Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows7: Ads by clickup

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 24.11.2014, 16:25   #1
myriambb
 
Windows7: Ads by clickup - Frage

Windows7: Ads by clickup



Hei hallo! myriambb hier. mein rechner ist für mein Gewerbe tätig, das ich noch "umsatzneutral" aufbaue (arbeite gerade an meiner Verlulst-Steuererklärung 2013). OK dass ich hier frage?
Gestern habe ich beim Downloaden vom Flash Player die Ads ba Clickup gefangen. Ratzfatz 7 verschiedene Programme auf meinem Rechner. Habe alle wieder per Systemsteuerung deinstalliert. Übrig geblieben ist Bobrowser, das lässt sich nicht deinstallieren. Ständig poppen in Mozilla Websites auf, die ich nicht abgefragt habe, extrem stressig, das Problem ist wahrscheinlich bekannt.
Der Rechner hat Microsoft Security Essential zum Schutz, scant jeden Morgen kurz und einmal die Woche vollständig. Hier keine Ergebnisse gestern und heute. ich bin den Schritten auf Eurer Seite gefolgt, hier die Ergebnisse:FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014 01
Ran by Myriam at 2014-11-24 15:37:34
Running from C:\Users\Myriam\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
BoBrowser (HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\...\BoBrowser) (Version: 36.0.1985.131 - BoBrowser) <==== ATTENTION
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
clicup (HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\...\clicup) (Version: 1.0 - Ad Businness Crown Solutions)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
EasyCash&Tax 2.15 (HKLM-x32\...\EasyCash&Tax_is1) (Version: - tm)
EasyRide&Tax 2.2 (HKLM-x32\...\EasyRide&Tax_is1) (Version: - tm)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.1.0 - Genesys Logic)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3383 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.33 - Intel Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
PDF Creator (HKLM\...\PDF Creator) (Version: - )
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.806.806.022114 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.80.218.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7188 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0237 - )
RocketTab (HKLM-x32\...\RocketTab) (Version: - RocketTab) <==== ATTENTION
SaleItCoupon (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version: - SaleItCoupon) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SmootherWeb (HKU\S-1-5-21-1313315996-2717873473-2842918071-1000 Version: 1.0 - SmootherWeb LLC) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.14563 - TeamViewer)
WindowsMangerProtect20.0.0.1270 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.1270 - WindowsProtect LIMITED) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

12-11-2014 19:54:17 Windows Update
13-11-2014 11:38:36 Removed DriverUpdate
13-11-2014 11:59:44 Removed SlimCleaner Plus
13-11-2014 12:00:02 Removed DriverUpdate
14-11-2014 18:00:03 Windows-Sicherung
17-11-2014 07:26:16 Windows Update
19-11-2014 21:28:36 Windows Update
21-11-2014 18:00:06 Windows-Sicherung
21-11-2014 19:27:12 Windows Update
23-11-2014 11:06:29 Removed Microsoft Silverlight

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {212D6219-4550-4D60-9AB7-BD4DB801AF4E} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {36A7554D-40F5-4CB5-BABB-A2E448252085} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {3DF8667D-2A89-4F3A-B1A9-9F4AB11351BE} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {60C1F26F-1E5F-4360-8546-6B96E644373C} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {93CE497B-B917-44BA-BD64-DE85F685579F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AEB89269-D705-40B9-9C47-A6B8BBAF24CF} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe [2014-11-23] () <==== ATTENTION
Task: {C170EF29-2782-4E21-B0DA-6061E9D6F6E3} - System32\Tasks\RocketTab => cmd.exe /C start "" "C:\Program Files (x86)\Search Extensions\Client.exe" /Preferred=true <==== ATTENTION
Task: {DF19386C-AB80-4284-84EA-B3B8B5B67A56} - System32\Tasks\Digital Sites => C:\Users\Myriam\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2014-11-08] () <==== ATTENTION
Task: {E221BF50-FDC2-4FA2-8DFE-25F0760D9844} - System32\Tasks\Run_Bobby_Browser => C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe [2014-10-22] (The BoBrowser Authors)
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Myriam\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-11-08 11:29 - 2011-10-04 21:43 - 00087552 _____ () C:\Windows\System32\custmon64i.dll
2014-10-18 12:39 - 2014-01-06 17:47 - 00053248 _____ () C:\Windows\SysWOW64\UMonit64.exe
2014-11-23 09:46 - 2014-11-23 09:46 - 05812224 _____ () C:\Program Files (x86)\Search Extensions\Client.exe
2014-10-18 12:41 - 2014-01-22 13:04 - 00084992 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2014-11-23 10:01 - 2014-11-02 10:35 - 00268600 _____ () C:\Windows\SysWOW64\lsdprn.exe
2014-10-18 12:34 - 2013-10-01 16:09 - 00078880 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2014-11-23 09:46 - 2014-10-22 10:35 - 00873472 _____ () C:\Users\Myriam\AppData\Local\BoBrowser\Application\36.0.1985.131\libglesv2.dll
2014-11-23 09:46 - 2014-10-22 10:35 - 00128512 _____ () C:\Users\Myriam\AppData\Local\BoBrowser\Application\36.0.1985.131\libegl.dll
2014-11-23 09:46 - 2014-10-22 10:35 - 00387072 _____ () C:\Users\Myriam\AppData\Local\BoBrowser\Application\36.0.1985.131\ppGoogleNaClPluginChrome.dll
2014-11-23 09:46 - 2014-10-22 10:35 - 02012160 _____ () C:\Users\Myriam\AppData\Local\BoBrowser\Application\36.0.1985.131\ffmpegsumo.dll
2014-10-18 12:35 - 2013-09-04 06:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-11-11 07:00 - 2014-11-11 07:00 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-10-20 07:32 - 2014-10-20 07:32 - 16832176 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Myriam\Downloads\X17-75062.exe:AFP_AfpInfo
AlternateDataStreams: C:\Users\Myriam\Downloads\X17-75062.exe:Mac_Metadata

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1313315996-2717873473-2842918071-500 - Administrator - Disabled)
Gast (S-1-5-21-1313315996-2717873473-2842918071-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1313315996-2717873473-2842918071-1002 - Limited - Enabled)
Myriam (S-1-5-21-1313315996-2717873473-2842918071-1000 - Administrator - Enabled) => C:\Users\Myriam

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/23/2014 00:16:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/23/2014 11:57:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/23/2014 10:01:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.1.0.5423, Zeitstempel: 0x545c0a59
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.1.0.5423, Zeitstempel: 0x545be5ee
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0xaf8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (11/23/2014 09:47:48 AM) (Source: MsiInstaller) (EventID: 11309) (User: Myriam-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.

Error: (11/23/2014 09:46:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.1.0.5423, Zeitstempel: 0x545c0a59
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.1.0.5423, Zeitstempel: 0x545be5ee
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1188
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (11/23/2014 09:35:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.1.0.5423, Zeitstempel: 0x545c0a59
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.1.0.5423, Zeitstempel: 0x545be5ee
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x15e8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (11/22/2014 06:36:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/20/2014 06:39:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2014 10:23:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2014 10:14:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/23/2014 00:16:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "globalUpdate Update Service (globalUpdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/23/2014 00:14:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht.

Error: (11/23/2014 00:10:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Computer Backup (MyPC Backup)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/23/2014 11:58:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "globalUpdate Update Service (globalUpdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/23/2014 11:56:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht.

Error: (11/23/2014 11:56:00 AM) (Source: volmgr) (EventID: 49) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physikalischen Speicher abbilden zu können.

Error: (11/23/2014 09:46:38 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "ClaraUpdater" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (11/22/2014 00:09:04 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{905AFA44-4336-45E6-A9B1-D6C7A57ECB5E}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (11/21/2014 06:10:24 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{905AFA44-4336-45E6-A9B1-D6C7A57ECB5E}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (11/20/2014 11:22:51 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.


Microsoft Office Sessions:
=========================
Error: (11/23/2014 00:16:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/23/2014 11:57:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/23/2014 10:01:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.1.0.5423545c0a59mozalloc.dll33.1.0.5423545be5ee8000000300001425af801d006fbe309974bC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll58ce4ca8-72ef-11e4-ac05-9cad97aa1f76

Error: (11/23/2014 09:47:48 AM) (Source: MsiInstaller) (EventID: 11309) (User: Myriam-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/23/2014 09:46:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.1.0.5423545c0a59mozalloc.dll33.1.0.5423545be5ee8000000300001425118801d006f95de3d8b8C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll3643d75b-72ed-11e4-ac05-9cad97aa1f76

Error: (11/23/2014 09:35:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.1.0.5423545c0a59mozalloc.dll33.1.0.5423545be5ee800000030000142515e801d006f47871de29C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlla364e7eb-72eb-11e4-ac05-9cad97aa1f76

Error: (11/22/2014 06:36:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/20/2014 06:39:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2014 10:23:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2014 10:14:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-4010U CPU @ 1.70GHz
Percentage of memory in use: 54%
Total physical RAM: 4003.95 MB
Available physical RAM: 1839.23 MB
Total Pagefile: 8006.07 MB
Available Pagefile: 5497.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.54 GB) (Free:409.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: D9FA2484)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
--- --- ---
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:27 on 24/11/2014 (Myriam)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01
Ran by Myriam (administrator) on MYRIAM-PC on 24-11-2014 15:37:09
Running from C:\Users\Myriam\Downloads
Loaded Profile: Myriam (Available profiles: Myriam)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(clicup) C:\Users\Myriam\AppData\Local\clicup\chrmndr.exe
(The BoBrowser Authors) C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(The BoBrowser Authors) C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe
(The BoBrowser Authors) C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe
(The BoBrowser Authors) C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe
(The BoBrowser Authors) C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe
() C:\Program Files (x86)\Search Extensions\Client.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(ClaraLabs) C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\SysWOW64\lsdprn.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\RtkBleServ.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [UMonit64] => C:\Windows\SysWOW64\UMonit64.exe [53248 2014-01-06] ()
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [216064 2014-01-06] (Realtek Semiconductor Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-06-09] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [mbot_de_300] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\...\Run: [smoother] => C:\Users\Myriam\AppData\Roaming\SmootherWeb\SmootherWeb-Installer.exe [489651 2014-08-27] ()
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\...\Run: [clicup-Agent] => C:\Users\Myriam\AppData\Local\clicup\chrmndr.exe [509424 2014-11-06] (clicup)
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\...\Run: [BoBrowser] => C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe [7348224 2014-10-22] (The BoBrowser Authors)
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\system32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\...\MountPoints2: {995bf4fa-56b4-11e4-82bf-c58847a17502} - E:\LaunchU3.exe -a
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-1313315996-2717873473-2842918071-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1313315996-2717873473-2842918071-1000] => http=127.0.0.1:49203;https=127.0.0.1:49203
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE160AC8BCAEACF01
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1415877113&from=cor&uid=ST500LM000-SSHD-8GB_W760PNH6XXXXW760PNH6&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1415877113&from=cor&uid=ST500LM000-SSHD-8GB_W760PNH6XXXXW760PNH6&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1415877113&from=cor&uid=ST500LM000-SSHD-8GB_W760PNH6XXXXW760PNH6&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1415877113&from=cor&uid=ST500LM000-SSHD-8GB_W760PNH6XXXXW760PNH6&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_secureddownload_14_46_ff&cd=2XzuyEtN2Y1L1Qzuzy0C0A0DzyyB0A0AtC0FyByCyCzy0CyCtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0D0F0D0F0CtAtAtG0AtAyEzytG0ByB0EtDtGyD0DyB0AtGtC0DtBtBtCtDyB0A0FtA0F0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Bzy0Dzy0D0A0BtCtGyBzytC0EtGyEtDzytCtGzytCyB0EtG0F0ByBtD0F0DyCyCyEtB0A0F2Q&cr=1160581219&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_secureddownload_14_46_ff&cd=2XzuyEtN2Y1L1Qzuzy0C0A0DzyyB0A0AtC0FyByCyCzy0CyCtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0D0F0D0F0CtAtAtG0AtAyEzytG0ByB0EtDtGyD0DyB0AtGtC0DtBtBtCtDyB0A0FtA0F0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Bzy0Dzy0D0A0BtCtGyBzytC0EtGyEtDzytCtGzytCyB0EtG0F0ByBtD0F0DyCyCyEtB0A0F2Q&cr=1160581219&ir=
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_45_ff&cd=2XzuyEtN2Y1L1Qzuzy0C0A0DzyyB0A0AtC0FyByCyCzy0CyCtN0D0Tzu0StCtDyEtBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0CyCyD0FyDtD0AtGzztCyD0EtGyEtAtAtAtG0Ezz0BzztGtBtD0F0DyD0CtBzz0EtAyB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Bzy0Dzy0D0A0BtCtGyBzytC0EtGyEtDzytCtGzytCyB0EtG0F0ByBtD0F0DyCyCyEtB0A0F2Q&cr=960638948&ir=
SearchScopes: HKU\S-1-5-21-1313315996-2717873473-2842918071-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_secureddownload_14_46_ff&cd=2XzuyEtN2Y1L1Qzuzy0C0A0DzyyB0A0AtC0FyByCyCzy0CyCtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0D0F0D0F0CtAtAtG0AtAyEzytG0ByB0EtDtGyD0DyB0AtGtC0DtBtBtCtDyB0A0FtA0F0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Bzy0Dzy0D0A0BtCtGyBzytC0EtGyEtDzytCtGzytCyB0EtG0F0ByBtD0F0DyCyCyEtB0A0F2Q&cr=1160581219&ir=
SearchScopes: HKU\S-1-5-21-1313315996-2717873473-2842918071-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_secureddownload_14_46_ff&cd=2XzuyEtN2Y1L1Qzuzy0C0A0DzyyB0A0AtC0FyByCyCzy0CyCtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0D0F0D0F0CtAtAtG0AtAyEzytG0ByB0EtDtGyD0DyB0AtGtC0DtBtBtCtDyB0A0FtA0F0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Bzy0Dzy0D0A0BtCtGyBzytC0EtGyEtDzytCtGzytCyB0EtG0F0ByBtD0F0DyCyCyEtB0A0F2Q&cr=1160581219&ir=
SearchScopes: HKU\S-1-5-21-1313315996-2717873473-2842918071-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_45_ff&cd=2XzuyEtN2Y1L1Qzuzy0C0A0DzyyB0A0AtC0FyByCyCzy0CyCtN0D0Tzu0StCtDyEtBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0CyCyD0FyDtD0AtGzztCyD0EtGyEtAtAtAtG0Ezz0BzztGtBtD0F0DyD0CtBzz0EtAyB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Bzy0Dzy0D0A0BtCtGyBzytC0EtGyEtDzytCtGzytCyB0EtG0F0ByBtD0F0DyCyCyEtB0A0F2Q&cr=960638948&ir=
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\1zn4v21r.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\1zn4v21r.default\user.js
FF SearchPlugin: C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\1zn4v21r.default\searchplugins\ixquick-https.xml
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Myriam\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (TinyWallet) - C:\Users\Myriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc [2014-11-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-07] (Realtek Semiconductor Corporation) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [84992 2014-01-22] () [File not signed]
R2 ClaraUpdater; C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe [325744 2014-11-23] (ClaraLabs)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [714208 2014-11-13] (Cherished Technololgy LIMITED)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 lsdprn; C:\Windows\SysWOW64\lsdprn.exe [268600 2014-11-02] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 RtkBleServ; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [42496 2013-04-25] (Realtek Semiconductor Corporation) [File not signed]
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [490640 2014-11-13] (Fuyu LIMITED)
S2 51cdb72; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll",ENT
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [559320 2014-02-18] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3300568 2014-02-20] (Realtek Semiconductor Corporation )
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-11-13] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-24 15:34 - 2014-11-24 15:36 - 00022422 _____ () C:\Users\Myriam\Downloads\Addition.txt
2014-11-24 15:33 - 2014-11-24 15:37 - 00017547 _____ () C:\Users\Myriam\Downloads\FRST.txt
2014-11-24 15:33 - 2014-11-24 15:37 - 00000000 ____D () C:\FRST
2014-11-24 15:30 - 2014-11-24 15:30 - 02118144 _____ (Farbar) C:\Users\Myriam\Downloads\FRST64.exe
2014-11-24 15:29 - 2014-11-24 15:29 - 00000000 ____D () C:\Users\Myriam\Downloads\Empf von TrojanerBoard
2014-11-24 15:26 - 2014-11-24 15:26 - 00000000 _____ () C:\Users\Myriam\defogger_reenable
2014-11-23 11:49 - 2014-11-23 11:49 - 00004018 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-11-23 11:47 - 2014-11-23 11:47 - 00000000 ____D () C:\ProgramData\600440862
2014-11-23 10:06 - 2014-11-23 10:06 - 00000000 ____D () C:\Users\Myriam\AppData\Roaming\QuickScan
2014-11-23 10:05 - 2014-11-23 12:13 - 00000000 ____D () C:\Program Files (x86)\PC Speed Up
2014-11-23 10:04 - 2014-11-23 10:04 - 00000000 ____D () C:\Program Files (x86)\predm
2014-11-23 10:03 - 2014-11-23 12:14 - 00000442 __RSH () C:\ProgramData\ntuser.pol
2014-11-23 10:03 - 2014-11-23 12:14 - 00000000 ____D () C:\ProgramData\TinyWallet
2014-11-23 10:03 - 2014-11-23 12:08 - 00000000 ____D () C:\Program Files (x86)\TinyWallet
2014-11-23 10:03 - 2014-11-23 10:26 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Google
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Torch
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Comodo
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Chromatic Browser
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Gast
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Administrator
2014-11-23 10:01 - 2014-11-23 12:09 - 00000000 ____D () C:\Program Files\shopperz
2014-11-23 10:01 - 2014-11-02 10:35 - 00268600 _____ () C:\Windows\SysWOW64\lsdprn.exe
2014-11-23 09:48 - 2014-11-23 09:48 - 00003150 _____ () C:\Windows\System32\Tasks\Run_Bobby_Browser
2014-11-23 09:47 - 2014-11-24 09:52 - 00000958 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-11-23 09:47 - 2014-11-24 09:52 - 00000954 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-11-23 09:47 - 2014-11-23 09:47 - 00003956 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-11-23 09:47 - 2014-11-23 09:47 - 00003702 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-11-23 09:47 - 2014-11-23 09:47 - 00000000 ____D () C:\Users\Myriam\AppData\Local\globalUpdate
2014-11-23 09:46 - 2014-11-23 09:48 - 00000000 ____D () C:\Users\Myriam\AppData\Local\BoBrowser
2014-11-23 09:46 - 2014-11-23 09:46 - 00004328 _____ () C:\Windows\System32\Tasks\RocketTab Update Task
2014-11-23 09:46 - 2014-11-23 09:46 - 00003542 _____ () C:\Windows\System32\Tasks\RocketTab
2014-11-23 09:46 - 2014-11-23 09:46 - 00000000 ____D () C:\Program Files (x86)\Search Extensions
2014-11-23 09:44 - 2014-11-23 11:56 - 00000000 ____D () C:\Program Files (x86)\FLVM Player
2014-11-23 09:35 - 2014-11-23 12:14 - 00000000 ____D () C:\Users\Myriam\AppData\Roaming\SmootherWeb
2014-11-23 09:35 - 2014-11-23 09:35 - 00001831 _____ () C:\Windows\patsearch.bin
2014-11-23 09:35 - 2014-11-23 09:35 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrT_01009.Wdf
2014-11-23 09:35 - 2014-11-23 09:35 - 00000000 ____D () C:\Users\Myriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmootherWeb
2014-11-23 09:35 - 2014-11-23 09:35 - 00000000 ____D () C:\Users\Myriam\AppData\Local\clicup
2014-11-23 09:35 - 2014-11-23 09:35 - 00000000 ____D () C:\SmootherWeb
2014-11-23 09:32 - 2014-11-23 09:32 - 00593992 _____ (didico conscientia argumentum meretrix) C:\Users\Myriam\Downloads\Adobe%20Flash%20Player%20IE.exe
2014-11-22 14:53 - 2014-11-22 14:53 - 09665384 _____ () C:\Users\Myriam\Documents\Regale voller GoldBarren Focus online.odt
2014-11-22 07:34 - 2014-11-22 07:34 - 00123537 _____ () C:\Users\Myriam\Documents\Kühe.odt
2014-11-22 07:30 - 2014-11-22 07:36 - 01046283 _____ () C:\Users\Myriam\Documents\Schweine.odt
2014-11-21 14:01 - 2014-11-21 14:18 - 120739128 _____ (Landesfinanzdirektion Thüringen) C:\Users\Myriam\Downloads\ElsterFormular-15.3.20141106u.exe
2014-11-19 14:28 - 2014-11-19 14:28 - 00952124 _____ () C:\Users\Myriam\Desktop\Audi Schätzung Nov'14.odt
2014-11-19 13:34 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 13:34 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 13:34 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 13:34 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 11:22 - 2014-11-18 11:22 - 00494259 _____ () C:\Users\Myriam\Desktop\NADH.odt
2014-11-18 11:10 - 2014-11-18 11:16 - 00017058 _____ () C:\Users\Myriam\Desktop\Serotonin.odt
2014-11-15 21:45 - 2014-11-15 21:45 - 00004700 _____ () C:\Users\Myriam\Downloads\Lass deine Augen das Beste sehen.odt
2014-11-13 19:46 - 2014-11-13 19:46 - 00006569 _____ () C:\Users\Myriam\Documents\Impressum.odt
2014-11-13 12:55 - 2014-11-13 12:55 - 00000000 ____D () C:\Users\Myriam\Documents\Fax
2014-11-13 12:53 - 2014-11-13 12:53 - 00792796 _____ () C:\Users\Myriam\Documents\141114 veraltete Treiber.odt
2014-11-13 12:52 - 2014-11-13 12:52 - 00223511 _____ () C:\Users\Myriam\Documents\141114 Erstattung Trixie Maulschlaufe.odt
2014-11-13 12:24 - 2014-11-13 12:24 - 00003152 _____ () C:\Windows\System32\Tasks\{D4059A91-59EB-4BD4-8D46-E7191558AA7A}
2014-11-13 12:22 - 2014-11-13 12:54 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Vosteran
2014-11-13 12:16 - 2014-11-13 12:16 - 00000000 ____D () C:\Users\Myriam\Documents\PC Speed Maximizer
2014-11-13 12:13 - 2014-11-13 12:13 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-11-13 12:12 - 2014-11-13 12:12 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-11-13 12:10 - 2014-11-13 12:10 - 05798968 _____ (Innovative Solutions ) C:\Users\Myriam\Downloads\hp-treiber.exe
2014-11-13 12:10 - 2014-11-13 12:10 - 00000000 __SHD () C:\Users\Myriam\AppData\Local\EmieBrowserModeList
2014-11-13 12:08 - 2014-11-13 12:08 - 00825248 _____ ( ) C:\Users\Myriam\Downloads\hp-treiber_setup.exe
2014-11-13 11:52 - 2014-11-13 12:12 - 00000000 ____D () C:\Users\Myriam\AppData\Roaming\DriverTurbo
2014-11-13 11:51 - 2014-11-13 11:52 - 00231952 _____ () C:\Users\Myriam\Downloads\DriverTurboSetup.exe
2014-11-12 06:55 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 06:55 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 06:55 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 06:55 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 06:55 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 06:55 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 06:55 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 06:55 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 06:55 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 06:55 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 06:55 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 06:55 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 06:55 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 06:55 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 06:55 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 06:55 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 06:55 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 06:55 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 06:55 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 06:55 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 06:55 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 06:55 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 06:55 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 06:55 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 06:55 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 06:55 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 06:55 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 06:55 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 06:55 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 06:55 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 06:55 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 06:55 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 06:55 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 06:55 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 06:55 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 06:55 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 06:55 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 06:55 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 06:55 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 06:55 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 06:55 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 06:55 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 06:55 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 06:55 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 06:55 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 06:55 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 06:55 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 06:55 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 06:55 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 06:55 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 06:55 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 06:55 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 06:55 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 06:55 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 06:55 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 06:55 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 06:53 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 06:53 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 06:53 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 06:53 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 06:53 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 06:53 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 06:53 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 06:53 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 06:53 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 06:53 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 06:53 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 06:53 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 06:48 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 06:48 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 06:48 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 06:48 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 06:48 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 06:48 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 06:48 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 06:48 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 06:48 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 06:48 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 06:48 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 06:48 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 06:48 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 06:48 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 06:48 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 06:48 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 06:48 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 06:48 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 06:48 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 06:48 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 06:48 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 22:54 - 2014-11-11 22:54 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-11-11 22:52 - 2014-11-11 22:54 - 13829880 _____ (Adobe Systems Inc.) C:\Users\Myriam\Downloads\Shockwave_Installer_Full.exe
2014-11-11 07:00 - 2014-11-11 07:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-10 11:57 - 2014-11-10 21:10 - 00005558 _____ () C:\Users\Myriam\Documents\Hundespiel.odt
2014-11-10 06:58 - 2014-11-10 06:58 - 00004809 _____ () C:\Users\Myriam\Documents\Kfz in der BF 6 Absatz 1 Nr.odt
2014-11-09 19:42 - 2014-11-09 19:42 - 00000000 ____D () C:\Users\Myriam\AppData\Local\PDF24
2014-11-09 19:41 - 2014-11-09 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2014-11-09 19:41 - 2014-11-09 19:41 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-11-09 10:10 - 2014-11-09 19:25 - 00005619 _____ () C:\Users\Myriam\Desktop\Liebe Devani.odt
2014-11-08 17:18 - 2014-11-08 17:18 - 00000000 ____D () C:\Program Files (x86)\downloaditkeep
2014-11-08 12:45 - 2014-11-24 09:35 - 00000094 _____ () C:\Users\Myriam\AppData\Roaming\WB.CFG
2014-11-08 12:14 - 2014-11-23 11:47 - 00000000 ____D () C:\ProgramData\374311380
2014-11-08 12:12 - 2014-11-13 12:54 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-11-08 12:09 - 2014-11-23 12:08 - 00000000 ____D () C:\ProgramData\2fa710b654abf508
2014-11-08 12:09 - 2014-11-12 06:26 - 00000000 ____D () C:\ProgramData\downloaditkeep
2014-11-08 12:09 - 2014-11-08 12:09 - 00000000 ____D () C:\ProgramData\SaleItCoupon
2014-11-08 11:49 - 2014-11-08 12:03 - 00000000 ____D () C:\Users\Myriam\AppData\Local\CUSTPDF Writer
2014-11-08 11:45 - 2014-11-24 14:45 - 00000296 _____ () C:\Windows\Tasks\Digital Sites.job
2014-11-08 11:45 - 2014-11-08 11:45 - 00003240 _____ () C:\Windows\System32\Tasks\Digital Sites
2014-11-08 11:45 - 2014-11-08 11:45 - 00000000 ____D () C:\Users\Myriam\AppData\Roaming\DigitalSites
2014-11-08 11:39 - 2014-11-13 12:15 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Downloaded Installers
2014-11-08 11:39 - 2014-11-08 11:39 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc
2014-11-08 11:36 - 2014-11-13 13:01 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2014-11-08 11:36 - 2014-11-13 12:12 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-11-08 11:36 - 2014-11-08 11:36 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-11-08 11:36 - 2014-11-08 11:36 - 00000000 ____D () C:\Users\Myriam\AppData\Local\SlimWare Utilities Inc
2014-11-08 11:34 - 2014-11-08 11:34 - 00000000 ____D () C:\Users\Myriam\Documents\Optimizer Pro
2014-11-08 11:31 - 2014-11-08 11:31 - 00000000 __SHD () C:\Users\Myriam\AppData\Local\EmieUserList
2014-11-08 11:31 - 2014-11-08 11:31 - 00000000 __SHD () C:\Users\Myriam\AppData\Local\EmieSiteList
2014-11-08 11:29 - 2014-11-08 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Creator
2014-11-08 11:29 - 2014-11-08 11:29 - 00000000 ____D () C:\Program Files\PDFCreator
2014-11-08 11:29 - 2014-11-08 11:29 - 00000000 ____D () C:\Program Files (x86)\PDF Creator
2014-11-08 11:29 - 2014-11-08 11:29 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-11-08 11:29 - 2011-10-04 21:43 - 00087552 _____ () C:\Windows\system32\custmon64i.dll
2014-11-08 11:25 - 2014-11-08 11:25 - 00812160 _____ ( ) C:\Users\Myriam\Downloads\PdfCreatorSetup.exe
2014-11-02 19:20 - 2014-11-02 19:22 - 00011776 ___SH () C:\Users\Myriam\Documents\Thumbs.db
2014-11-02 18:24 - 2014-11-02 19:18 - 58885280 _____ () C:\Users\Myriam\Documents\Gute Energie 141102 NutzenFußnote.pptx
2014-10-31 11:23 - 2014-10-31 11:24 - 05033168 _____ (Lenovo Group Limited ) C:\Users\Myriam\Downloads\a3ub03w7.exe
2014-10-31 07:12 - 2014-10-31 07:12 - 00000000 ____D () C:\ProgramData\EasyCash&Tax
2014-10-31 06:14 - 2014-11-20 21:32 - 00000000 ____D () C:\Users\Myriam\Documents\EC&T KontenDateien Einst
2014-10-30 22:33 - 2014-10-30 22:33 - 00003036 _____ () C:\Windows\System32\Tasks\{F21E1B53-A4BF-42A2-965F-D8F872357334}
2014-10-30 07:45 - 2014-10-30 08:19 - 00000000 ____D () C:\Users\Myriam\Programme
2014-10-29 21:58 - 2014-10-29 22:03 - 307709680 _____ () C:\Users\Myriam\Downloads\OJJ4500_Full_13.exe
2014-10-29 18:10 - 2014-10-29 18:10 - 00000000 ____D () C:\Users\Myriam\Documents\OneNote-Notizbücher
2014-10-29 12:17 - 2014-10-29 12:17 - 01825672 _____ () C:\Users\Myriam\Documents\141029 Erklärung Datenschutz.odt
2014-10-29 10:09 - 2014-10-29 10:09 - 00000000 ____D () C:\Users\Myriam\Downloads\Neuer Ordner
2014-10-29 09:37 - 2014-10-29 12:11 - 00043265 _____ () C:\Users\Myriam\Documents\Bild Löwe Regulus von Devani.odt
2014-10-28 11:32 - 2014-10-28 11:32 - 01189723 _____ () C:\Users\Myriam\Desktop\141028 Dame...Herr.odt
2014-10-27 09:28 - 2014-11-12 20:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-27 09:27 - 2014-11-12 20:55 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-24 15:26 - 2014-10-17 20:16 - 00000000 ____D () C:\Users\Myriam
2014-11-24 15:22 - 2014-10-18 13:18 - 00000000 ____D () C:\Users\Myriam\Documents\Outlook-Dateien
2014-11-24 14:35 - 2014-10-18 02:10 - 01751308 _____ () C:\Windows\WindowsUpdate.log
2014-11-23 18:32 - 2009-07-14 05:51 - 00033196 _____ () C:\Windows\setupact.log
2014-11-23 12:21 - 2009-07-14 05:45 - 00032768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-23 12:21 - 2009-07-14 05:45 - 00032768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-23 12:19 - 2011-04-12 08:43 - 00698926 _____ () C:\Windows\system32\perfh007.dat
2014-11-23 12:19 - 2011-04-12 08:43 - 00149034 _____ () C:\Windows\system32\perfc007.dat
2014-11-23 12:19 - 2009-07-14 06:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-23 12:14 - 2014-10-18 12:46 - 00222619 _____ () C:\Users\Myriam\AppData\Local\BTServer.log
2014-11-23 12:14 - 2010-11-21 04:47 - 00044576 _____ () C:\Windows\PFRO.log
2014-11-23 12:14 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-23 11:52 - 2014-04-26 08:21 - 00000000 ____D () C:\Users\Myriam\Downloads\exe Betrieb
2014-11-23 10:03 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-11-23 10:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-11-23 09:39 - 2014-10-18 13:03 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Adobe
2014-11-22 22:01 - 2014-10-20 13:08 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{01AB2F2F-7029-49A9-8627-BE87BF065232}
2014-11-22 07:50 - 2014-10-21 12:59 - 00000000 ____D () C:\Users\Myriam\Documents\DVDVideoSoft
2014-11-20 19:41 - 2014-10-18 12:52 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Microsoft Help
2014-11-19 14:21 - 2014-10-19 15:04 - 00000416 _____ () C:\Windows\BRWMARK.INI
2014-11-19 14:21 - 2014-10-19 15:04 - 00000034 _____ () C:\Windows\SysWOW64\BD2030.DAT
2014-11-14 16:18 - 2011-04-12 08:54 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-13 21:50 - 2014-10-20 08:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyCash
2014-11-13 21:50 - 2014-10-20 08:07 - 00000000 ____D () C:\Program Files (x86)\EasyCash&Tax
2014-11-13 13:23 - 2014-10-20 15:21 - 00002480 _____ () C:\ProgramData\hpzinstall.log
2014-11-13 08:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 07:06 - 2014-10-18 13:04 - 00086552 _____ () C:\Users\Myriam\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-13 07:05 - 2009-07-14 05:45 - 00342576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 07:03 - 2014-10-20 08:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 21:02 - 2014-10-18 12:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 06:26 - 2014-10-18 12:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-02 14:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 14:26 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp

