15 07:17 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-15 07:17 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-15 07:17 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-15 07:17 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-15 07:17 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-15 07:17 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-10-15 07:17 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-10-15 07:17 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-15 07:17 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-08 06:07 - 2014-10-29 19:23 - 00115834 _____ () C:\Windows\PFRO.log 2014-10-06 14:31 - 2014-10-06 14:31 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360 2014-10-01 11:43 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-10-01 11:43 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-31 09:55 - 2013-12-04 20:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-31 09:42 - 2013-12-04 21:00 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-31 08:26 - 2009-07-14 18:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat 2014-10-31 08:26 - 2009-07-14 18:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat 2014-10-31 08:26 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-31 08:26 - 2009-07-14 05:45 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-31 08:26 - 2009-07-14 05:45 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-31 08:24 - 2013-12-04 18:18 - 01548040 _____ () C:\Windows\WindowsUpdate.log 2014-10-31 08:19 - 2014-09-30 11:34 - 00014798 _____ () C:\Windows\setupact.log 2014-10-31 08:19 - 2013-12-04 21:00 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-31 08:19 - 2013-12-04 19:41 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-10-31 08:19 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-28 18:43 - 2013-12-05 10:00 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-10-28 15:13 - 2013-12-05 00:29 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-10-28 15:13 - 2013-12-05 00:29 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2014-10-28 14:27 - 2014-09-16 19:09 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-10-28 14:27 - 2013-12-04 22:08 - 00000000 ____D () C:\ProgramData\Origin 2014-10-28 09:09 - 2013-12-04 18:18 - 00000000 ____D () C:\Users\KI 2014-10-28 08:32 - 2009-07-14 05:45 - 00437520 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-27 09:08 - 2013-12-20 10:18 - 00000000 ____D () C:\Users\KI\AppData\Roaming\vlc 2014-10-27 09:04 - 2013-12-05 10:45 - 00000000 ____D () C:\Users\KI\AppData\Local\CrashDumps 2014-10-27 08:27 - 2013-12-04 20:42 - 00111832 _____ () C:\Users\KI\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-27 08:26 - 2014-06-24 09:53 - 00000000 ____D () C:\Users\KI\AppData\Roaming\Apple Computer 2014-10-27 08:23 - 2014-09-05 19:11 - 00000000 ____D () C:\Temp 2014-10-27 08:23 - 2014-01-12 16:33 - 00000000 ____D () C:\Users\KI\AppData\Local\Downloaded Installations 2014-10-26 09:11 - 2013-12-04 21:59 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-10-23 11:37 - 2013-12-04 21:00 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-23 11:37 - 2013-12-04 21:00 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-21 06:24 - 2014-06-04 16:24 - 00000000 ____D () C:\ProgramData\Oracle 2014-10-16 08:04 - 2013-12-04 20:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-10-15 13:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-10-15 10:32 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-15 10:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-10-15 10:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-10-15 08:58 - 2013-12-04 20:31 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-15 08:56 - 2013-12-04 20:31 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-06 14:31 - 2013-12-04 20:23 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration 2014-10-06 14:31 - 2013-12-04 20:23 - 00002319 _____ () C:\Users\Public\Desktop\Norton 360.lnk 2014-10-06 14:31 - 2013-12-04 20:23 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 2014-10-06 14:31 - 2013-12-04 20:23 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64 Some content of TEMP: ==================== C:\Users\KI\AppData\Local\Temp\Quarantine.exe C:\Users\KI\AppData\Local\Temp\sqlite3.dll C:\Users\KI\AppData\Local\Temp\System.Data.SQLite.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-26 09:22 ==================== End Of Log ============================ --- --- --- Danke |
|
31.10.2014, 19:59
| #12 |
| /// the machine /// TB-Ausbilder | Windows 7 64bit: SmartSaver 15 eingefangen. Logs bereits erstellt. Java updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\KI\AppData\Roaming\CRAZB
C:\Users\KI\AppData\Roaming\QVEOKK
ProxyServer: http=127.0.0.1:49201;https=127.0.0.1:49201
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.11.2014, 10:41
| #13 |
| | Windows 7 64bit: SmartSaver 15 eingefangen. Logs bereits erstellt.Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-10-2014 01
Ran by KI at 2014-11-01 10:39:06 Run:1
Running from E:\Arbeitsprogramme\Downloads\Remover Tools\Farbar
Loaded Profile: KI (Available profiles: KI & Administrator)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\KI\AppData\Roaming\CRAZB
C:\Users\KI\AppData\Roaming\QVEOKK
ProxyServer: http=127.0.0.1:49201;https=127.0.0.1:49201
*****************
C:\Users\KI\AppData\Roaming\CRAZB => Moved successfully.
C:\Users\KI\AppData\Roaming\QVEOKK => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
==== End of Fixlog ====
Danke Dir. Hab ich nun alle unerwünschten Dinge los? |
|
01.11.2014, 20:29
| #14 |
| /// the machine /// TB-Ausbilder | Windows 7 64bit: SmartSaver 15 eingefangen. Logs bereits erstellt. ja Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7 64bit: SmartSaver 15 eingefangen. Logs bereits erstellt. |
| fehlercode 0x80000003, fehlercode 0xc0000005, fehlercode 0xc0000374, fehlercode windows, js/toolbar.crossrider.c, pup.optional.crossrider.a, pup.optional.crossrider.t, pup.optional.globalupdate.a, pup.optional.globalupdate.t, pup.optional.installcore.a, pup.optional.rockettab.a, pup.optional.searchextensions.a, pup.optional.smartsaver.a, pup.optional.systemspeedup |
Linear-Darstellung