Some content of TEMP:
====================
C:\Users\Myriam\AppData\Local\Temp\18be6784_.exe
C:\Users\Myriam\AppData\Local\Temp\294823_.exe
C:\Users\Myriam\AppData\Local\Temp\6BDF3DD2-CCEB-FD7D-9453-9BAE6B457C58.dll
C:\Users\Myriam\AppData\Local\Temp\6BDF3DD2-CCEB-FD7D-9453-9BAE6B457C58.exe
C:\Users\Myriam\AppData\Local\Temp\8DC39D87-7260-3704-13E1-E3ED4E9AD4B9.exe
C:\Users\Myriam\AppData\Local\Temp\CloudBackup4115.exe
C:\Users\Myriam\AppData\Local\Temp\DllMonoCtrl.dll
C:\Users\Myriam\AppData\Local\Temp\install_flashplayer15x32_mssd_aaa_aih.exe
C:\Users\Myriam\AppData\Local\Temp\optprosetup.exe
C:\Users\Myriam\AppData\Local\Temp\scpCEE0.tmp.exe
C:\Users\Myriam\AppData\Local\Temp\scpDA0F.tmp.exe
C:\Users\Myriam\AppData\Local\Temp\sprz.exe
C:\Users\Myriam\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Myriam\AppData\Local\Temp\System.Data.SQLite50142.dll
C:\Users\Myriam\AppData\Local\Temp\System.Data.SQLite57062.dll
C:\Users\Myriam\AppData\Local\Temp\System.Data.SQLite68303.dll
C:\Users\Myriam\AppData\Local\Temp\System.Data.SQLite75878.dll
C:\Users\Myriam\AppData\Local\Temp\System.Data.SQLite90450.dll
C:\Users\Myriam\AppData\Local\Temp\System.Data.SQLite98387.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 00:17

==================== End Of Log ============================
         
--- --- ---
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-24 15:52:48
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST500LM000-SSHD-8GB rev.LVD3 465.76GB
Running: Gmer-19357.exe; Driver: C:\Users\Myriam\AppData\Local\Temp\ugdiypod.sys


---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code
---- Processes - GMER 2.1 ----

Library c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{969E367D-5C3C-4C43-9DE0-E39E52FBB8F2}\offreg.dll (*** suspicious ***) @ c:\Program Files\Microsoft Security Client\MsMpEng.exe [940] (FILE NOT FOUND) 000007fefb930000
Process C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe (*** suspicious ***) @ C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe [3060] (BoBrowser/The BoBrowser Authors)(2014-11-23 08:46:37) 0000000001230000
Process C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe (*** suspicious ***) @ C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe [3132] (BoBrowser/The BoBrowser Authors)(2014-11-23 08:46:37) 0000000001230000
Process C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe (*** suspicious ***) @ C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe [3232] (BoBrowser/The BoBrowser Authors)(2014-11-23 08:46:37) 0000000001230000
Process C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe (*** suspicious ***) @ C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe [3312] (BoBrowser/The BoBrowser Authors)(2014-11-23 08:46:37) 0000000001230000
Process C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe (*** suspicious ***) @ C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe [3348] (BoBrowser/The BoBrowser Authors)(2014-11-23 08:46:37) 0000000001230000

---- EOF - GMER 2.1 ----
         
--- --- ---
Ich hoffe das ist so komplett und OK gemacht.
Hoffnungsvoll, Grüße aus Freude myriambb

Alt 24.11.2014, 17:02   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7: Ads by clickup - Standard

Windows7: Ads by clickup



hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.




Bitte alle Logs nochmal in Codetags.



Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 24.11.2014, 18:11   #3
myriambb
 
Windows7: Ads by clickup - Standard

Windows7: Ads by clickup



Hei. Danke für den schnellen EInstieg!

hatte alles aus den Dateien kopiert und hier eingesetzt. Falsch?

ich verstehe nicht: "Bitte alle Logs nochmal in Codetags", verstehe die Anleitung dazu nicht.

Wenn ich den Editor aufmache sehe ich keine Raute, der Rest kommt dann auch nicht

Was soll ich tun? // TDSS Killer mach ich jetzt

LG myriambb

Hei SChrauber
die TDSSKILLER DAtei habe ich, aber keine Idee wie ich sie jetzt richtig hier einkopiere.
Sorry, ich steh auf dem Schlauch mit dem Editor.

Code:
ATTFilter
17:26:42.0392 0x1678  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
17:26:42.0393 0x1678  UEFI system
17:26:53.0173 0x1678  ============================================================
17:26:53.0174 0x1678  Current date / time: 2014/11/24 17:26:53.0173
17:26:53.0174 0x1678  SystemInfo:
17:26:53.0174 0x1678  
17:26:53.0174 0x1678  OS Version: 6.1.7601 ServicePack: 1.0
17:26:53.0174 0x1678  Product type: Workstation
17:26:53.0174 0x1678  ComputerName: MYRIAM-PC
17:26:53.0175 0x1678  UserName: Myriam
17:26:53.0175 0x1678  Windows directory: C:\Windows
17:26:53.0175 0x1678  System windows directory: C:\Windows
17:26:53.0175 0x1678  Running under WOW64
17:26:53.0175 0x1678  Processor architecture: Intel x64
17:26:53.0175 0x1678  Number of processors: 4
17:26:53.0175 0x1678  Page size: 0x1000
17:26:53.0175 0x1678  Boot type: Normal boot
17:26:53.0175 0x1678  ============================================================
17:26:53.0595 0x1678  KLMD registered as C:\Windows\system32\drivers\14114013.sys
17:26:53.0938 0x1678  System UUID: {F28DFE37-9756-B15D-0711-0AE2BFC5D619}
17:26:54.0559 0x1678  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:26:54.0575 0x1678  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:26:54.0576 0x1678  ============================================================
17:26:54.0576 0x1678  \Device\Harddisk0\DR0:
17:26:54.0576 0x1678  GPT partitions:
17:26:54.0577 0x1678  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {A598549B-4129-4FB0-BC4F-B5EA5302009C}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
17:26:54.0577 0x1678  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {9A5EBC7C-C05A-46A6-B140-84B05AB05A26}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
17:26:54.0577 0x1678  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {E0306310-EA14-4CFA-989C-13AE582A71A1}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0x3A313800
17:26:54.0577 0x1678  MBR partitions:
17:26:54.0577 0x1678  \Device\Harddisk1\DR1:
17:26:54.0578 0x1678  MBR partitions:
17:26:54.0578 0x1678  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x3A384C02
17:26:54.0578 0x1678  ============================================================
17:26:54.0579 0x1678  C: <-> \Device\Harddisk0\DR0\Partition3
17:26:54.0579 0x1678  F: <-> \Device\Harddisk1\DR1\Partition1
17:26:54.0580 0x1678  ============================================================
17:26:54.0580 0x1678  Initialize success
17:26:54.0580 0x1678  ============================================================
17:26:59.0681 0x1be4  ============================================================
17:26:59.0681 0x1be4  Scan started
17:26:59.0681 0x1be4  Mode: Manual; 
17:26:59.0681 0x1be4  ============================================================
17:26:59.0681 0x1be4  KSN ping started
17:27:13.0395 0x1be4  KSN ping finished: true
17:27:13.0839 0x1be4  ================ Scan system memory ========================
17:27:13.0839 0x1be4  System memory - ok
17:27:13.0840 0x1be4  ================ Scan services =============================
17:27:13.0972 0x1be4  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:27:13.0981 0x1be4  1394ohci - ok
17:27:14.0005 0x1be4  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] 51cdb72         C:\Windows\system32\rundll32.exe
17:27:14.0008 0x1be4  51cdb72 - ok
17:27:14.0022 0x1be4  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:27:14.0030 0x1be4  ACPI - ok
17:27:14.0036 0x1be4  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:27:14.0037 0x1be4  AcpiPmi - ok
17:27:14.0083 0x1be4  [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:27:14.0085 0x1be4  AdobeARMservice - ok
17:27:14.0116 0x1be4  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
17:27:14.0128 0x1be4  adp94xx - ok
17:27:14.0143 0x1be4  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
17:27:14.0151 0x1be4  adpahci - ok
17:27:14.0161 0x1be4  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
17:27:14.0166 0x1be4  adpu320 - ok
17:27:14.0181 0x1be4  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:27:14.0184 0x1be4  AeLookupSvc - ok
17:27:14.0205 0x1be4  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
17:27:14.0217 0x1be4  AFD - ok
17:27:14.0224 0x1be4  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
17:27:14.0226 0x1be4  agp440 - ok
17:27:14.0232 0x1be4  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
17:27:14.0235 0x1be4  ALG - ok
17:27:14.0241 0x1be4  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:27:14.0242 0x1be4  aliide - ok
17:27:14.0260 0x1be4  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
17:27:14.0261 0x1be4  amdide - ok
17:27:14.0266 0x1be4  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
17:27:14.0269 0x1be4  AmdK8 - ok
17:27:14.0274 0x1be4  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
17:27:14.0276 0x1be4  AmdPPM - ok
17:27:14.0283 0x1be4  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:27:14.0286 0x1be4  amdsata - ok
17:27:14.0296 0x1be4  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
17:27:14.0301 0x1be4  amdsbs - ok
17:27:14.0322 0x1be4  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:27:14.0323 0x1be4  amdxata - ok
17:27:14.0329 0x1be4  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
17:27:14.0330 0x1be4  AppID - ok
17:27:14.0337 0x1be4  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:27:14.0338 0x1be4  AppIDSvc - ok
17:27:14.0358 0x1be4  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
17:27:14.0360 0x1be4  Appinfo - ok
17:27:14.0379 0x1be4  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
17:27:14.0384 0x1be4  AppMgmt - ok
17:27:14.0391 0x1be4  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
17:27:14.0393 0x1be4  arc - ok
17:27:14.0401 0x1be4  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:27:14.0404 0x1be4  arcsas - ok
17:27:14.0438 0x1be4  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:27:14.0439 0x1be4  aspnet_state - ok
17:27:14.0452 0x1be4  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:27:14.0453 0x1be4  AsyncMac - ok
17:27:14.0459 0x1be4  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
17:27:14.0459 0x1be4  atapi - ok
17:27:14.0491 0x1be4  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:27:14.0507 0x1be4  AudioEndpointBuilder - ok
17:27:14.0529 0x1be4  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:27:14.0545 0x1be4  AudioSrv - ok
17:27:14.0586 0x1be4  [ F9E224D23B9E0527916DD92FDDDCD524, F4DBDA41DFADBD80F05DA5938B4E6C85F7C952DA1B0044957A9D43B9EE138C52 ] AvrcpService    C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe
17:27:14.0589 0x1be4  AvrcpService - ok
17:27:14.0602 0x1be4  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:27:14.0608 0x1be4  AxInstSV - ok
17:27:14.0630 0x1be4  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
17:27:14.0642 0x1be4  b06bdrv - ok
17:27:14.0667 0x1be4  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:27:14.0673 0x1be4  b57nd60a - ok
17:27:14.0682 0x1be4  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:27:14.0686 0x1be4  BDESVC - ok
17:27:14.0690 0x1be4  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:27:14.0691 0x1be4  Beep - ok
17:27:14.0762 0x1be4  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
17:27:14.0778 0x1be4  BFE - ok
17:27:14.0808 0x1be4  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
17:27:14.0829 0x1be4  BITS - ok
17:27:14.0836 0x1be4  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:27:14.0837 0x1be4  blbdrive - ok
17:27:14.0843 0x1be4  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:27:14.0846 0x1be4  bowser - ok
17:27:14.0852 0x1be4  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
17:27:14.0853 0x1be4  BrFiltLo - ok
17:27:14.0858 0x1be4  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
17:27:14.0858 0x1be4  BrFiltUp - ok
17:27:14.0891 0x1be4  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
17:27:14.0895 0x1be4  Browser - ok
17:27:14.0916 0x1be4  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:27:14.0923 0x1be4  Brserid - ok
17:27:14.0928 0x1be4  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:27:14.0930 0x1be4  BrSerWdm - ok
17:27:14.0936 0x1be4  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:27:14.0937 0x1be4  BrUsbMdm - ok
17:27:14.0942 0x1be4  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:27:14.0942 0x1be4  BrUsbSer - ok
17:27:14.0948 0x1be4  [ 2A3FE426DBC136A22D69CD69A8C57896, 931EC1CD229A75E525D720BD3BABDFE8F25EB8444C3512D8361B573ABDDC25BA ] BTDevManager    C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
17:27:14.0951 0x1be4  BTDevManager - ok
17:27:14.0957 0x1be4  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
17:27:14.0958 0x1be4  BthEnum - ok
17:27:14.0965 0x1be4  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
17:27:14.0968 0x1be4  BTHMODEM - ok
17:27:14.0975 0x1be4  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
17:27:14.0978 0x1be4  BthPan - ok
17:27:15.0015 0x1be4  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
17:27:15.0028 0x1be4  BTHPORT - ok
17:27:15.0040 0x1be4  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
17:27:15.0042 0x1be4  bthserv - ok
17:27:15.0049 0x1be4  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
17:27:15.0052 0x1be4  BTHUSB - ok
17:27:15.0071 0x1be4  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:27:15.0074 0x1be4  cdfs - ok
17:27:15.0081 0x1be4  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:27:15.0085 0x1be4  cdrom - ok
17:27:15.0095 0x1be4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
17:27:15.0098 0x1be4  CertPropSvc - ok
17:27:15.0105 0x1be4  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
17:27:15.0107 0x1be4  circlass - ok
17:27:15.0120 0x1be4  [ FA8B58F49F253F326A45395C7D877F97, 6DE43ED706679BDDDA9B8AD2C01A27CC03C2C684EF27FC01D68FC1622EDC85DA ] ClaraUpdater    C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe
17:27:15.0129 0x1be4  ClaraUpdater - ok
17:27:15.0156 0x1be4  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
17:27:15.0165 0x1be4  CLFS - ok
17:27:15.0177 0x1be4  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:27:15.0179 0x1be4  clr_optimization_v2.0.50727_32 - ok
17:27:15.0191 0x1be4  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:27:15.0193 0x1be4  clr_optimization_v2.0.50727_64 - ok
17:27:15.0217 0x1be4  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:27:15.0220 0x1be4  clr_optimization_v4.0.30319_32 - ok
17:27:15.0227 0x1be4  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:27:15.0230 0x1be4  clr_optimization_v4.0.30319_64 - ok
17:27:15.0236 0x1be4  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:27:15.0237 0x1be4  CmBatt - ok
17:27:15.0241 0x1be4  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:27:15.0242 0x1be4  cmdide - ok
17:27:15.0261 0x1be4  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
17:27:15.0271 0x1be4  CNG - ok
17:27:15.0276 0x1be4  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:27:15.0277 0x1be4  Compbatt - ok
17:27:15.0281 0x1be4  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
17:27:15.0283 0x1be4  CompositeBus - ok
17:27:15.0294 0x1be4  COMSysApp - ok
17:27:15.0362 0x1be4  [ 863A213EEE8E40C4EE112189636F1586, 60E9F9B8C7A19E06FA048CDABA92594F4504511A42B4B76EEDB4583C2154DB87 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
17:27:15.0376 0x1be4  cphs - ok
17:27:15.0384 0x1be4  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
17:27:15.0386 0x1be4  crcdisk - ok
17:27:15.0409 0x1be4  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:27:15.0414 0x1be4  CryptSvc - ok
17:27:15.0434 0x1be4  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
17:27:15.0446 0x1be4  CSC - ok
17:27:15.0482 0x1be4  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
17:27:15.0500 0x1be4  CscService - ok
17:27:15.0534 0x1be4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:27:15.0547 0x1be4  DcomLaunch - ok
17:27:15.0562 0x1be4  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
17:27:15.0570 0x1be4  defragsvc - ok
17:27:15.0577 0x1be4  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:27:15.0579 0x1be4  DfsC - ok
17:27:15.0607 0x1be4  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:27:15.0615 0x1be4  Dhcp - ok
17:27:15.0621 0x1be4  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
17:27:15.0622 0x1be4  discache - ok
17:27:15.0628 0x1be4  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
17:27:15.0630 0x1be4  Disk - ok
17:27:15.0639 0x1be4  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
17:27:15.0641 0x1be4  dmvsc - ok
17:27:15.0652 0x1be4  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:27:15.0656 0x1be4  Dnscache - ok
17:27:15.0670 0x1be4  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:27:15.0676 0x1be4  dot3svc - ok
17:27:15.0700 0x1be4  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
17:27:15.0705 0x1be4  DPS - ok
17:27:15.0709 0x1be4  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:27:15.0710 0x1be4  drmkaud - ok
17:27:15.0755 0x1be4  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:27:15.0779 0x1be4  DXGKrnl - ok
17:27:15.0799 0x1be4  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
17:27:15.0803 0x1be4  EapHost - ok
17:27:15.0939 0x1be4  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
17:27:16.0024 0x1be4  ebdrv - ok
17:27:16.0036 0x1be4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
17:27:16.0037 0x1be4  EFS - ok
17:27:16.0141 0x1be4  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:27:16.0158 0x1be4  ehRecvr - ok
17:27:16.0165 0x1be4  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
17:27:16.0169 0x1be4  ehSched - ok
17:27:16.0201 0x1be4  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
17:27:16.0215 0x1be4  elxstor - ok
17:27:16.0220 0x1be4  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:27:16.0220 0x1be4  ErrDev - ok
17:27:16.0249 0x1be4  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
17:27:16.0259 0x1be4  EventSystem - ok
17:27:16.0269 0x1be4  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
17:27:16.0274 0x1be4  exfat - ok
17:27:16.0283 0x1be4  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:27:16.0288 0x1be4  fastfat - ok
17:27:16.0313 0x1be4  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
17:27:16.0330 0x1be4  Fax - ok
17:27:16.0336 0x1be4  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
17:27:16.0337 0x1be4  fdc - ok
17:27:16.0344 0x1be4  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
17:27:16.0346 0x1be4  fdPHost - ok
17:27:16.0352 0x1be4  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:27:16.0354 0x1be4  FDResPub - ok
17:27:16.0359 0x1be4  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:27:16.0361 0x1be4  FileInfo - ok
17:27:16.0368 0x1be4  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:27:16.0369 0x1be4  Filetrace - ok
17:27:16.0373 0x1be4  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
17:27:16.0374 0x1be4  flpydisk - ok
17:27:16.0386 0x1be4  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:27:16.0392 0x1be4  FltMgr - ok
17:27:16.0475 0x1be4  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
17:27:16.0503 0x1be4  FontCache - ok
17:27:16.0510 0x1be4  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:27:16.0512 0x1be4  FontCache3.0.0.0 - ok
17:27:16.0517 0x1be4  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:27:16.0519 0x1be4  FsDepends - ok
17:27:16.0523 0x1be4  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:27:16.0524 0x1be4  Fs_Rec - ok
17:27:16.0536 0x1be4  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:27:16.0541 0x1be4  fvevol - ok
17:27:16.0547 0x1be4  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:27:16.0549 0x1be4  gagp30kx - ok
17:27:16.0567 0x1be4  globalUpdate - ok
17:27:16.0572 0x1be4  globalUpdatem - ok
17:27:16.0611 0x1be4  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
17:27:16.0630 0x1be4  gpsvc - ok
17:27:16.0636 0x1be4  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:27:16.0637 0x1be4  hcw85cir - ok
17:27:16.0651 0x1be4  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:27:16.0659 0x1be4  HdAudAddService - ok
17:27:16.0668 0x1be4  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:27:16.0671 0x1be4  HDAudBus - ok
17:27:16.0675 0x1be4  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
17:27:16.0676 0x1be4  HidBatt - ok
17:27:16.0683 0x1be4  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:27:16.0686 0x1be4  HidBth - ok
17:27:16.0692 0x1be4  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
17:27:16.0693 0x1be4  HidIr - ok
17:27:16.0704 0x1be4  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
17:27:16.0706 0x1be4  hidserv - ok
17:27:16.0718 0x1be4  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:27:16.0719 0x1be4  HidUsb - ok
17:27:16.0725 0x1be4  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:27:16.0729 0x1be4  hkmsvc - ok
17:27:16.0746 0x1be4  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:27:16.0752 0x1be4  HomeGroupListener - ok
17:27:16.0771 0x1be4  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:27:16.0777 0x1be4  HomeGroupProvider - ok
17:27:16.0784 0x1be4  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:27:16.0786 0x1be4  HpSAMD - ok
17:27:16.0809 0x1be4  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:27:16.0827 0x1be4  HTTP - ok
17:27:16.0832 0x1be4  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:27:16.0833 0x1be4  hwpolicy - ok
17:27:16.0840 0x1be4  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:27:16.0842 0x1be4  i8042prt - ok
17:27:16.0862 0x1be4  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:27:16.0872 0x1be4  iaStorV - ok
17:27:16.0915 0x1be4  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:27:16.0935 0x1be4  idsvc - ok
17:27:16.0940 0x1be4  IEEtwCollectorService - ok
17:27:16.0971 0x1be4  IePluginServices - ok
17:27:17.0141 0x1be4  [ 78C66B3AFEEE9DB358FC365105FAA69A, 8601D75B39FE417B2DB7C11875640F2BE8909381243EF4BBFD49B43B5891DC0E ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
17:27:17.0240 0x1be4  igfx - ok
17:27:17.0257 0x1be4  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
17:27:17.0258 0x1be4  iirsp - ok
17:27:17.0289 0x1be4  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
17:27:17.0309 0x1be4  IKEEXT - ok
17:27:17.0513 0x1be4  [ 70DD225646BF84233E18890583E57EFB, 657CFBEBE5C131873BB0B28F6C719772E19D51B48A795E459C388C8EC5EE655B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:27:17.0606 0x1be4  IntcAzAudAddService - ok
17:27:17.0630 0x1be4  [ EC80E6B9E27DC3E22ED5B2E0E75A39C0, 8EEC89F88AE79DA256BB651983397773F6B25139006C8A7C8F77960F47774CF5 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
17:27:17.0641 0x1be4  IntcDAud - ok
17:27:17.0678 0x1be4  [ 0DB1E3F6189C628675F855C0EB510419, 989F539E82105019D2D81255369B96DC65826CD2A421DA09809155B26F69C555 ] Intel(R) Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe
17:27:17.0695 0x1be4  Intel(R) Capability Licensing Service Interface - ok
17:27:17.0725 0x1be4  [ 492AAF2FF66F437F0E796574B116EFC3, 6BF21C61ED05705DD58203952A750D1AB4D4B62F3A2B640BBBD9B85D1ECC3E5C ] Intel(R) Capability Licensing Service TCP IP Interface c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
17:27:17.0744 0x1be4  Intel(R) Capability Licensing Service TCP IP Interface - ok
17:27:17.0776 0x1be4  [ 57739E742ABC085C2A4340D4404B4A8B, B4B85C35AC96D11F5940AFCB15A2B2A41D70E3C392E1D4D9353899FA140FF281 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
17:27:17.0779 0x1be4  Intel(R) ME Service - ok
17:27:17.0785 0x1be4  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
17:27:17.0786 0x1be4  intelide - ok
17:27:17.0791 0x1be4  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:27:17.0793 0x1be4  intelppm - ok
17:27:17.0802 0x1be4  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:27:17.0805 0x1be4  IPBusEnum - ok
17:27:17.0811 0x1be4  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:27:17.0813 0x1be4  IpFilterDriver - ok
17:27:17.0840 0x1be4  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:27:17.0854 0x1be4  iphlpsvc - ok
17:27:17.0861 0x1be4  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:27:17.0863 0x1be4  IPMIDRV - ok
17:27:17.0870 0x1be4  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:27:17.0873 0x1be4  IPNAT - ok
17:27:17.0878 0x1be4  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:27:17.0878 0x1be4  IRENUM - ok
17:27:17.0894 0x1be4  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:27:17.0894 0x1be4  isapnp - ok
17:27:17.0908 0x1be4  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:27:17.0915 0x1be4  iScsiPrt - ok
17:27:17.0920 0x1be4  [ 3AD2F2F5D891FD49F9305D394BCF7A54, 7567F0DF0E527BAC1651A4A39B5252AF2B1F186B5FD4F0122B3B30207972F0E4 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
17:27:17.0921 0x1be4  iusb3hcs - ok
17:27:17.0937 0x1be4  [ F7248248D3F126E07E22193F3E5DDF77, A11FD50CFE329B4AE07387A31581BC01A972917F451C4257CDB45F818074EE9B ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
17:27:17.0946 0x1be4  iusb3hub - ok
17:27:17.0975 0x1be4  [ AF7F994D4E9C37D54E9CDB6880D83205, A74F99786BC302101B4BEDEF543DBE85D75A2B1FEC6B4513626E6B941EF8D6A9 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
17:27:17.0994 0x1be4  iusb3xhc - ok
17:27:18.0005 0x1be4  [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
17:27:18.0009 0x1be4  jhi_service - ok
17:27:18.0015 0x1be4  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:27:18.0017 0x1be4  kbdclass - ok
17:27:18.0034 0x1be4  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:27:18.0035 0x1be4  kbdhid - ok
17:27:18.0040 0x1be4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
17:27:18.0041 0x1be4  KeyIso - ok
17:27:18.0048 0x1be4  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:27:18.0051 0x1be4  KSecDD - ok
17:27:18.0059 0x1be4  [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:27:18.0063 0x1be4  KSecPkg - ok
17:27:18.0069 0x1be4  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:27:18.0070 0x1be4  ksthunk - ok
17:27:18.0084 0x1be4  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:27:18.0094 0x1be4  KtmRm - ok
17:27:18.0117 0x1be4  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:27:18.0124 0x1be4  LanmanServer - ok
17:27:18.0140 0x1be4  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:27:18.0144 0x1be4  LanmanWorkstation - ok
17:27:18.0154 0x1be4  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:27:18.0155 0x1be4  lltdio - ok
17:27:18.0168 0x1be4  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:27:18.0176 0x1be4  lltdsvc - ok
17:27:18.0183 0x1be4  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:27:18.0185 0x1be4  lmhosts - ok
17:27:18.0212 0x1be4  [ 6A35B295812CE7064CFBCD9F254169CF, 561DD131FED6F90686D8C031B45B87B6D065C7E0C8804AEFCDE239725AAEE43E ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:27:18.0221 0x1be4  LMS - ok
17:27:18.0252 0x1be4  [ 99468F9F7323DFC85DDFDD37ED4CBF50, 8A10C04EE3E50CAF81C9AC3600B21AAA8F265AE9FB7020AC44AC4C755DFCF572 ] lsdprn          C:\Windows\SysWOW64\lsdprn.exe
17:27:18.0259 0x1be4  lsdprn - ok
17:27:18.0266 0x1be4  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:27:18.0269 0x1be4  LSI_FC - ok
17:27:18.0276 0x1be4  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
17:27:18.0279 0x1be4  LSI_SAS - ok
17:27:18.0297 0x1be4  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
17:27:18.0300 0x1be4  LSI_SAS2 - ok
17:27:18.0308 0x1be4  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:27:18.0311 0x1be4  LSI_SCSI - ok
17:27:18.0319 0x1be4  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
17:27:18.0322 0x1be4  luafv - ok
17:27:18.0329 0x1be4  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:27:18.0332 0x1be4  Mcx2Svc - ok
17:27:18.0349 0x1be4  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
17:27:18.0351 0x1be4  megasas - ok
17:27:18.0363 0x1be4  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
17:27:18.0370 0x1be4  MegaSR - ok
17:27:18.0383 0x1be4  [ 926C135CFB0C75B32FB714B5C0C58FAA, AF627CD125794B69D450D298D5608D357F2C91FB89EBFAA0DA2A0F07C6A304A8 ] MEIx64          C:\Windows\system32\DRIVERS\TeeDriverx64.sys
17:27:18.0385 0x1be4  MEIx64 - ok
17:27:18.0397 0x1be4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
17:27:18.0400 0x1be4  MMCSS - ok
17:27:18.0405 0x1be4  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
17:27:18.0406 0x1be4  Modem - ok
17:27:18.0411 0x1be4  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:27:18.0412 0x1be4  monitor - ok
17:27:18.0425 0x1be4  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:27:18.0426 0x1be4  mouclass - ok
17:27:18.0432 0x1be4  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:27:18.0433 0x1be4  mouhid - ok
17:27:18.0439 0x1be4  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:27:18.0442 0x1be4  mountmgr - ok
17:27:18.0450 0x1be4  [ DEA022193DF8C88F6E2B3E33D148A5DB, 97DFC47DB83E04A975A1969AA120385463FCAF4E1A9984FD3220442D7026B45A ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:27:18.0453 0x1be4  MozillaMaintenance - ok
17:27:18.0467 0x1be4  [ 6439D1E559D08BD8A1465A8943357053, 0E300508C22D12FBA3BE566B722F574CBE1B4A1A305356B92B8EA8B86267071B ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
17:27:18.0473 0x1be4  MpFilter - ok
17:27:18.0493 0x1be4  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:27:18.0497 0x1be4  mpio - ok
17:27:18.0503 0x1be4  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:27:18.0505 0x1be4  mpsdrv - ok
17:27:18.0535 0x1be4  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:27:18.0555 0x1be4  MpsSvc - ok
17:27:18.0564 0x1be4  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:27:18.0568 0x1be4  MRxDAV - ok
17:27:18.0576 0x1be4  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:27:18.0581 0x1be4  mrxsmb - ok
17:27:18.0595 0x1be4  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:27:18.0602 0x1be4  mrxsmb10 - ok
17:27:18.0609 0x1be4  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:27:18.0613 0x1be4  mrxsmb20 - ok
17:27:18.0619 0x1be4  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:27:18.0620 0x1be4  msahci - ok
17:27:18.0638 0x1be4  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:27:18.0641 0x1be4  msdsm - ok
17:27:18.0657 0x1be4  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
17:27:18.0661 0x1be4  MSDTC - ok
17:27:18.0670 0x1be4  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:27:18.0671 0x1be4  Msfs - ok
17:27:18.0675 0x1be4  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:27:18.0675 0x1be4  mshidkmdf - ok
17:27:18.0681 0x1be4  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:27:18.0682 0x1be4  msisadrv - ok
17:27:18.0690 0x1be4  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:27:18.0695 0x1be4  MSiSCSI - ok
17:27:18.0700 0x1be4  msiserver - ok
17:27:18.0705 0x1be4  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:27:18.0706 0x1be4  MSKSSRV - ok
17:27:18.0719 0x1be4  [ F0D5494D8B177C37E16966262F5D0F68, DD63427DFFD9DD2BEC8336F6AD1BEFE347012331631DC5FEC65E83B1EACDBC67 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:27:18.0719 0x1be4  MsMpSvc - ok
17:27:18.0723 0x1be4  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:27:18.0724 0x1be4  MSPCLOCK - ok
17:27:18.0729 0x1be4  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:27:18.0730 0x1be4  MSPQM - ok
17:27:18.0747 0x1be4  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:27:18.0757 0x1be4  MsRPC - ok
17:27:18.0764 0x1be4  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:27:18.0766 0x1be4  mssmbios - ok
17:27:18.0770 0x1be4  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:27:18.0770 0x1be4  MSTEE - ok
17:27:18.0775 0x1be4  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
17:27:18.0776 0x1be4  MTConfig - ok
17:27:18.0782 0x1be4  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
17:27:18.0784 0x1be4  Mup - ok
17:27:18.0802 0x1be4  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
17:27:18.0815 0x1be4  napagent - ok
17:27:18.0846 0x1be4  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:27:18.0854 0x1be4  NativeWifiP - ok
17:27:18.0908 0x1be4  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:27:18.0930 0x1be4  NDIS - ok
17:27:18.0936 0x1be4  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:27:18.0937 0x1be4  NdisCap - ok
17:27:18.0943 0x1be4  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:27:18.0944 0x1be4  NdisTapi - ok
17:27:18.0951 0x1be4  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:27:18.0952 0x1be4  Ndisuio - ok
17:27:18.0960 0x1be4  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:27:18.0965 0x1be4  NdisWan - ok
17:27:18.0970 0x1be4  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:27:18.0972 0x1be4  NDProxy - ok
17:27:18.0977 0x1be4  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:27:18.0978 0x1be4  NetBIOS - ok
17:27:18.0993 0x1be4  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:27:18.0999 0x1be4  NetBT - ok
17:27:19.0004 0x1be4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
17:27:19.0005 0x1be4  Netlogon - ok
17:27:19.0027 0x1be4  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
17:27:19.0037 0x1be4  Netman - ok
17:27:19.0056 0x1be4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:27:19.0059 0x1be4  NetMsmqActivator - ok
17:27:19.0068 0x1be4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:27:19.0071 0x1be4  NetPipeActivator - ok
17:27:19.0088 0x1be4  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
17:27:19.0100 0x1be4  netprofm - ok
17:27:19.0107 0x1be4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:27:19.0111 0x1be4  NetTcpActivator - ok
17:27:19.0118 0x1be4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:27:19.0122 0x1be4  NetTcpPortSharing - ok
17:27:19.0127 0x1be4  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
17:27:19.0129 0x1be4  nfrd960 - ok
17:27:19.0137 0x1be4  [ F9EEFFC65C68A45001D1349E652B8B6F, E5F223129416083A12A85D48C65B2C8D1BF1124110399938E144308C89F9241D ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:27:19.0141 0x1be4  NisDrv - ok
17:27:19.0169 0x1be4  [ 9690F420A99364C1E5C439914B0DE25C, 6C6E0B27C4255001FE5F1EAD911DE1A8BF922C405B0C8031A6BD253CEB1D02A6 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
17:27:19.0178 0x1be4  NisSrv - ok
17:27:19.0190 0x1be4  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:27:19.0198 0x1be4  NlaSvc - ok
17:27:19.0204 0x1be4  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:27:19.0205 0x1be4  Npfs - ok
17:27:19.0216 0x1be4  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
17:27:19.0218 0x1be4  nsi - ok
17:27:19.0222 0x1be4  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:27:19.0223 0x1be4  nsiproxy - ok
17:27:19.0296 0x1be4  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:27:19.0335 0x1be4  Ntfs - ok
17:27:19.0342 0x1be4  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
17:27:19.0343 0x1be4  Null - ok
17:27:19.0352 0x1be4  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:27:19.0356 0x1be4  nvraid - ok
17:27:19.0378 0x1be4  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:27:19.0383 0x1be4  nvstor - ok
17:27:19.0391 0x1be4  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:27:19.0394 0x1be4  nv_agp - ok
17:27:19.0401 0x1be4  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:27:19.0403 0x1be4  ohci1394 - ok
17:27:19.0432 0x1be4  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:27:19.0436 0x1be4  ose - ok
17:27:19.0651 0x1be4  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:27:19.0765 0x1be4  osppsvc - ok
17:27:19.0787 0x1be4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:27:19.0796 0x1be4  p2pimsvc - ok
17:27:19.0824 0x1be4  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
17:27:19.0835 0x1be4  p2psvc - ok
17:27:19.0842 0x1be4  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
17:27:19.0845 0x1be4  Parport - ok
17:27:19.0852 0x1be4  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:27:19.0854 0x1be4  partmgr - ok
17:27:19.0865 0x1be4  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:27:19.0870 0x1be4  PcaSvc - ok
17:27:19.0879 0x1be4  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
17:27:19.0884 0x1be4  pci - ok
17:27:19.0889 0x1be4  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
17:27:19.0889 0x1be4  pciide - ok
17:27:19.0900 0x1be4  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:27:19.0905 0x1be4  pcmcia - ok
17:27:19.0917 0x1be4  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:27:19.0919 0x1be4  pcw - ok
17:27:19.0941 0x1be4  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:27:19.0957 0x1be4  PEAUTH - ok
17:27:20.0002 0x1be4  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
17:27:20.0035 0x1be4  PeerDistSvc - ok
17:27:20.0044 0x1be4  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:27:20.0045 0x1be4  PerfHost - ok
17:27:20.0142 0x1be4  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
17:27:20.0175 0x1be4  pla - ok
17:27:20.0199 0x1be4  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:27:20.0210 0x1be4  PlugPlay - ok
17:27:20.0216 0x1be4  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:27:20.0218 0x1be4  PNRPAutoReg - ok
17:27:20.0230 0x1be4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:27:20.0239 0x1be4  PNRPsvc - ok
17:27:20.0258 0x1be4  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:27:20.0271 0x1be4  PolicyAgent - ok
17:27:20.0295 0x1be4  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
17:27:20.0301 0x1be4  Power - ok
17:27:20.0308 0x1be4  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:27:20.0311 0x1be4  PptpMiniport - ok
17:27:20.0317 0x1be4  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
17:27:20.0319 0x1be4  Processor - ok
17:27:20.0332 0x1be4  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:27:20.0339 0x1be4  ProfSvc - ok
17:27:20.0343 0x1be4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:27:20.0345 0x1be4  ProtectedStorage - ok
17:27:20.0354 0x1be4  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:27:20.0357 0x1be4  Psched - ok
17:27:20.0415 0x1be4  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:27:20.0450 0x1be4  ql2300 - ok
17:27:20.0460 0x1be4  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:27:20.0463 0x1be4  ql40xx - ok
17:27:20.0474 0x1be4  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
17:27:20.0481 0x1be4  QWAVE - ok
17:27:20.0486 0x1be4  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:27:20.0488 0x1be4  QWAVEdrv - ok
17:27:20.0493 0x1be4  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:27:20.0493 0x1be4  RasAcd - ok
17:27:20.0500 0x1be4  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:27:20.0502 0x1be4  RasAgileVpn - ok
17:27:20.0509 0x1be4  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
17:27:20.0512 0x1be4  RasAuto - ok
17:27:20.0520 0x1be4  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:27:20.0524 0x1be4  Rasl2tp - ok
17:27:20.0552 0x1be4  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
17:27:20.0562 0x1be4  RasMan - ok
17:27:20.0569 0x1be4  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:27:20.0572 0x1be4  RasPppoe - ok
17:27:20.0578 0x1be4  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:27:20.0580 0x1be4  RasSstp - ok
17:27:20.0594 0x1be4  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:27:20.0602 0x1be4  rdbss - ok
17:27:20.0607 0x1be4  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:27:20.0608 0x1be4  rdpbus - ok
17:27:20.0612 0x1be4  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:27:20.0612 0x1be4  RDPCDD - ok
17:27:20.0624 0x1be4  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
17:27:20.0628 0x1be4  RDPDR - ok
17:27:20.0634 0x1be4  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:27:20.0634 0x1be4  RDPENCDD - ok
17:27:20.0640 0x1be4  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:27:20.0641 0x1be4  RDPREFMP - ok
17:27:20.0652 0x1be4  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:27:20.0657 0x1be4  RDPWD - ok
17:27:20.0673 0x1be4  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:27:20.0680 0x1be4  rdyboost - ok
17:27:20.0687 0x1be4  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:27:20.0690 0x1be4  RemoteAccess - ok
17:27:20.0699 0x1be4  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:27:20.0704 0x1be4  RemoteRegistry - ok
17:27:20.0725 0x1be4  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
17:27:20.0729 0x1be4  RFCOMM - ok
17:27:20.0740 0x1be4  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:27:20.0744 0x1be4  RpcEptMapper - ok
17:27:20.0749 0x1be4  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
17:27:20.0750 0x1be4  RpcLocator - ok
17:27:20.0781 0x1be4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
17:27:20.0795 0x1be4  RpcSs - ok
17:27:20.0801 0x1be4  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:27:20.0804 0x1be4  rspndr - ok
17:27:20.0855 0x1be4  [ 543AFFECD35CFABD4490661F83685A0D, 819C022284E54C950D1144B9260C944D493CB4646713B30790818EFC99B82CCB ] RtkBleServ      C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe
17:27:20.0856 0x1be4  RtkBleServ - ok
17:27:20.0888 0x1be4  [ E60B9B95D4E5A712CC2937BEC76A4204, C55B8757096FAD6F8B52DE062F96737A17E0DB2358F133602CDAB142E3F5EF32 ] RtkBtFilter     C:\Windows\system32\DRIVERS\RtkBtfilter.sys
17:27:20.0903 0x1be4  RtkBtFilter - ok
17:27:20.0943 0x1be4  [ 46596144363B912105F70016F0E2F908, 199FF8BFA60D8E9662F3C785146FAED3231B514D260F795B2B9857DC1EEB2E4B ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
17:27:20.0964 0x1be4  RTL8167 - ok
17:27:21.0116 0x1be4  [ A4EAF68208D8D5A5A218425EFAE70D93, 53FD84714BC42C51BD81ABC1BD1382420B0E4AF502105EBC2CBB93885B97B320 ] RTWlanE         C:\Windows\system32\DRIVERS\rtwlane.sys
17:27:21.0192 0x1be4  RTWlanE - ok
17:27:21.0201 0x1be4  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
17:27:21.0202 0x1be4  s3cap - ok
17:27:21.0207 0x1be4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
17:27:21.0208 0x1be4  SamSs - ok
17:27:21.0223 0x1be4  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:27:21.0227 0x1be4  sbp2port - ok
17:27:21.0238 0x1be4  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:27:21.0244 0x1be4  SCardSvr - ok
17:27:21.0250 0x1be4  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:27:21.0251 0x1be4  scfilter - ok
17:27:21.0301 0x1be4  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
17:27:21.0328 0x1be4  Schedule - ok
17:27:21.0344 0x1be4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:27:21.0347 0x1be4  SCPolicySvc - ok
17:27:21.0356 0x1be4  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:27:21.0361 0x1be4  SDRSVC - ok
17:27:21.0367 0x1be4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:27:21.0368 0x1be4  secdrv - ok
17:27:21.0373 0x1be4  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
17:27:21.0375 0x1be4  seclogon - ok
17:27:21.0391 0x1be4  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
17:27:21.0394 0x1be4  SENS - ok
17:27:21.0401 0x1be4  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:27:21.0403 0x1be4  SensrSvc - ok
17:27:21.0408 0x1be4  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
17:27:21.0409 0x1be4  Serenum - ok
17:27:21.0415 0x1be4  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
17:27:21.0417 0x1be4  Serial - ok
17:27:21.0422 0x1be4  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:27:21.0423 0x1be4  sermouse - ok
17:27:21.0437 0x1be4  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
17:27:21.0442 0x1be4  SessionEnv - ok
17:27:21.0446 0x1be4  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:27:21.0448 0x1be4  sffdisk - ok
17:27:21.0452 0x1be4  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:27:21.0453 0x1be4  sffp_mmc - ok
17:27:21.0457 0x1be4  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:27:21.0458 0x1be4  sffp_sd - ok
17:27:21.0463 0x1be4  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
17:27:21.0465 0x1be4  sfloppy - ok
17:27:21.0479 0x1be4  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:27:21.0489 0x1be4  SharedAccess - ok
17:27:21.0517 0x1be4  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:27:21.0527 0x1be4  ShellHWDetection - ok
17:27:21.0532 0x1be4  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
17:27:21.0533 0x1be4  SiSRaid2 - ok
17:27:21.0539 0x1be4  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:27:21.0542 0x1be4  SiSRaid4 - ok
17:27:21.0548 0x1be4  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:27:21.0551 0x1be4  Smb - ok
17:27:21.0559 0x1be4  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:27:21.0561 0x1be4  SNMPTRAP - ok
17:27:21.0567 0x1be4  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:27:21.0568 0x1be4  spldr - ok
17:27:21.0597 0x1be4  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
17:27:21.0612 0x1be4  Spooler - ok
17:27:21.0754 0x1be4  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
17:27:21.0836 0x1be4  sppsvc - ok
17:27:21.0848 0x1be4  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:27:21.0851 0x1be4  sppuinotify - ok
17:27:21.0874 0x1be4  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:27:21.0885 0x1be4  srv - ok
17:27:21.0902 0x1be4  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:27:21.0912 0x1be4  srv2 - ok
17:27:21.0922 0x1be4  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:27:21.0926 0x1be4  srvnet - ok
17:27:21.0946 0x1be4  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:27:21.0952 0x1be4  SSDPSRV - ok
17:27:21.0958 0x1be4  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:27:21.0962 0x1be4  SstpSvc - ok
17:27:21.0967 0x1be4  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
17:27:21.0968 0x1be4  stexstor - ok
17:27:22.0001 0x1be4  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
17:27:22.0016 0x1be4  stisvc - ok
17:27:22.0022 0x1be4  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
17:27:22.0023 0x1be4  storflt - ok
17:27:22.0028 0x1be4  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
17:27:22.0030 0x1be4  StorSvc - ok
17:27:22.0035 0x1be4  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
17:27:22.0037 0x1be4  storvsc - ok
17:27:22.0041 0x1be4  [ 414E6C0BC887308C8DAE1264E077176B, 4A99B70CE33A01195F62CC1FAF2CBE95BE18C94BA0F2F31F8769CD45C546C7F8 ] SWDUMon         C:\Windows\system32\DRIVERS\SWDUMon.sys
17:27:22.0042 0x1be4  SWDUMon - ok
17:27:22.0050 0x1be4  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:27:22.0051 0x1be4  swenum - ok
17:27:22.0069 0x1be4  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
17:27:22.0083 0x1be4  swprv - ok
17:27:22.0153 0x1be4  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
17:27:22.0195 0x1be4  SysMain - ok
17:27:22.0204 0x1be4  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:27:22.0207 0x1be4  TabletInputService - ok
17:27:22.0224 0x1be4  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:27:22.0233 0x1be4  TapiSrv - ok
17:27:22.0239 0x1be4  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
17:27:22.0243 0x1be4  TBS - ok
17:27:22.0367 0x1be4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:27:22.0411 0x1be4  Tcpip - ok
17:27:22.0503 0x1be4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:27:22.0547 0x1be4  TCPIP6 - ok
17:27:22.0557 0x1be4  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:27:22.0558 0x1be4  tcpipreg - ok
17:27:22.0565 0x1be4  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:27:22.0566 0x1be4  TDPIPE - ok
17:27:22.0571 0x1be4  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:27:22.0572 0x1be4  TDTCP - ok
17:27:22.0579 0x1be4  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:27:22.0583 0x1be4  tdx - ok
17:27:22.0697 0x1be4  [ 5E53CF8AD0FD33B35000C113656AB37B, D274DABC4DB03AC5B915F5111FF1218F4F2F9EC93B4A64E426BB7AD27A16C7A1 ] TeamViewer7     C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
17:27:22.0761 0x1be4  TeamViewer7 - ok
17:27:22.0771 0x1be4  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:27:22.0772 0x1be4  TermDD - ok
17:27:22.0798 0x1be4  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
17:27:22.0815 0x1be4  TermService - ok
17:27:22.0833 0x1be4  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
17:27:22.0835 0x1be4  Themes - ok
17:27:22.0841 0x1be4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
17:27:22.0844 0x1be4  THREADORDER - ok
17:27:22.0853 0x1be4  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
17:27:22.0858 0x1be4  TrkWks - ok
17:27:22.0880 0x1be4  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:27:22.0885 0x1be4  TrustedInstaller - ok
17:27:22.0892 0x1be4  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:27:22.0894 0x1be4  tssecsrv - ok
17:27:22.0900 0x1be4  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:27:22.0902 0x1be4  TsUsbFlt - ok
17:27:22.0907 0x1be4  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
17:27:22.0908 0x1be4  TsUsbGD - ok
17:27:22.0932 0x1be4  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:27:22.0935 0x1be4  tunnel - ok
17:27:22.0941 0x1be4  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:27:22.0943 0x1be4  uagp35 - ok
17:27:22.0958 0x1be4  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:27:22.0966 0x1be4  udfs - ok
17:27:22.0975 0x1be4  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:27:22.0978 0x1be4  UI0Detect - ok
17:27:22.0985 0x1be4  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:27:22.0987 0x1be4  uliagpkx - ok
17:27:22.0992 0x1be4  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:27:22.0993 0x1be4  umbus - ok
17:27:22.0999 0x1be4  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
17:27:22.0999 0x1be4  UmPass - ok
17:27:23.0010 0x1be4  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
17:27:23.0016 0x1be4  UmRdpService - ok
17:27:23.0040 0x1be4  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
17:27:23.0050 0x1be4  upnphost - ok
17:27:23.0057 0x1be4  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:27:23.0060 0x1be4  usbccgp - ok
17:27:23.0067 0x1be4  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:27:23.0070 0x1be4  usbcir - ok
17:27:23.0075 0x1be4  [ 74EE782B1D9C241EFE425565854C661C, E8258EA65B0FCAD4E077B176E9D9324646B652D6E651241E397346A39770D065 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
17:27:23.0076 0x1be4  usbehci - ok
17:27:23.0092 0x1be4  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
17:27:23.0103 0x1be4  usbhub - ok
17:27:23.0112 0x1be4  [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:27:23.0114 0x1be4  usbohci - ok
17:27:23.0125 0x1be4  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:27:23.0127 0x1be4  usbprint - ok
17:27:23.0140 0x1be4  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
17:27:23.0142 0x1be4  usbscan - ok
17:27:23.0149 0x1be4  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:27:23.0151 0x1be4  USBSTOR - ok
17:27:23.0156 0x1be4  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
17:27:23.0157 0x1be4  usbuhci - ok
17:27:23.0168 0x1be4  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
17:27:23.0173 0x1be4  usbvideo - ok
17:27:23.0188 0x1be4  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
17:27:23.0191 0x1be4  UxSms - ok
17:27:23.0195 0x1be4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
17:27:23.0197 0x1be4  VaultSvc - ok
17:27:23.0205 0x1be4  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:27:23.0208 0x1be4  vdrvroot - ok
17:27:23.0228 0x1be4  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
17:27:23.0243 0x1be4  vds - ok
17:27:23.0250 0x1be4  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:27:23.0251 0x1be4  vga - ok
17:27:23.0256 0x1be4  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:27:23.0257 0x1be4  VgaSave - ok
17:27:23.0268 0x1be4  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:27:23.0273 0x1be4  vhdmp - ok
17:27:23.0278 0x1be4  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:27:23.0279 0x1be4  viaide - ok
17:27:23.0293 0x1be4  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
17:27:23.0299 0x1be4  vmbus - ok
17:27:23.0305 0x1be4  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
17:27:23.0306 0x1be4  VMBusHID - ok
17:27:23.0313 0x1be4  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:27:23.0315 0x1be4  volmgr - ok
17:27:23.0331 0x1be4  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:27:23.0340 0x1be4  volmgrx - ok
17:27:23.0354 0x1be4  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:27:23.0361 0x1be4  volsnap - ok
17:27:23.0372 0x1be4  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
17:27:23.0377 0x1be4  vsmraid - ok
17:27:23.0444 0x1be4  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
17:27:23.0483 0x1be4  VSS - ok
17:27:23.0489 0x1be4  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:27:23.0490 0x1be4  vwifibus - ok
17:27:23.0495 0x1be4  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:27:23.0497 0x1be4  vwififlt - ok
17:27:23.0514 0x1be4  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
17:27:23.0525 0x1be4  W32Time - ok
17:27:23.0534 0x1be4  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:27:23.0535 0x1be4  WacomPen - ok
17:27:23.0542 0x1be4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:27:23.0544 0x1be4  WANARP - ok
17:27:23.0551 0x1be4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:27:23.0553 0x1be4  Wanarpv6 - ok
17:27:23.0616 0x1be4  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
17:27:23.0645 0x1be4  WatAdminSvc - ok
17:27:23.0691 0x1be4  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
17:27:23.0727 0x1be4  wbengine - ok
17:27:23.0761 0x1be4  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:27:23.0769 0x1be4  WbioSrvc - ok
17:27:23.0785 0x1be4  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:27:23.0795 0x1be4  wcncsvc - ok
17:27:23.0802 0x1be4  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:27:23.0805 0x1be4  WcsPlugInService - ok
17:27:23.0814 0x1be4  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
17:27:23.0815 0x1be4  Wd - ok
17:27:23.0843 0x1be4  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:27:23.0862 0x1be4  Wdf01000 - ok
17:27:23.0880 0x1be4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:27:23.0884 0x1be4  WdiServiceHost - ok
17:27:23.0890 0x1be4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:27:23.0894 0x1be4  WdiSystemHost - ok
17:27:23.0907 0x1be4  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
17:27:23.0915 0x1be4  WebClient - ok
17:27:23.0926 0x1be4  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:27:23.0933 0x1be4  Wecsvc - ok
17:27:23.0942 0x1be4  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:27:23.0946 0x1be4  wercplsupport - ok
17:27:23.0953 0x1be4  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:27:23.0957 0x1be4  WerSvc - ok
17:27:23.0962 0x1be4  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:27:23.0964 0x1be4  WfpLwf - ok
17:27:23.0969 0x1be4  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:27:23.0970 0x1be4  WIMMount - ok
17:27:23.0974 0x1be4  WinDefend - ok
17:27:24.0002 0x1be4  WindowsMangerProtect - ok
17:27:24.0004 0x1be4  WinHttpAutoProxySvc - ok
17:27:24.0177 0x1be4  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:27:24.0190 0x1be4  Winmgmt - ok
17:27:24.0282 0x1be4  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
17:27:24.0331 0x1be4  WinRM - ok
17:27:24.0343 0x1be4  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:27:24.0345 0x1be4  WinUsb - ok
17:27:24.0385 0x1be4  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:27:24.0408 0x1be4  Wlansvc - ok
17:27:24.0414 0x1be4  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
17:27:24.0415 0x1be4  WmiAcpi - ok
17:27:24.0427 0x1be4  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:27:24.0432 0x1be4  wmiApSrv - ok
17:27:24.0442 0x1be4  WMPNetworkSvc - ok
17:27:24.0450 0x1be4  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:27:24.0452 0x1be4  WPCSvc - ok
17:27:24.0459 0x1be4  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:27:24.0464 0x1be4  WPDBusEnum - ok
17:27:24.0470 0x1be4  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:27:24.0471 0x1be4  ws2ifsl - ok
17:27:24.0489 0x1be4  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
17:27:24.0493 0x1be4  wscsvc - ok
17:27:24.0498 0x1be4  WSearch - ok
17:27:24.0612 0x1be4  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:27:24.0671 0x1be4  wuauserv - ok
17:27:24.0682 0x1be4  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:27:24.0684 0x1be4  WudfPf - ok
17:27:24.0694 0x1be4  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:27:24.0699 0x1be4  WUDFRd - ok
17:27:24.0716 0x1be4  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:27:24.0720 0x1be4  wudfsvc - ok
17:27:24.0730 0x1be4  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:27:24.0738 0x1be4  WwanSvc - ok
17:27:24.0748 0x1be4  ================ Scan global ===============================
17:27:24.0765 0x1be4  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
17:27:24.0802 0x1be4  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
17:27:24.0821 0x1be4  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
17:27:24.0838 0x1be4  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
17:27:24.0864 0x1be4  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
17:27:24.0873 0x1be4  [ Global ] - ok
17:27:24.0873 0x1be4  ================ Scan MBR ==================================
17:27:24.0890 0x1be4  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
17:27:24.0895 0x1be4  \Device\Harddisk0\DR0 - ok
17:27:24.0919 0x1be4  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
17:27:31.0313 0x1be4  \Device\Harddisk1\DR1 - ok
17:27:31.0314 0x1be4  ================ Scan VBR ==================================
17:27:31.0320 0x1be4  [ B404DD659A8765A210A2AD0DF5EC8C16 ] \Device\Harddisk0\DR0\Partition1
17:27:31.0320 0x1be4  \Device\Harddisk0\DR0\Partition1 - ok
17:27:31.0323 0x1be4  [ D12E6CA927411140FEF4F42655969CE1 ] \Device\Harddisk0\DR0\Partition2
17:27:31.0323 0x1be4  \Device\Harddisk0\DR0\Partition2 - ok
17:27:31.0327 0x1be4  [ A2E074C7696BECC87DA32EBE7144FBBC ] \Device\Harddisk0\DR0\Partition3
17:27:31.0329 0x1be4  \Device\Harddisk0\DR0\Partition3 - ok
17:27:31.0332 0x1be4  [ EA0CA039C6CAA16FBF8F1E712678223B ] \Device\Harddisk1\DR1\Partition1
17:27:31.0348 0x1be4  \Device\Harddisk1\DR1\Partition1 - ok
17:27:31.0349 0x1be4  ================ Scan generic autorun ======================
17:27:31.0819 0x1be4  [ 37C6C318D6AFAFA2EBA99820EDF21DA6, 5693AA141B947761EE41FBDC6F16FDC5BBB5BA8EBE1DEC90AD6EF33BFAF885A5 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
17:27:32.0261 0x1be4  RtHDVCpl - ok
17:27:32.0329 0x1be4  [ 2EFD6AD223D2650B9B822374EE311CCA, EE4A6DE21DFAB55E870BBE27E924344D7BF765E5F2A356FCC1AFFA6EA56D52C1 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
17:27:32.0363 0x1be4  RtHDVBg_Dolby - ok
17:27:32.0404 0x1be4  [ 2EFD6AD223D2650B9B822374EE311CCA, EE4A6DE21DFAB55E870BBE27E924344D7BF765E5F2A356FCC1AFFA6EA56D52C1 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
17:27:32.0434 0x1be4  RtHDVBg_LENOVO_DOLBYDRAGON - ok
17:27:32.0475 0x1be4  [ 2EFD6AD223D2650B9B822374EE311CCA, EE4A6DE21DFAB55E870BBE27E924344D7BF765E5F2A356FCC1AFFA6EA56D52C1 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
17:27:32.0506 0x1be4  RtHDVBg_LENOVO_MICPKEY - ok
17:27:32.0535 0x1be4  [ E3C6E63A32CC12E510F31CEEA4999262, 2AC98C053C1DEBF12A0549728C7EBD1E7A3072CB9E57BE5C00C97ECC9FA4056F ] C:\Windows\system32\igfxtray.exe
17:27:32.0546 0x1be4  IgfxTray - ok
17:27:32.0582 0x1be4  [ BE38FADB7B361C828611B1A5EDC22186, 0AFBC5E31C90C2FF03474C303B11974A806ABD101D47A79AAA34647202D5F2B4 ] C:\Windows\system32\hkcmd.exe
17:27:32.0602 0x1be4  HotKeysCmds - ok
17:27:32.0625 0x1be4  [ 7583ABEC797AE19BD83FD23D22646C32, C52C52E80A108AC7ED6522E5773006CA5AB50761F1DD61F45D50F16550FA5BDE ] C:\Windows\system32\igfxpers.exe
17:27:32.0645 0x1be4  Persistence - ok
17:27:32.0664 0x1be4  [ 331467D59C364FC8A1C82FD92A5FA5B6, 6C44102DA3B4FE47C8438A54CF50B989527B82BC19288E9FE71906CC5024451B ] C:\Windows\SysWOW64\UMonit64.exe
17:27:32.0666 0x1be4  UMonit64 - ok
17:27:32.0689 0x1be4  [ DC57AC8A3FCFD13669D027EE56AEBCC0, FE0C3B91C69FBE36036C0D9B20A28BCD8D6B009C7297577724972BB89BFBAF44 ] C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe
17:27:32.0694 0x1be4  BtServer - ok
17:27:32.0745 0x1be4  [ A6AAD37CDCAE75CB62D039E3A4D8F5E3, 4FF763B0D129175BA1B1E794BA313E6C63F7A89D377C786BF5E730AF2A1D95D1 ] c:\Program Files\Microsoft Security Client\msseces.exe
17:27:32.0778 0x1be4  MSC - ok
17:27:32.0846 0x1be4  [ 11AABAF24A985BF026C7B86F0F7C8CA7, 26C276894EE9FB30D33115D052ED0DC364A0A17625E059D925988A3822A8AAF8 ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
17:27:32.0862 0x1be4  USB3MON - ok
17:27:32.0914 0x1be4  [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
17:27:32.0937 0x1be4  Adobe ARM - ok
17:27:32.0977 0x1be4  [ DDEFF7E98629203E66BB4298FABC5983, 59CBE0A49AAA93898831B1D64FFB1D0809736CABB4D19843DB2E99C2650D1AD9 ] C:\Program Files (x86)\PDF24\pdf24.exe
17:27:32.0981 0x1be4  PDFPrint - ok
17:27:33.0033 0x1be4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
17:27:33.0072 0x1be4  Sidebar - ok
17:27:33.0079 0x1be4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
17:27:33.0083 0x1be4  mctadmin - ok
17:27:33.0133 0x1be4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
17:27:33.0160 0x1be4  Sidebar - ok
17:27:33.0166 0x1be4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
17:27:33.0169 0x1be4  mctadmin - ok
17:27:33.0248 0x1be4  [ 35F15E1008B605711829F02D6090A691, 87946612701E58D2C1634A738F43F59253CB591A5425355FF1CA5B7F417C182F ] C:\Users\Myriam\AppData\Roaming\SmootherWeb\SmootherWeb-Installer.exe
17:27:33.0268 0x1be4  smoother - ok
17:27:33.0310 0x1be4  [ 9ED86BF07EB647A68A5AAEF65F0DF503, D836F3105A17141F2D416DBB98412C977F690BD5CA8F57EEF6AF88CF98F98935 ] C:\Users\Myriam\AppData\Local\clicup\chrmndr.exe
17:27:33.0322 0x1be4  clicup-Agent - ok
17:27:33.0590 0x1be4  [ 05AD6DFEC9D08F7B95A2B35C47A02F5B, 7D17A260350C04654A3215DB2BB2CEA2A7350C8AE5441659EF37CEF7EC6B2CEA ] C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe
17:27:33.0755 0x1be4  BoBrowser - ok
17:27:33.0789 0x1be4  [ B22CB67919EBAD88B0E8BB9CDA446010, 2F744FEAC48EDE7D6B6D2727F7DDFA80B26D9E3B0009741B00992B19AD85E128 ] C:\Windows\system32\StikyNot.exe
17:27:33.0801 0x1be4  RESTART_STICKY_NOTES - ok
17:27:33.0803 0x1be4  Waiting for KSN requests completion. In queue: 21
17:27:34.0828 0x1be4  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x61000 ( enabled : updated )
17:27:34.0837 0x1be4  Win FW state via NFP2: enabled
17:27:37.0686 0x1be4  ============================================================
17:27:37.0686 0x1be4  Scan finished
17:27:37.0686 0x1be4  ============================================================
17:27:37.0710 0x1b74  Detected object count: 0
17:27:37.0710 0x1b74  Actual detected object count: 0
17:28:31.0601 0x0574  Deinitialize success
         
__________________

Alt 24.11.2014, 18:17   #4
myriambb
 
Windows7: Ads by clickup - Standard

Windows7: Ads by clickup



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014 01
Ran by Myriam at 2014-11-24 15:37:34
Running from C:\Users\Myriam\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
BoBrowser (HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\...\BoBrowser) (Version: 36.0.1985.131 - BoBrowser) <==== ATTENTION
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
clicup (HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\...\clicup) (Version: 1.0 - Ad Businness Crown Solutions)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
EasyCash&Tax 2.15 (HKLM-x32\...\EasyCash&Tax_is1) (Version:  - tm)
EasyRide&Tax 2.2 (HKLM-x32\...\EasyRide&Tax_is1) (Version:  - tm)
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.1.0 - Genesys Logic)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3383 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.33 - Intel Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
PDF Creator (HKLM\...\PDF Creator) (Version:  - )
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.806.806.022114 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.80.218.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7188 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0237 - )
RocketTab (HKLM-x32\...\RocketTab) (Version:  - RocketTab) <==== ATTENTION
SaleItCoupon (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - SaleItCoupon) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SmootherWeb (HKU\S-1-5-21-1313315996-2717873473-2842918071-1000 Version: 1.0 - SmootherWeb LLC) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.14563 - TeamViewer)
WindowsMangerProtect20.0.0.1270 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.1270 - WindowsProtect LIMITED) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

12-11-2014 19:54:17 Windows Update
13-11-2014 11:38:36 Removed DriverUpdate
13-11-2014 11:59:44 Removed SlimCleaner Plus
13-11-2014 12:00:02 Removed DriverUpdate
14-11-2014 18:00:03 Windows-Sicherung
17-11-2014 07:26:16 Windows Update
19-11-2014 21:28:36 Windows Update
21-11-2014 18:00:06 Windows-Sicherung
21-11-2014 19:27:12 Windows Update
23-11-2014 11:06:29 Removed Microsoft Silverlight

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {212D6219-4550-4D60-9AB7-BD4DB801AF4E} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {36A7554D-40F5-4CB5-BABB-A2E448252085} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {3DF8667D-2A89-4F3A-B1A9-9F4AB11351BE} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {60C1F26F-1E5F-4360-8546-6B96E644373C} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {93CE497B-B917-44BA-BD64-DE85F685579F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AEB89269-D705-40B9-9C47-A6B8BBAF24CF} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe [2014-11-23] () <==== ATTENTION
Task: {C170EF29-2782-4E21-B0DA-6061E9D6F6E3} - System32\Tasks\RocketTab => cmd.exe /C start "" "C:\Program Files (x86)\Search Extensions\Client.exe" /Preferred=true <==== ATTENTION
Task: {DF19386C-AB80-4284-84EA-B3B8B5B67A56} - System32\Tasks\Digital Sites => C:\Users\Myriam\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2014-11-08] () <==== ATTENTION
Task: {E221BF50-FDC2-4FA2-8DFE-25F0760D9844} - System32\Tasks\Run_Bobby_Browser => C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe [2014-10-22] (The BoBrowser Authors)
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Myriam\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-11-08 11:29 - 2011-10-04 21:43 - 00087552 _____ () C:\Windows\System32\custmon64i.dll
2014-10-18 12:39 - 2014-01-06 17:47 - 00053248 _____ () C:\Windows\SysWOW64\UMonit64.exe
2014-11-23 09:46 - 2014-11-23 09:46 - 05812224 _____ () C:\Program Files (x86)\Search Extensions\Client.exe
2014-10-18 12:41 - 2014-01-22 13:04 - 00084992 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2014-11-23 10:01 - 2014-11-02 10:35 - 00268600 _____ () C:\Windows\SysWOW64\lsdprn.exe
2014-10-18 12:34 - 2013-10-01 16:09 - 00078880 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2014-11-23 09:46 - 2014-10-22 10:35 - 00873472 _____ () C:\Users\Myriam\AppData\Local\BoBrowser\Application\36.0.1985.131\libglesv2.dll
2014-11-23 09:46 - 2014-10-22 10:35 - 00128512 _____ () C:\Users\Myriam\AppData\Local\BoBrowser\Application\36.0.1985.131\libegl.dll
2014-11-23 09:46 - 2014-10-22 10:35 - 00387072 _____ () C:\Users\Myriam\AppData\Local\BoBrowser\Application\36.0.1985.131\ppGoogleNaClPluginChrome.dll
2014-11-23 09:46 - 2014-10-22 10:35 - 02012160 _____ () C:\Users\Myriam\AppData\Local\BoBrowser\Application\36.0.1985.131\ffmpegsumo.dll
2014-10-18 12:35 - 2013-09-04 06:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-11-11 07:00 - 2014-11-11 07:00 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-10-20 07:32 - 2014-10-20 07:32 - 16832176 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Myriam\Downloads\X17-75062.exe:AFP_AfpInfo
AlternateDataStreams: C:\Users\Myriam\Downloads\X17-75062.exe:Mac_Metadata

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1313315996-2717873473-2842918071-500 - Administrator - Disabled)
Gast (S-1-5-21-1313315996-2717873473-2842918071-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1313315996-2717873473-2842918071-1002 - Limited - Enabled)
Myriam (S-1-5-21-1313315996-2717873473-2842918071-1000 - Administrator - Enabled) => C:\Users\Myriam

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/23/2014 00:16:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/23/2014 11:57:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/23/2014 10:01:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.1.0.5423, Zeitstempel: 0x545c0a59
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.1.0.5423, Zeitstempel: 0x545be5ee
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0xaf8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (11/23/2014 09:47:48 AM) (Source: MsiInstaller) (EventID: 11309) (User: Myriam-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.

Error: (11/23/2014 09:46:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.1.0.5423, Zeitstempel: 0x545c0a59
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.1.0.5423, Zeitstempel: 0x545be5ee
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1188
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (11/23/2014 09:35:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 33.1.0.5423, Zeitstempel: 0x545c0a59
Name des fehlerhaften Moduls: mozalloc.dll, Version: 33.1.0.5423, Zeitstempel: 0x545be5ee
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x15e8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (11/22/2014 06:36:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/20/2014 06:39:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2014 10:23:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2014 10:14:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/23/2014 00:16:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "globalUpdate Update Service (globalUpdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/23/2014 00:14:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht.

Error: (11/23/2014 00:10:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Computer Backup (MyPC Backup)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/23/2014 11:58:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "globalUpdate Update Service (globalUpdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/23/2014 11:56:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht.

Error: (11/23/2014 11:56:00 AM) (Source: volmgr) (EventID: 49) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physikalischen Speicher abbilden zu können.

Error: (11/23/2014 09:46:38 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "ClaraUpdater" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (11/22/2014 00:09:04 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{905AFA44-4336-45E6-A9B1-D6C7A57ECB5E}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (11/21/2014 06:10:24 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{905AFA44-4336-45E6-A9B1-D6C7A57ECB5E}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (11/20/2014 11:22:51 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.


Microsoft Office Sessions:
=========================
Error: (11/23/2014 00:16:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/23/2014 11:57:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/23/2014 10:01:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.1.0.5423545c0a59mozalloc.dll33.1.0.5423545be5ee8000000300001425af801d006fbe309974bC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll58ce4ca8-72ef-11e4-ac05-9cad97aa1f76

Error: (11/23/2014 09:47:48 AM) (Source: MsiInstaller) (EventID: 11309) (User: Myriam-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/23/2014 09:46:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.1.0.5423545c0a59mozalloc.dll33.1.0.5423545be5ee8000000300001425118801d006f95de3d8b8C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll3643d75b-72ed-11e4-ac05-9cad97aa1f76

Error: (11/23/2014 09:35:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.1.0.5423545c0a59mozalloc.dll33.1.0.5423545be5ee800000030000142515e801d006f47871de29C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlla364e7eb-72eb-11e4-ac05-9cad97aa1f76

Error: (11/22/2014 06:36:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/20/2014 06:39:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2014 10:23:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2014 10:14:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-4010U CPU @ 1.70GHz
Percentage of memory in use: 54%
Total physical RAM: 4003.95 MB
Available physical RAM: 1839.23 MB
Total Pagefile: 8006.07 MB
Available Pagefile: 5497.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.54 GB) (Free:409.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: D9FA2484)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01
Ran by Myriam (administrator) on MYRIAM-PC on 24-11-2014 15:37:09
Running from C:\Users\Myriam\Downloads
Loaded Profile: Myriam (Available profiles: Myriam)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(clicup) C:\Users\Myriam\AppData\Local\clicup\chrmndr.exe
(The BoBrowser Authors) C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(The BoBrowser Authors) C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe
(The BoBrowser Authors) C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe
(The BoBrowser Authors) C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe
(The BoBrowser Authors) C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe
() C:\Program Files (x86)\Search Extensions\Client.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(ClaraLabs) C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\SysWOW64\lsdprn.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\RtkBleServ.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [UMonit64] => C:\Windows\SysWOW64\UMonit64.exe [53248 2014-01-06] ()
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [216064 2014-01-06] (Realtek Semiconductor Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-06-09] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [mbot_de_300] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\...\Run: [smoother] => C:\Users\Myriam\AppData\Roaming\SmootherWeb\SmootherWeb-Installer.exe [489651 2014-08-27] ()
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\...\Run: [clicup-Agent] => C:\Users\Myriam\AppData\Local\clicup\chrmndr.exe [509424 2014-11-06] (clicup)
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\...\Run: [BoBrowser] => C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe [7348224 2014-10-22] (The BoBrowser Authors)
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\system32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\...\MountPoints2: {995bf4fa-56b4-11e4-82bf-c58847a17502} - E:\LaunchU3.exe -a
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-1313315996-2717873473-2842918071-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1313315996-2717873473-2842918071-1000] => http=127.0.0.1:49203;https=127.0.0.1:49203
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE160AC8BCAEACF01
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1415877113&from=cor&uid=ST500LM000-SSHD-8GB_W760PNH6XXXXW760PNH6&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1415877113&from=cor&uid=ST500LM000-SSHD-8GB_W760PNH6XXXXW760PNH6&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1415877113&from=cor&uid=ST500LM000-SSHD-8GB_W760PNH6XXXXW760PNH6&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1415877113&from=cor&uid=ST500LM000-SSHD-8GB_W760PNH6XXXXW760PNH6&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_secureddownload_14_46_ff&cd=2XzuyEtN2Y1L1Qzuzy0C0A0DzyyB0A0AtC0FyByCyCzy0CyCtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0D0F0D0F0CtAtAtG0AtAyEzytG0ByB0EtDtGyD0DyB0AtGtC0DtBtBtCtDyB0A0FtA0F0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Bzy0Dzy0D0A0BtCtGyBzytC0EtGyEtDzytCtGzytCyB0EtG0F0ByBtD0F0DyCyCyEtB0A0F2Q&cr=1160581219&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_secureddownload_14_46_ff&cd=2XzuyEtN2Y1L1Qzuzy0C0A0DzyyB0A0AtC0FyByCyCzy0CyCtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0D0F0D0F0CtAtAtG0AtAyEzytG0ByB0EtDtGyD0DyB0AtGtC0DtBtBtCtDyB0A0FtA0F0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Bzy0Dzy0D0A0BtCtGyBzytC0EtGyEtDzytCtGzytCyB0EtG0F0ByBtD0F0DyCyCyEtB0A0F2Q&cr=1160581219&ir=
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_45_ff&cd=2XzuyEtN2Y1L1Qzuzy0C0A0DzyyB0A0AtC0FyByCyCzy0CyCtN0D0Tzu0StCtDyEtBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0CyCyD0FyDtD0AtGzztCyD0EtGyEtAtAtAtG0Ezz0BzztGtBtD0F0DyD0CtBzz0EtAyB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Bzy0Dzy0D0A0BtCtGyBzytC0EtGyEtDzytCtGzytCyB0EtG0F0ByBtD0F0DyCyCyEtB0A0F2Q&cr=960638948&ir=
SearchScopes: HKU\S-1-5-21-1313315996-2717873473-2842918071-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_secureddownload_14_46_ff&cd=2XzuyEtN2Y1L1Qzuzy0C0A0DzyyB0A0AtC0FyByCyCzy0CyCtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0D0F0D0F0CtAtAtG0AtAyEzytG0ByB0EtDtGyD0DyB0AtGtC0DtBtBtCtDyB0A0FtA0F0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Bzy0Dzy0D0A0BtCtGyBzytC0EtGyEtDzytCtGzytCyB0EtG0F0ByBtD0F0DyCyCyEtB0A0F2Q&cr=1160581219&ir=
SearchScopes: HKU\S-1-5-21-1313315996-2717873473-2842918071-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_secureddownload_14_46_ff&cd=2XzuyEtN2Y1L1Qzuzy0C0A0DzyyB0A0AtC0FyByCyCzy0CyCtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyD0D0F0D0F0CtAtAtG0AtAyEzytG0ByB0EtDtGyD0DyB0AtGtC0DtBtBtCtDyB0A0FtA0F0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Bzy0Dzy0D0A0BtCtGyBzytC0EtGyEtDzytCtGzytCyB0EtG0F0ByBtD0F0DyCyCyEtB0A0F2Q&cr=1160581219&ir=
SearchScopes: HKU\S-1-5-21-1313315996-2717873473-2842918071-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_45_ff&cd=2XzuyEtN2Y1L1Qzuzy0C0A0DzyyB0A0AtC0FyByCyCzy0CyCtN0D0Tzu0StCtDyEtBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0CyCyD0FyDtD0AtGzztCyD0EtGyEtAtAtAtG0Ezz0BzztGtBtD0F0DyD0CtBzz0EtAyB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Bzy0Dzy0D0A0BtCtGyBzytC0EtGyEtDzytCtGzytCyB0EtG0F0ByBtD0F0DyCyCyEtB0A0F2Q&cr=960638948&ir=
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\1zn4v21r.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\1zn4v21r.default\user.js
FF SearchPlugin: C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\1zn4v21r.default\searchplugins\ixquick-https.xml
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Myriam\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (TinyWallet) - C:\Users\Myriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc [2014-11-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-07] (Realtek Semiconductor Corporation) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [84992 2014-01-22] () [File not signed]
R2 ClaraUpdater; C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe [325744 2014-11-23] (ClaraLabs)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [714208 2014-11-13] (Cherished Technololgy LIMITED)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 lsdprn; C:\Windows\SysWOW64\lsdprn.exe [268600 2014-11-02] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 RtkBleServ; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [42496 2013-04-25] (Realtek Semiconductor Corporation) [File not signed]
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [490640 2014-11-13] (Fuyu LIMITED)
S2 51cdb72; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll",ENT
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [559320 2014-02-18] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3300568 2014-02-20] (Realtek Semiconductor Corporation                           )
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-11-13] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-24 15:34 - 2014-11-24 15:36 - 00022422 _____ () C:\Users\Myriam\Downloads\Addition.txt
2014-11-24 15:33 - 2014-11-24 15:37 - 00017547 _____ () C:\Users\Myriam\Downloads\FRST.txt
2014-11-24 15:33 - 2014-11-24 15:37 - 00000000 ____D () C:\FRST
2014-11-24 15:30 - 2014-11-24 15:30 - 02118144 _____ (Farbar) C:\Users\Myriam\Downloads\FRST64.exe
2014-11-24 15:29 - 2014-11-24 15:29 - 00000000 ____D () C:\Users\Myriam\Downloads\Empf von TrojanerBoard
2014-11-24 15:26 - 2014-11-24 15:26 - 00000000 _____ () C:\Users\Myriam\defogger_reenable
2014-11-23 11:49 - 2014-11-23 11:49 - 00004018 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-11-23 11:47 - 2014-11-23 11:47 - 00000000 ____D () C:\ProgramData\600440862
2014-11-23 10:06 - 2014-11-23 10:06 - 00000000 ____D () C:\Users\Myriam\AppData\Roaming\QuickScan
2014-11-23 10:05 - 2014-11-23 12:13 - 00000000 ____D () C:\Program Files (x86)\PC Speed Up
2014-11-23 10:04 - 2014-11-23 10:04 - 00000000 ____D () C:\Program Files (x86)\predm
2014-11-23 10:03 - 2014-11-23 12:14 - 00000442 __RSH () C:\ProgramData\ntuser.pol
2014-11-23 10:03 - 2014-11-23 12:14 - 00000000 ____D () C:\ProgramData\TinyWallet
2014-11-23 10:03 - 2014-11-23 12:08 - 00000000 ____D () C:\Program Files (x86)\TinyWallet
2014-11-23 10:03 - 2014-11-23 10:26 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Google
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Torch
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Comodo
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Chromatic Browser
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Gast
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Administrator
2014-11-23 10:01 - 2014-11-23 12:09 - 00000000 ____D () C:\Program Files\shopperz
2014-11-23 10:01 - 2014-11-02 10:35 - 00268600 _____ () C:\Windows\SysWOW64\lsdprn.exe
2014-11-23 09:48 - 2014-11-23 09:48 - 00003150 _____ () C:\Windows\System32\Tasks\Run_Bobby_Browser
2014-11-23 09:47 - 2014-11-24 09:52 - 00000958 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-11-23 09:47 - 2014-11-24 09:52 - 00000954 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-11-23 09:47 - 2014-11-23 09:47 - 00003956 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-11-23 09:47 - 2014-11-23 09:47 - 00003702 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-11-23 09:47 - 2014-11-23 09:47 - 00000000 ____D () C:\Users\Myriam\AppData\Local\globalUpdate
2014-11-23 09:46 - 2014-11-23 09:48 - 00000000 ____D () C:\Users\Myriam\AppData\Local\BoBrowser
2014-11-23 09:46 - 2014-11-23 09:46 - 00004328 _____ () C:\Windows\System32\Tasks\RocketTab Update Task
2014-11-23 09:46 - 2014-11-23 09:46 - 00003542 _____ () C:\Windows\System32\Tasks\RocketTab
2014-11-23 09:46 - 2014-11-23 09:46 - 00000000 ____D () C:\Program Files (x86)\Search Extensions
2014-11-23 09:44 - 2014-11-23 11:56 - 00000000 ____D () C:\Program Files (x86)\FLVM Player
2014-11-23 09:35 - 2014-11-23 12:14 - 00000000 ____D () C:\Users\Myriam\AppData\Roaming\SmootherWeb
2014-11-23 09:35 - 2014-11-23 09:35 - 00001831 _____ () C:\Windows\patsearch.bin
2014-11-23 09:35 - 2014-11-23 09:35 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrT_01009.Wdf
2014-11-23 09:35 - 2014-11-23 09:35 - 00000000 ____D () C:\Users\Myriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmootherWeb
2014-11-23 09:35 - 2014-11-23 09:35 - 00000000 ____D () C:\Users\Myriam\AppData\Local\clicup
2014-11-23 09:35 - 2014-11-23 09:35 - 00000000 ____D () C:\SmootherWeb
2014-11-23 09:32 - 2014-11-23 09:32 - 00593992 _____ (didico conscientia argumentum meretrix) C:\Users\Myriam\Downloads\Adobe%20Flash%20Player%20IE.exe
2014-11-22 14:53 - 2014-11-22 14:53 - 09665384 _____ () C:\Users\Myriam\Documents\Regale voller GoldBarren  Focus online.odt
2014-11-22 07:34 - 2014-11-22 07:34 - 00123537 _____ () C:\Users\Myriam\Documents\Kühe.odt
2014-11-22 07:30 - 2014-11-22 07:36 - 01046283 _____ () C:\Users\Myriam\Documents\Schweine.odt
2014-11-21 14:01 - 2014-11-21 14:18 - 120739128 _____ (Landesfinanzdirektion Thüringen) C:\Users\Myriam\Downloads\ElsterFormular-15.3.20141106u.exe
2014-11-19 14:28 - 2014-11-19 14:28 - 00952124 _____ () C:\Users\Myriam\Desktop\Audi Schätzung Nov'14.odt
2014-11-19 13:34 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 13:34 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 13:34 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 13:34 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 11:22 - 2014-11-18 11:22 - 00494259 _____ () C:\Users\Myriam\Desktop\NADH.odt
2014-11-18 11:10 - 2014-11-18 11:16 - 00017058 _____ () C:\Users\Myriam\Desktop\Serotonin.odt
2014-11-15 21:45 - 2014-11-15 21:45 - 00004700 _____ () C:\Users\Myriam\Downloads\Lass deine Augen das Beste sehen.odt
2014-11-13 19:46 - 2014-11-13 19:46 - 00006569 _____ () C:\Users\Myriam\Documents\Impressum.odt
2014-11-13 12:55 - 2014-11-13 12:55 - 00000000 ____D () C:\Users\Myriam\Documents\Fax
2014-11-13 12:53 - 2014-11-13 12:53 - 00792796 _____ () C:\Users\Myriam\Documents\141114 veraltete Treiber.odt
2014-11-13 12:52 - 2014-11-13 12:52 - 00223511 _____ () C:\Users\Myriam\Documents\141114 Erstattung Trixie Maulschlaufe.odt
2014-11-13 12:24 - 2014-11-13 12:24 - 00003152 _____ () C:\Windows\System32\Tasks\{D4059A91-59EB-4BD4-8D46-E7191558AA7A}
2014-11-13 12:22 - 2014-11-13 12:54 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Vosteran
2014-11-13 12:16 - 2014-11-13 12:16 - 00000000 ____D () C:\Users\Myriam\Documents\PC Speed Maximizer
2014-11-13 12:13 - 2014-11-13 12:13 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-11-13 12:12 - 2014-11-13 12:12 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-11-13 12:10 - 2014-11-13 12:10 - 05798968 _____ (Innovative Solutions ) C:\Users\Myriam\Downloads\hp-treiber.exe
2014-11-13 12:10 - 2014-11-13 12:10 - 00000000 __SHD () C:\Users\Myriam\AppData\Local\EmieBrowserModeList
2014-11-13 12:08 - 2014-11-13 12:08 - 00825248 _____ ( ) C:\Users\Myriam\Downloads\hp-treiber_setup.exe
2014-11-13 11:52 - 2014-11-13 12:12 - 00000000 ____D () C:\Users\Myriam\AppData\Roaming\DriverTurbo
2014-11-13 11:51 - 2014-11-13 11:52 - 00231952 _____ () C:\Users\Myriam\Downloads\DriverTurboSetup.exe
2014-11-12 06:55 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 06:55 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 06:55 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 06:55 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 06:55 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 06:55 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 06:55 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 06:55 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 06:55 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 06:55 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 06:55 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 06:55 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 06:55 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 06:55 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 06:55 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 06:55 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 06:55 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 06:55 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 06:55 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 06:55 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 06:55 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 06:55 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 06:55 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 06:55 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 06:55 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 06:55 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 06:55 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 06:55 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 06:55 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 06:55 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 06:55 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 06:55 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 06:55 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 06:55 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 06:55 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 06:55 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 06:55 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 06:55 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 06:55 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 06:55 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 06:55 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 06:55 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 06:55 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 06:55 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 06:55 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 06:55 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 06:55 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 06:55 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 06:55 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 06:55 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 06:55 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 06:55 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 06:55 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 06:55 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 06:55 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 06:55 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 06:53 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 06:53 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 06:53 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 06:53 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 06:53 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 06:53 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 06:53 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 06:53 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 06:53 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 06:53 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 06:53 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 06:53 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 06:48 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 06:48 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 06:48 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 06:48 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 06:48 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 06:48 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 06:48 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 06:48 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 06:48 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 06:48 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 06:48 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 06:48 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 06:48 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 06:48 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 06:48 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 06:48 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 06:48 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 06:48 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 06:48 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 06:48 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 06:48 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 22:54 - 2014-11-11 22:54 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-11-11 22:52 - 2014-11-11 22:54 - 13829880 _____ (Adobe Systems Inc.) C:\Users\Myriam\Downloads\Shockwave_Installer_Full.exe
2014-11-11 07:00 - 2014-11-11 07:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-10 11:57 - 2014-11-10 21:10 - 00005558 _____ () C:\Users\Myriam\Documents\Hundespiel.odt
2014-11-10 06:58 - 2014-11-10 06:58 - 00004809 _____ () C:\Users\Myriam\Documents\Kfz in der BF  6 Absatz 1 Nr.odt
2014-11-09 19:42 - 2014-11-09 19:42 - 00000000 ____D () C:\Users\Myriam\AppData\Local\PDF24
2014-11-09 19:41 - 2014-11-09 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2014-11-09 19:41 - 2014-11-09 19:41 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-11-09 10:10 - 2014-11-09 19:25 - 00005619 _____ () C:\Users\Myriam\Desktop\Liebe Devani.odt
2014-11-08 17:18 - 2014-11-08 17:18 - 00000000 ____D () C:\Program Files (x86)\downloaditkeep
2014-11-08 12:45 - 2014-11-24 09:35 - 00000094 _____ () C:\Users\Myriam\AppData\Roaming\WB.CFG
2014-11-08 12:14 - 2014-11-23 11:47 - 00000000 ____D () C:\ProgramData\374311380
2014-11-08 12:12 - 2014-11-13 12:54 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-11-08 12:09 - 2014-11-23 12:08 - 00000000 ____D () C:\ProgramData\2fa710b654abf508
2014-11-08 12:09 - 2014-11-12 06:26 - 00000000 ____D () C:\ProgramData\downloaditkeep
2014-11-08 12:09 - 2014-11-08 12:09 - 00000000 ____D () C:\ProgramData\SaleItCoupon
2014-11-08 11:49 - 2014-11-08 12:03 - 00000000 ____D () C:\Users\Myriam\AppData\Local\CUSTPDF Writer
2014-11-08 11:45 - 2014-11-24 14:45 - 00000296 _____ () C:\Windows\Tasks\Digital Sites.job
2014-11-08 11:45 - 2014-11-08 11:45 - 00003240 _____ () C:\Windows\System32\Tasks\Digital Sites
2014-11-08 11:45 - 2014-11-08 11:45 - 00000000 ____D () C:\Users\Myriam\AppData\Roaming\DigitalSites
2014-11-08 11:39 - 2014-11-13 12:15 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Downloaded Installers
2014-11-08 11:39 - 2014-11-08 11:39 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc
2014-11-08 11:36 - 2014-11-13 13:01 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2014-11-08 11:36 - 2014-11-13 12:12 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-11-08 11:36 - 2014-11-08 11:36 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-11-08 11:36 - 2014-11-08 11:36 - 00000000 ____D () C:\Users\Myriam\AppData\Local\SlimWare Utilities Inc
2014-11-08 11:34 - 2014-11-08 11:34 - 00000000 ____D () C:\Users\Myriam\Documents\Optimizer Pro
2014-11-08 11:31 - 2014-11-08 11:31 - 00000000 __SHD () C:\Users\Myriam\AppData\Local\EmieUserList
2014-11-08 11:31 - 2014-11-08 11:31 - 00000000 __SHD () C:\Users\Myriam\AppData\Local\EmieSiteList
2014-11-08 11:29 - 2014-11-08 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Creator
2014-11-08 11:29 - 2014-11-08 11:29 - 00000000 ____D () C:\Program Files\PDFCreator
2014-11-08 11:29 - 2014-11-08 11:29 - 00000000 ____D () C:\Program Files (x86)\PDF Creator
2014-11-08 11:29 - 2014-11-08 11:29 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-11-08 11:29 - 2011-10-04 21:43 - 00087552 _____ () C:\Windows\system32\custmon64i.dll
2014-11-08 11:25 - 2014-11-08 11:25 - 00812160 _____ ( ) C:\Users\Myriam\Downloads\PdfCreatorSetup.exe
2014-11-02 19:20 - 2014-11-02 19:22 - 00011776 ___SH () C:\Users\Myriam\Documents\Thumbs.db
2014-11-02 18:24 - 2014-11-02 19:18 - 58885280 _____ () C:\Users\Myriam\Documents\Gute Energie 141102 NutzenFußnote.pptx
2014-10-31 11:23 - 2014-10-31 11:24 - 05033168 _____ (Lenovo Group Limited ) C:\Users\Myriam\Downloads\a3ub03w7.exe
2014-10-31 07:12 - 2014-10-31 07:12 - 00000000 ____D () C:\ProgramData\EasyCash&Tax
2014-10-31 06:14 - 2014-11-20 21:32 - 00000000 ____D () C:\Users\Myriam\Documents\EC&T KontenDateien Einst
2014-10-30 22:33 - 2014-10-30 22:33 - 00003036 _____ () C:\Windows\System32\Tasks\{F21E1B53-A4BF-42A2-965F-D8F872357334}
2014-10-30 07:45 - 2014-10-30 08:19 - 00000000 ____D () C:\Users\Myriam\Programme
2014-10-29 21:58 - 2014-10-29 22:03 - 307709680 _____ () C:\Users\Myriam\Downloads\OJJ4500_Full_13.exe
2014-10-29 18:10 - 2014-10-29 18:10 - 00000000 ____D () C:\Users\Myriam\Documents\OneNote-Notizbücher
2014-10-29 12:17 - 2014-10-29 12:17 - 01825672 _____ () C:\Users\Myriam\Documents\141029 Erklärung Datenschutz.odt
2014-10-29 10:09 - 2014-10-29 10:09 - 00000000 ____D () C:\Users\Myriam\Downloads\Neuer Ordner
2014-10-29 09:37 - 2014-10-29 12:11 - 00043265 _____ () C:\Users\Myriam\Documents\Bild Löwe Regulus von Devani.odt
2014-10-28 11:32 - 2014-10-28 11:32 - 01189723 _____ () C:\Users\Myriam\Desktop\141028 Dame...Herr.odt
2014-10-27 09:28 - 2014-11-12 20:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-27 09:27 - 2014-11-12 20:55 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-24 15:26 - 2014-10-17 20:16 - 00000000 ____D () C:\Users\Myriam
2014-11-24 15:22 - 2014-10-18 13:18 - 00000000 ____D () C:\Users\Myriam\Documents\Outlook-Dateien
2014-11-24 14:35 - 2014-10-18 02:10 - 01751308 _____ () C:\Windows\WindowsUpdate.log
2014-11-23 18:32 - 2009-07-14 05:51 - 00033196 _____ () C:\Windows\setupact.log
2014-11-23 12:21 - 2009-07-14 05:45 - 00032768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-23 12:21 - 2009-07-14 05:45 - 00032768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-23 12:19 - 2011-04-12 08:43 - 00698926 _____ () C:\Windows\system32\perfh007.dat
2014-11-23 12:19 - 2011-04-12 08:43 - 00149034 _____ () C:\Windows\system32\perfc007.dat
2014-11-23 12:19 - 2009-07-14 06:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-23 12:14 - 2014-10-18 12:46 - 00222619 _____ () C:\Users\Myriam\AppData\Local\BTServer.log
2014-11-23 12:14 - 2010-11-21 04:47 - 00044576 _____ () C:\Windows\PFRO.log
2014-11-23 12:14 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-23 11:52 - 2014-04-26 08:21 - 00000000 ____D () C:\Users\Myriam\Downloads\exe Betrieb
2014-11-23 10:03 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-11-23 10:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-11-23 09:39 - 2014-10-18 13:03 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Adobe
2014-11-22 22:01 - 2014-10-20 13:08 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{01AB2F2F-7029-49A9-8627-BE87BF065232}
2014-11-22 07:50 - 2014-10-21 12:59 - 00000000 ____D () C:\Users\Myriam\Documents\DVDVideoSoft
2014-11-20 19:41 - 2014-10-18 12:52 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Microsoft Help
2014-11-19 14:21 - 2014-10-19 15:04 - 00000416 _____ () C:\Windows\BRWMARK.INI
2014-11-19 14:21 - 2014-10-19 15:04 - 00000034 _____ () C:\Windows\SysWOW64\BD2030.DAT
2014-11-14 16:18 - 2011-04-12 08:54 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-13 21:50 - 2014-10-20 08:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyCash
2014-11-13 21:50 - 2014-10-20 08:07 - 00000000 ____D () C:\Program Files (x86)\EasyCash&Tax
2014-11-13 13:23 - 2014-10-20 15:21 - 00002480 _____ () C:\ProgramData\hpzinstall.log
2014-11-13 08:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 07:06 - 2014-10-18 13:04 - 00086552 _____ () C:\Users\Myriam\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-13 07:05 - 2009-07-14 05:45 - 00342576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 07:03 - 2014-10-20 08:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 21:02 - 2014-10-18 12:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 06:26 - 2014-10-18 12:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-02 14:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-10-30 12:25 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 14:26 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp

Some content of TEMP:
====================
C:\Users\Myriam\AppData\Local\Temp\18be6784_.exe
C:\Users\Myriam\AppData\Local\Temp\294823_.exe
C:\Users\Myriam\AppData\Local\Temp\6BDF3DD2-CCEB-FD7D-9453-9BAE6B457C58.dll
C:\Users\Myriam\AppData\Local\Temp\6BDF3DD2-CCEB-FD7D-9453-9BAE6B457C58.exe
C:\Users\Myriam\AppData\Local\Temp\8DC39D87-7260-3704-13E1-E3ED4E9AD4B9.exe
C:\Users\Myriam\AppData\Local\Temp\CloudBackup4115.exe
C:\Users\Myriam\AppData\Local\Temp\DllMonoCtrl.dll
C:\Users\Myriam\AppData\Local\Temp\install_flashplayer15x32_mssd_aaa_aih.exe
C:\Users\Myriam\AppData\Local\Temp\optprosetup.exe
C:\Users\Myriam\AppData\Local\Temp\scpCEE0.tmp.exe
C:\Users\Myriam\AppData\Local\Temp\scpDA0F.tmp.exe
C:\Users\Myriam\AppData\Local\Temp\sprz.exe
C:\Users\Myriam\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Myriam\AppData\Local\Temp\System.Data.SQLite50142.dll
C:\Users\Myriam\AppData\Local\Temp\System.Data.SQLite57062.dll
C:\Users\Myriam\AppData\Local\Temp\System.Data.SQLite68303.dll
C:\Users\Myriam\AppData\Local\Temp\System.Data.SQLite75878.dll
C:\Users\Myriam\AppData\Local\Temp\System.Data.SQLite90450.dll
C:\Users\Myriam\AppData\Local\Temp\System.Data.SQLite98387.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 00:17

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-24 15:52:48
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST500LM000-SSHD-8GB rev.LVD3 465.76GB
Running: Gmer-19357.exe; Driver: C:\Users\Myriam\AppData\Local\Temp\ugdiypod.sys


---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                                                                                     unknown MBR code
---- Processes - GMER 2.1 ----

Library  c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{969E367D-5C3C-4C43-9DE0-E39E52FBB8F2}\offreg.dll (*** suspicious ***) @ c:\Program Files\Microsoft Security Client\MsMpEng.exe [940] (FILE NOT FOUND)  000007fefb930000
Process  C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe (*** suspicious ***) @ C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe [3060] (BoBrowser/The BoBrowser Authors)(2014-11-23 08:46:37)  0000000001230000
Process  C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe (*** suspicious ***) @ C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe [3132] (BoBrowser/The BoBrowser Authors)(2014-11-23 08:46:37)  0000000001230000
Process  C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe (*** suspicious ***) @ C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe [3232] (BoBrowser/The BoBrowser Authors)(2014-11-23 08:46:37)  0000000001230000
Process  C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe (*** suspicious ***) @ C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe [3312] (BoBrowser/The BoBrowser Authors)(2014-11-23 08:46:37)  0000000001230000
Process  C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe (*** suspicious ***) @ C:\Users\Myriam\AppData\Local\BoBrowser\Application\bobrowser.exe [3348] (BoBrowser/The BoBrowser Authors)(2014-11-23 08:46:37)  0000000001230000

---- EOF - GMER 2.1 ----
         
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:27 on 24/11/2014 (Myriam)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         

Alt 25.11.2014, 15:58   #5
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7: Ads by clickup - Standard

Windows7: Ads by clickup



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    BoBrowser

    RocketTab

    SaleItCoupon

    WindowsMangerProtect20.0.0.1270 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.1270 - WindowsProtect LIMITED) <==== ATTENTION


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 26.11.2014, 08:38   #6
myriambb
 
Windows7: Ads by clickup - Standard

Windows7: Ads by clickup



Hei. und hier das nächste File

Combofix Logfile:
Code:
ATTFilter
ComboFix 14-11-25.01 - Myriam 25.11.2014  20:09:38.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4004.1993 [GMT 1:00]
ausgeführt von:: c:\users\Myriam\Desktop\TrojanerBoard\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\374311380
c:\programdata\600440862
c:\programdata\600440862\BITD83E.tmp
c:\programdata\IePluginServices
c:\programdata\IePluginServices\PluginService.exe
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Myriam\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Myriam\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Myriam\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Myriam\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Myriam\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Myriam\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Myriam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Myriam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Myriam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Myriam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Myriam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Myriam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Myriam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Myriam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Myriam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Myriam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Myriam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Myriam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Myriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Myriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Myriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Myriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Myriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Myriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Myriam\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Myriam\AppData\Local\Microsoft\Windows\Temporary Internet Files\{083ED59A-14A3-4949-93B0-3D6888673049}.xps
c:\users\Myriam\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F137B42A-F920-4F70-9AC9-AB3BBE3AE1D0}.xps
c:\users\Myriam\AppData\Local\Microsoft\Windows\Temporary Internet Files\BrowseStudio_iels
c:\users\Myriam\AppData\Local\Microsoft\Windows\Temporary Internet Files\EnterDigital_iels
c:\users\Myriam\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Myriam\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Myriam\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Myriam\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Myriam\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Myriam\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_globalUpdate
-------\Service_IePluginServices
-------\Service_IePluginServices
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-10-25 bis 2014-11-25  ))))))))))))))))))))))))))))))
.
.
2014-11-25 19:14 . 2014-11-25 19:14	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-11-25 18:42 . 2014-11-25 18:42	--------	d-----w-	c:\program files (x86)\VS Revo Group
2014-11-25 07:26 . 2014-11-02 04:20	11632448	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B44CAE7C-519C-46AD-A6E5-A08565E227E6}\mpengine.dll
2014-11-24 14:33 . 2014-11-24 14:49	--------	d-----w-	C:\FRST
2014-11-24 07:17 . 2014-11-02 04:20	11632448	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-23 09:06 . 2014-11-23 09:06	--------	d-----w-	c:\users\Myriam\AppData\Roaming\QuickScan
2014-11-23 09:05 . 2014-11-23 11:13	--------	d-----w-	c:\program files (x86)\PC Speed Up
2014-11-23 09:04 . 2014-11-23 09:04	--------	d-----w-	c:\program files (x86)\predm
2014-11-23 09:03 . 2014-11-23 11:14	--------	d-----w-	c:\programdata\TinyWallet
2014-11-23 09:03 . 2014-11-23 11:08	--------	d-----w-	c:\program files (x86)\TinyWallet
2014-11-23 09:03 . 2014-11-23 09:03	--------	d-----w-	c:\users\Myriam\AppData\Local\Chromatic Browser
2014-11-23 09:03 . 2014-11-23 09:26	--------	d-----w-	c:\users\Myriam\AppData\Local\Google
2014-11-23 09:03 . 2014-11-23 09:03	--------	d-----w-	c:\users\Myriam\AppData\Local\Torch
2014-11-23 09:03 . 2014-11-23 09:03	--------	d-----w-	c:\users\Myriam\AppData\Local\Comodo
2014-11-23 09:03 . 2014-11-23 09:03	--------	d-----w-	c:\users\HomeGroupUser$
2014-11-23 09:03 . 2014-11-23 09:03	--------	d-----w-	c:\users\Gast
2014-11-23 09:03 . 2014-11-23 09:03	--------	d-----w-	c:\users\Administrator
2014-11-23 09:01 . 2014-11-02 09:35	268600	----a-w-	c:\windows\SysWow64\lsdprn.exe
2014-11-23 09:01 . 2014-11-23 11:09	--------	d-----w-	c:\program files\shopperz
2014-11-23 08:47 . 2014-11-23 08:47	--------	d-----w-	c:\users\Myriam\AppData\Local\globalUpdate
2014-11-23 08:46 . 2014-11-25 18:45	--------	d-----w-	c:\users\Myriam\AppData\Local\BoBrowser
2014-11-23 08:44 . 2014-11-23 10:56	--------	d-----w-	c:\program files (x86)\FLVM Player
2014-11-23 08:35 . 2014-11-23 08:35	--------	d-----w-	C:\SmootherWeb
2014-11-23 08:35 . 2014-11-23 08:35	1831	----a-w-	c:\windows\patsearch.bin
2014-11-23 08:35 . 2014-11-23 11:14	--------	d-----w-	c:\users\Myriam\AppData\Roaming\SmootherWeb
2014-11-21 19:27 . 2014-11-21 19:27	--------	d-----w-	c:\windows\SysWow64\Wat
2014-11-21 19:27 . 2014-11-21 19:27	--------	d-----w-	c:\windows\system32\Wat
2014-11-21 12:08 . 2014-09-10 14:30	1188440	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{32681454-5B44-4861-9D3D-A97E38BB6508}\gapaengine.dll
2014-11-19 12:34 . 2014-11-11 03:08	241152	----a-w-	c:\windows\system32\pku2u.dll
2014-11-19 12:34 . 2014-11-11 03:08	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-11-19 12:34 . 2014-11-11 02:44	186880	----a-w-	c:\windows\SysWow64\pku2u.dll
2014-11-19 12:34 . 2014-11-11 02:44	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-11-19 09:20 . 2014-11-19 09:20	--------	d-----w-	c:\users\Myriam\AppData\Local\ElevatedDiagnostics
2014-11-13 11:22 . 2014-11-13 11:54	--------	d-----w-	c:\users\Myriam\AppData\Local\Vosteran
2014-11-13 11:10 . 2014-11-13 11:10	--------	d-sh--w-	c:\users\Myriam\AppData\Local\EmieBrowserModeList
2014-11-13 10:52 . 2014-11-13 11:12	--------	d-----w-	c:\users\Myriam\AppData\Roaming\DriverTurbo
2014-11-12 05:53 . 2014-11-05 17:56	304640	----a-w-	c:\windows\system32\generaltel.dll
2014-11-12 05:53 . 2014-11-05 17:56	228864	----a-w-	c:\windows\system32\aepdu.dll
2014-11-12 05:53 . 2014-11-05 17:52	424448	----a-w-	c:\windows\system32\aeinv.dll
2014-11-12 05:53 . 2014-10-14 02:16	155064	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2014-11-12 05:53 . 2014-10-14 02:13	683520	----a-w-	c:\windows\system32\termsrv.dll
2014-11-12 05:53 . 2014-10-14 02:07	681984	----a-w-	c:\windows\system32\adtschema.dll
2014-11-12 05:53 . 2014-10-14 01:46	681984	----a-w-	c:\windows\SysWow64\adtschema.dll
2014-11-12 05:53 . 2014-10-14 02:12	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-11-12 05:53 . 2014-10-14 02:09	146432	----a-w-	c:\windows\system32\msaudite.dll
2014-11-12 05:53 . 2014-10-14 01:50	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-11-12 05:53 . 2014-10-14 01:49	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2014-11-12 05:53 . 2014-10-14 01:47	146432	----a-w-	c:\windows\SysWow64\msaudite.dll
2014-11-11 21:54 . 2014-11-11 21:54	--------	d-----w-	c:\windows\SysWow64\Adobe
2014-11-09 18:42 . 2014-11-09 18:42	--------	d-----w-	c:\users\Myriam\AppData\Local\PDF24
2014-11-09 18:41 . 2014-11-09 18:41	--------	d-----w-	c:\program files (x86)\PDF24
2014-11-08 16:18 . 2014-11-08 16:18	--------	d-----w-	c:\program files (x86)\downloaditkeep
2014-11-08 11:12 . 2014-11-13 11:54	--------	d-----w-	c:\windows\system32\appmgmt
2014-11-08 11:09 . 2014-11-12 05:26	--------	d-----w-	c:\programdata\downloaditkeep
2014-11-08 11:09 . 2014-11-23 11:08	--------	d-----w-	c:\programdata\2fa710b654abf508
2014-11-08 10:49 . 2014-11-08 11:03	--------	d-----w-	c:\users\Myriam\AppData\Local\CUSTPDF Writer
2014-11-08 10:45 . 2014-11-08 10:45	--------	d-----w-	c:\users\Myriam\AppData\Roaming\DigitalSites
2014-11-08 10:39 . 2014-11-08 10:39	--------	d-----w-	c:\programdata\SlimWare Utilities Inc
2014-11-08 10:39 . 2014-11-13 11:15	--------	d-----w-	c:\users\Myriam\AppData\Local\Downloaded Installers
2014-11-08 10:36 . 2014-11-13 11:12	16152	----a-w-	c:\windows\system32\drivers\SWDUMon.sys
2014-11-08 10:36 . 2014-11-08 10:36	--------	d-----w-	c:\users\Myriam\AppData\Local\SlimWare Utilities Inc
2014-11-08 10:36 . 2014-11-13 12:01	--------	d-----w-	c:\program files (x86)\DriverUpdate
2014-11-08 10:31 . 2014-11-08 10:31	--------	d-sh--w-	c:\users\Myriam\AppData\Local\EmieUserList
2014-11-08 10:31 . 2014-11-08 10:31	--------	d-sh--w-	c:\users\Myriam\AppData\Local\EmieSiteList
2014-11-08 10:29 . 2014-11-08 10:29	--------	d-----w-	c:\program files (x86)\GPLGS
2014-11-08 10:29 . 2011-10-04 20:43	87552	----a-w-	c:\windows\system32\custmon64i.dll
2014-11-08 10:29 . 2014-11-08 10:29	--------	d-----w-	c:\program files\PDFCreator
2014-11-08 10:29 . 2014-11-08 10:29	--------	d-----w-	c:\program files (x86)\PDF Creator
2014-11-02 13:56 . 2014-09-10 14:30	1188440	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-10-31 06:12 . 2014-10-31 06:12	--------	d-----w-	c:\programdata\EasyCash&Tax
2014-10-31 05:00 . 2014-10-31 05:00	--------	d-----w-	c:\users\Myriam\AppData\Local\Diagnostics
2014-10-30 06:45 . 2014-10-30 07:19	--------	d-----w-	c:\users\Myriam\Programme
2014-10-27 08:28 . 2014-11-12 19:57	--------	d-----w-	c:\windows\system32\MRT
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-30 11:25 . 2010-11-21 03:27	275080	------w-	c:\windows\system32\MpSigStub.exe
2014-10-20 06:32 . 2014-10-20 06:32	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-20 06:32 . 2014-10-20 06:32	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-20 06:29 . 2014-10-20 06:29	194048	----a-w-	c:\windows\SysWow64\elshyph.dll
2014-10-20 06:29 . 2014-10-20 06:29	71680	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-10-20 06:29 . 2014-10-20 06:29	645120	----a-w-	c:\windows\SysWow64\jsIntl.dll
2014-10-20 06:29 . 2014-10-20 06:29	62464	----a-w-	c:\windows\SysWow64\tdc.ocx
2014-10-20 06:29 . 2014-10-20 06:29	337408	----a-w-	c:\windows\SysWow64\html.iec
2014-10-20 06:29 . 2014-10-20 06:29	235008	----a-w-	c:\windows\system32\elshyph.dll
2014-10-20 06:29 . 2014-10-20 06:29	182272	----a-w-	c:\windows\SysWow64\msls31.dll
2014-10-20 06:29 . 2014-10-20 06:29	36352	----a-w-	c:\windows\SysWow64\imgutil.dll
2014-10-20 06:29 . 2014-10-20 06:29	24576	----a-w-	c:\windows\SysWow64\licmgr10.dll
2014-10-20 06:29 . 2014-10-20 06:29	151552	----a-w-	c:\windows\SysWow64\iexpress.exe
2014-10-20 06:29 . 2014-10-20 06:29	139264	----a-w-	c:\windows\SysWow64\wextract.exe
2014-10-20 06:29 . 2014-10-20 06:29	13312	----a-w-	c:\windows\SysWow64\mshta.exe
2014-10-20 06:29 . 2014-10-20 06:29	111616	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2014-10-20 06:29 . 2014-10-20 06:29	942592	----a-w-	c:\windows\system32\jsIntl.dll
2014-10-20 06:29 . 2014-10-20 06:29	86016	----a-w-	c:\windows\SysWow64\iesysprep.dll
2014-10-20 06:29 . 2014-10-20 06:29	86016	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2014-10-20 06:29 . 2014-10-20 06:29	74240	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2014-10-20 06:29 . 2014-10-20 06:29	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2014-10-20 06:29 . 2014-10-20 06:29	247808	----a-w-	c:\windows\system32\msls31.dll
2014-10-20 06:29 . 2014-10-20 06:29	90112	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2014-10-20 06:29 . 2014-10-20 06:29	81408	----a-w-	c:\windows\system32\icardie.dll
2014-10-20 06:29 . 2014-10-20 06:29	77312	----a-w-	c:\windows\system32\tdc.ocx
2014-10-20 06:29 . 2014-10-20 06:29	616104	----a-w-	c:\windows\system32\ieapfltr.dat
2014-10-20 06:29 . 2014-10-20 06:29	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2014-10-20 06:29 . 2014-10-20 06:29	48640	----a-w-	c:\windows\system32\mshtmler.dll
2014-10-20 06:29 . 2014-10-20 06:29	413696	----a-w-	c:\windows\system32\html.iec
2014-10-20 06:29 . 2014-10-20 06:29	235520	----a-w-	c:\windows\system32\url.dll
2014-10-20 06:29 . 2014-10-20 06:29	13312	----a-w-	c:\windows\system32\msfeedssync.exe
2014-10-20 06:29 . 2014-10-20 06:29	131072	----a-w-	c:\windows\system32\IEAdvpack.dll
2014-10-20 06:29 . 2014-10-20 06:29	105984	----a-w-	c:\windows\system32\iesysprep.dll
2014-10-20 06:29 . 2014-10-20 06:29	774144	----a-w-	c:\windows\system32\jscript.dll
2014-10-20 06:29 . 2014-10-20 06:29	62464	----a-w-	c:\windows\system32\pngfilt.dll
2014-10-20 06:29 . 2014-10-20 06:29	48128	----a-w-	c:\windows\system32\imgutil.dll
2014-10-20 06:29 . 2014-10-20 06:29	30208	----a-w-	c:\windows\system32\licmgr10.dll
2014-10-20 06:29 . 2014-10-20 06:29	243200	----a-w-	c:\windows\system32\webcheck.dll
2014-10-20 06:29 . 2014-10-20 06:29	167424	----a-w-	c:\windows\system32\iexpress.exe
2014-10-20 06:29 . 2014-10-20 06:29	147968	----a-w-	c:\windows\system32\occache.dll
2014-10-20 06:29 . 2014-10-20 06:29	143872	----a-w-	c:\windows\system32\wextract.exe
2014-10-20 06:29 . 2014-10-20 06:29	13824	----a-w-	c:\windows\system32\mshta.exe
2014-10-20 06:29 . 2014-10-20 06:29	135680	----a-w-	c:\windows\system32\iepeers.dll
2014-10-20 06:29 . 2014-10-20 06:29	101376	----a-w-	c:\windows\system32\inseng.dll
2014-10-20 06:17 . 2014-10-20 06:17	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2014-10-20 06:17 . 2014-10-20 06:17	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2014-10-20 06:17 . 2014-10-20 06:17	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	1682432	----a-w-	c:\windows\system32\XpsPrint.dll
2014-10-20 06:17 . 2014-10-20 06:17	1158144	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2014-10-20 06:17 . 2014-10-20 06:17	10752	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2014-10-20 06:17 . 2014-10-20 06:17	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2014-10-20 06:17 . 2014-10-20 06:17	363008	----a-w-	c:\windows\system32\dxgi.dll
2014-10-20 06:17 . 2014-10-20 06:17	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2014-10-20 06:17 . 2014-10-20 06:17	296960	----a-w-	c:\windows\system32\d3d10core.dll
2014-10-20 06:17 . 2014-10-20 06:17	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
2014-10-20 06:17 . 2014-10-20 06:17	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2014-10-20 06:17 . 2014-10-20 06:17	245248	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2014-10-20 06:17 . 2014-10-20 06:17	221184	----a-w-	c:\windows\system32\UIAnimation.dll
2014-10-20 06:17 . 2014-10-20 06:17	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll
2014-10-20 06:17 . 2014-10-20 06:17	207872	----a-w-	c:\windows\SysWow64\WindowsCodecsExt.dll
2014-10-20 06:17 . 2014-10-20 06:17	194560	----a-w-	c:\windows\system32\d3d10_1.dll
2014-10-20 06:17 . 2014-10-20 06:17	187392	----a-w-	c:\windows\SysWow64\UIAnimation.dll
2014-10-20 06:17 . 2014-10-20 06:17	1643520	----a-w-	c:\windows\system32\DWrite.dll
2014-10-20 06:17 . 2014-10-20 06:17	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2014-10-20 06:17 . 2014-10-20 06:17	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll
2014-10-20 06:17 . 2014-10-20 06:17	1238528	----a-w-	c:\windows\system32\d3d10.dll
2014-10-20 06:17 . 2014-10-20 06:17	1175552	----a-w-	c:\windows\system32\FntCache.dll
2014-10-20 06:17 . 2014-10-20 06:17	1080832	----a-w-	c:\windows\SysWow64\d3d10.dll
2014-09-25 02:08 . 2014-10-19 18:49	371712	----a-w-	c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-19 18:49	519680	----a-w-	c:\windows\SysWow64\qdvd.dll
2014-09-09 22:11 . 2014-10-19 14:17	2048	----a-w-	c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-10-19 14:17	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2014-09-04 05:23 . 2014-10-18 12:21	424448	----a-w-	c:\windows\system32\rastls.dll
2014-09-04 05:04 . 2014-10-18 12:21	372736	----a-w-	c:\windows\SysWow64\rastls.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"smoother"="c:\users\Myriam\AppData\Roaming\SmootherWeb\SmootherWeb-Installer.exe" [2014-08-27 489651]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-06-09 292848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-09-12 959176]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2014-02-06 189480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 51cdb72;Optimizer Pro Crash Monitor;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe;c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S2 AvrcpService;AvrcpService;c:\program files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe;c:\program files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [x]
S2 BTDevManager;BTDevManager;c:\program files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe;c:\program files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 lsdprn;lsdprn;c:\windows\SysWOW64\lsdprn.exe;c:\windows\SysWOW64\lsdprn.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 RtkBleServ;RtkBleServ;c:\program files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe;c:\program files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RtkBtFilter;Realtek Bluetooth Filter Driver;c:\windows\system32\DRIVERS\RtkBtfilter.sys;c:\windows\SYSNATIVE\DRIVERS\RtkBtfilter.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-02-24 13667032]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-02-25 1381744]
"RtHDVBg_LENOVO_DOLBYDRAGON"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-02-25 1381744]
"RtHDVBg_LENOVO_MICPKEY"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-02-25 1381744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-08 391152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-08 771568]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-08 770544]
"UMonit64"="c:\windows\SysWOW64\UMonit64.exe" [2014-01-06 53248]
"BtServer"="c:\program files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe" [2014-01-06 216064]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mDefault_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1415877113&from=cor&uid=ST500LM000-SSHD-8GB_W760PNH6XXXXW760PNH6&q={searchTerms}
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1415877113&from=cor&uid=ST500LM000-SSHD-8GB_W760PNH6XXXXW760PNH6&q={searchTerms}
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:49203;https=127.0.0.1:49203
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\1zn4v21r.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: extensions.autoDisableScopes - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\system32\StikyNot.exe
Wow6432Node-HKLM-Run-mbot_de_300 - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-11-25  20:21:38 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-11-25 19:21
.
Vor Suchlauf: 11 Verzeichnis(se), 439.494.656.000 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 444.138.037.248 Bytes frei
.
- - End Of File - - F39FC958338F3EFA5A13B7CDE4AD7361
         
--- --- ---
5FB38429D5D77768867C76DCBDB35194
[/CODE]


es gab Gemecker wg Security Essentials 2 mal (screen shots gamacht) weitergeklickt lief. akut Ruhe vor den Quälgeistern in Mozilla
mit dem Revo Uninstaller habe ich auch das Clickup-Programm weggeputzt.Combofix Logfile:
Code:
ATTFilter
ComboFix 14-11-25.01 - Myriam 25.11.2014  20:09:38.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4004.1993 [GMT 1:00]
ausgeführt von:: c:\users\Myriam\Desktop\TrojanerBoard\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\374311380
c:\programdata\600440862
c:\programdata\600440862\BITD83E.tmp
c:\programdata\IePluginServices
c:\programdata\IePluginServices\PluginService.exe
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Gast\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Myriam\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Myriam\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Myriam\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Myriam\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Myriam\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Myriam\AppData\Local\Chromatic Browser\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Myriam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Myriam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Myriam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Myriam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Myriam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Myriam\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Myriam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Myriam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Myriam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Myriam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Myriam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Myriam\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Myriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Myriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Myriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Myriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Myriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Myriam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
c:\users\Myriam\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Myriam\AppData\Local\Microsoft\Windows\Temporary Internet Files\{083ED59A-14A3-4949-93B0-3D6888673049}.xps
c:\users\Myriam\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F137B42A-F920-4F70-9AC9-AB3BBE3AE1D0}.xps
c:\users\Myriam\AppData\Local\Microsoft\Windows\Temporary Internet Files\BrowseStudio_iels
c:\users\Myriam\AppData\Local\Microsoft\Windows\Temporary Internet Files\EnterDigital_iels
c:\users\Myriam\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc
c:\users\Myriam\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\background.html
c:\users\Myriam\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\content.js
c:\users\Myriam\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\lsdb.js
c:\users\Myriam\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\manifest.json
c:\users\Myriam\AppData\Local\Torch\User Data\Default\Extensions\dcfomcpkeoocpmlfecidlblajdobehnc\1.0\QT2GtxXgw3.js
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_globalUpdate
-------\Service_IePluginServices
-------\Service_IePluginServices
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-10-25 bis 2014-11-25  ))))))))))))))))))))))))))))))
.
.
2014-11-25 19:14 . 2014-11-25 19:14	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-11-25 18:42 . 2014-11-25 18:42	--------	d-----w-	c:\program files (x86)\VS Revo Group
2014-11-25 07:26 . 2014-11-02 04:20	11632448	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B44CAE7C-519C-46AD-A6E5-A08565E227E6}\mpengine.dll
2014-11-24 14:33 . 2014-11-24 14:49	--------	d-----w-	C:\FRST
2014-11-24 07:17 . 2014-11-02 04:20	11632448	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-23 09:06 . 2014-11-23 09:06	--------	d-----w-	c:\users\Myriam\AppData\Roaming\QuickScan
2014-11-23 09:05 . 2014-11-23 11:13	--------	d-----w-	c:\program files (x86)\PC Speed Up
2014-11-23 09:04 . 2014-11-23 09:04	--------	d-----w-	c:\program files (x86)\predm
2014-11-23 09:03 . 2014-11-23 11:14	--------	d-----w-	c:\programdata\TinyWallet
2014-11-23 09:03 . 2014-11-23 11:08	--------	d-----w-	c:\program files (x86)\TinyWallet
2014-11-23 09:03 . 2014-11-23 09:03	--------	d-----w-	c:\users\Myriam\AppData\Local\Chromatic Browser
2014-11-23 09:03 . 2014-11-23 09:26	--------	d-----w-	c:\users\Myriam\AppData\Local\Google
2014-11-23 09:03 . 2014-11-23 09:03	--------	d-----w-	c:\users\Myriam\AppData\Local\Torch
2014-11-23 09:03 . 2014-11-23 09:03	--------	d-----w-	c:\users\Myriam\AppData\Local\Comodo
2014-11-23 09:03 . 2014-11-23 09:03	--------	d-----w-	c:\users\HomeGroupUser$
2014-11-23 09:03 . 2014-11-23 09:03	--------	d-----w-	c:\users\Gast
2014-11-23 09:03 . 2014-11-23 09:03	--------	d-----w-	c:\users\Administrator
2014-11-23 09:01 . 2014-11-02 09:35	268600	----a-w-	c:\windows\SysWow64\lsdprn.exe
2014-11-23 09:01 . 2014-11-23 11:09	--------	d-----w-	c:\program files\shopperz
2014-11-23 08:47 . 2014-11-23 08:47	--------	d-----w-	c:\users\Myriam\AppData\Local\globalUpdate
2014-11-23 08:46 . 2014-11-25 18:45	--------	d-----w-	c:\users\Myriam\AppData\Local\BoBrowser
2014-11-23 08:44 . 2014-11-23 10:56	--------	d-----w-	c:\program files (x86)\FLVM Player
2014-11-23 08:35 . 2014-11-23 08:35	--------	d-----w-	C:\SmootherWeb
2014-11-23 08:35 . 2014-11-23 08:35	1831	----a-w-	c:\windows\patsearch.bin
2014-11-23 08:35 . 2014-11-23 11:14	--------	d-----w-	c:\users\Myriam\AppData\Roaming\SmootherWeb
2014-11-21 19:27 . 2014-11-21 19:27	--------	d-----w-	c:\windows\SysWow64\Wat
2014-11-21 19:27 . 2014-11-21 19:27	--------	d-----w-	c:\windows\system32\Wat
2014-11-21 12:08 . 2014-09-10 14:30	1188440	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{32681454-5B44-4861-9D3D-A97E38BB6508}\gapaengine.dll
2014-11-19 12:34 . 2014-11-11 03:08	241152	----a-w-	c:\windows\system32\pku2u.dll
2014-11-19 12:34 . 2014-11-11 03:08	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-11-19 12:34 . 2014-11-11 02:44	186880	----a-w-	c:\windows\SysWow64\pku2u.dll
2014-11-19 12:34 . 2014-11-11 02:44	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-11-19 09:20 . 2014-11-19 09:20	--------	d-----w-	c:\users\Myriam\AppData\Local\ElevatedDiagnostics
2014-11-13 11:22 . 2014-11-13 11:54	--------	d-----w-	c:\users\Myriam\AppData\Local\Vosteran
2014-11-13 11:10 . 2014-11-13 11:10	--------	d-sh--w-	c:\users\Myriam\AppData\Local\EmieBrowserModeList
2014-11-13 10:52 . 2014-11-13 11:12	--------	d-----w-	c:\users\Myriam\AppData\Roaming\DriverTurbo
2014-11-12 05:53 . 2014-11-05 17:56	304640	----a-w-	c:\windows\system32\generaltel.dll
2014-11-12 05:53 . 2014-11-05 17:56	228864	----a-w-	c:\windows\system32\aepdu.dll
2014-11-12 05:53 . 2014-11-05 17:52	424448	----a-w-	c:\windows\system32\aeinv.dll
2014-11-12 05:53 . 2014-10-14 02:16	155064	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2014-11-12 05:53 . 2014-10-14 02:13	683520	----a-w-	c:\windows\system32\termsrv.dll
2014-11-12 05:53 . 2014-10-14 02:07	681984	----a-w-	c:\windows\system32\adtschema.dll
2014-11-12 05:53 . 2014-10-14 01:46	681984	----a-w-	c:\windows\SysWow64\adtschema.dll
2014-11-12 05:53 . 2014-10-14 02:12	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-11-12 05:53 . 2014-10-14 02:09	146432	----a-w-	c:\windows\system32\msaudite.dll
2014-11-12 05:53 . 2014-10-14 01:50	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-11-12 05:53 . 2014-10-14 01:49	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2014-11-12 05:53 . 2014-10-14 01:47	146432	----a-w-	c:\windows\SysWow64\msaudite.dll
2014-11-11 21:54 . 2014-11-11 21:54	--------	d-----w-	c:\windows\SysWow64\Adobe
2014-11-09 18:42 . 2014-11-09 18:42	--------	d-----w-	c:\users\Myriam\AppData\Local\PDF24
2014-11-09 18:41 . 2014-11-09 18:41	--------	d-----w-	c:\program files (x86)\PDF24
2014-11-08 16:18 . 2014-11-08 16:18	--------	d-----w-	c:\program files (x86)\downloaditkeep
2014-11-08 11:12 . 2014-11-13 11:54	--------	d-----w-	c:\windows\system32\appmgmt
2014-11-08 11:09 . 2014-11-12 05:26	--------	d-----w-	c:\programdata\downloaditkeep
2014-11-08 11:09 . 2014-11-23 11:08	--------	d-----w-	c:\programdata\2fa710b654abf508
2014-11-08 10:49 . 2014-11-08 11:03	--------	d-----w-	c:\users\Myriam\AppData\Local\CUSTPDF Writer
2014-11-08 10:45 . 2014-11-08 10:45	--------	d-----w-	c:\users\Myriam\AppData\Roaming\DigitalSites
2014-11-08 10:39 . 2014-11-08 10:39	--------	d-----w-	c:\programdata\SlimWare Utilities Inc
2014-11-08 10:39 . 2014-11-13 11:15	--------	d-----w-	c:\users\Myriam\AppData\Local\Downloaded Installers
2014-11-08 10:36 . 2014-11-13 11:12	16152	----a-w-	c:\windows\system32\drivers\SWDUMon.sys
2014-11-08 10:36 . 2014-11-08 10:36	--------	d-----w-	c:\users\Myriam\AppData\Local\SlimWare Utilities Inc
2014-11-08 10:36 . 2014-11-13 12:01	--------	d-----w-	c:\program files (x86)\DriverUpdate
2014-11-08 10:31 . 2014-11-08 10:31	--------	d-sh--w-	c:\users\Myriam\AppData\Local\EmieUserList
2014-11-08 10:31 . 2014-11-08 10:31	--------	d-sh--w-	c:\users\Myriam\AppData\Local\EmieSiteList
2014-11-08 10:29 . 2014-11-08 10:29	--------	d-----w-	c:\program files (x86)\GPLGS
2014-11-08 10:29 . 2011-10-04 20:43	87552	----a-w-	c:\windows\system32\custmon64i.dll
2014-11-08 10:29 . 2014-11-08 10:29	--------	d-----w-	c:\program files\PDFCreator
2014-11-08 10:29 . 2014-11-08 10:29	--------	d-----w-	c:\program files (x86)\PDF Creator
2014-11-02 13:56 . 2014-09-10 14:30	1188440	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-10-31 06:12 . 2014-10-31 06:12	--------	d-----w-	c:\programdata\EasyCash&Tax
2014-10-31 05:00 . 2014-10-31 05:00	--------	d-----w-	c:\users\Myriam\AppData\Local\Diagnostics
2014-10-30 06:45 . 2014-10-30 07:19	--------	d-----w-	c:\users\Myriam\Programme
2014-10-27 08:28 . 2014-11-12 19:57	--------	d-----w-	c:\windows\system32\MRT
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-30 11:25 . 2010-11-21 03:27	275080	------w-	c:\windows\system32\MpSigStub.exe
2014-10-20 06:32 . 2014-10-20 06:32	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-20 06:32 . 2014-10-20 06:32	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-20 06:29 . 2014-10-20 06:29	194048	----a-w-	c:\windows\SysWow64\elshyph.dll
2014-10-20 06:29 . 2014-10-20 06:29	71680	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-10-20 06:29 . 2014-10-20 06:29	645120	----a-w-	c:\windows\SysWow64\jsIntl.dll
2014-10-20 06:29 . 2014-10-20 06:29	62464	----a-w-	c:\windows\SysWow64\tdc.ocx
2014-10-20 06:29 . 2014-10-20 06:29	337408	----a-w-	c:\windows\SysWow64\html.iec
2014-10-20 06:29 . 2014-10-20 06:29	235008	----a-w-	c:\windows\system32\elshyph.dll
2014-10-20 06:29 . 2014-10-20 06:29	182272	----a-w-	c:\windows\SysWow64\msls31.dll
2014-10-20 06:29 . 2014-10-20 06:29	36352	----a-w-	c:\windows\SysWow64\imgutil.dll
2014-10-20 06:29 . 2014-10-20 06:29	24576	----a-w-	c:\windows\SysWow64\licmgr10.dll
2014-10-20 06:29 . 2014-10-20 06:29	151552	----a-w-	c:\windows\SysWow64\iexpress.exe
2014-10-20 06:29 . 2014-10-20 06:29	139264	----a-w-	c:\windows\SysWow64\wextract.exe
2014-10-20 06:29 . 2014-10-20 06:29	13312	----a-w-	c:\windows\SysWow64\mshta.exe
2014-10-20 06:29 . 2014-10-20 06:29	111616	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2014-10-20 06:29 . 2014-10-20 06:29	942592	----a-w-	c:\windows\system32\jsIntl.dll
2014-10-20 06:29 . 2014-10-20 06:29	86016	----a-w-	c:\windows\SysWow64\iesysprep.dll
2014-10-20 06:29 . 2014-10-20 06:29	86016	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2014-10-20 06:29 . 2014-10-20 06:29	74240	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2014-10-20 06:29 . 2014-10-20 06:29	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2014-10-20 06:29 . 2014-10-20 06:29	247808	----a-w-	c:\windows\system32\msls31.dll
2014-10-20 06:29 . 2014-10-20 06:29	90112	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2014-10-20 06:29 . 2014-10-20 06:29	81408	----a-w-	c:\windows\system32\icardie.dll
2014-10-20 06:29 . 2014-10-20 06:29	77312	----a-w-	c:\windows\system32\tdc.ocx
2014-10-20 06:29 . 2014-10-20 06:29	616104	----a-w-	c:\windows\system32\ieapfltr.dat
2014-10-20 06:29 . 2014-10-20 06:29	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2014-10-20 06:29 . 2014-10-20 06:29	48640	----a-w-	c:\windows\system32\mshtmler.dll
2014-10-20 06:29 . 2014-10-20 06:29	413696	----a-w-	c:\windows\system32\html.iec
2014-10-20 06:29 . 2014-10-20 06:29	235520	----a-w-	c:\windows\system32\url.dll
2014-10-20 06:29 . 2014-10-20 06:29	13312	----a-w-	c:\windows\system32\msfeedssync.exe
2014-10-20 06:29 . 2014-10-20 06:29	131072	----a-w-	c:\windows\system32\IEAdvpack.dll
2014-10-20 06:29 . 2014-10-20 06:29	105984	----a-w-	c:\windows\system32\iesysprep.dll
2014-10-20 06:29 . 2014-10-20 06:29	774144	----a-w-	c:\windows\system32\jscript.dll
2014-10-20 06:29 . 2014-10-20 06:29	62464	----a-w-	c:\windows\system32\pngfilt.dll
2014-10-20 06:29 . 2014-10-20 06:29	48128	----a-w-	c:\windows\system32\imgutil.dll
2014-10-20 06:29 . 2014-10-20 06:29	30208	----a-w-	c:\windows\system32\licmgr10.dll
2014-10-20 06:29 . 2014-10-20 06:29	243200	----a-w-	c:\windows\system32\webcheck.dll
2014-10-20 06:29 . 2014-10-20 06:29	167424	----a-w-	c:\windows\system32\iexpress.exe
2014-10-20 06:29 . 2014-10-20 06:29	147968	----a-w-	c:\windows\system32\occache.dll
2014-10-20 06:29 . 2014-10-20 06:29	143872	----a-w-	c:\windows\system32\wextract.exe
2014-10-20 06:29 . 2014-10-20 06:29	13824	----a-w-	c:\windows\system32\mshta.exe
2014-10-20 06:29 . 2014-10-20 06:29	135680	----a-w-	c:\windows\system32\iepeers.dll
2014-10-20 06:29 . 2014-10-20 06:29	101376	----a-w-	c:\windows\system32\inseng.dll
2014-10-20 06:17 . 2014-10-20 06:17	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2014-10-20 06:17 . 2014-10-20 06:17	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2014-10-20 06:17 . 2014-10-20 06:17	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	1682432	----a-w-	c:\windows\system32\XpsPrint.dll
2014-10-20 06:17 . 2014-10-20 06:17	1158144	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2014-10-20 06:17 . 2014-10-20 06:17	10752	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-10-20 06:17 . 2014-10-20 06:17	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2014-10-20 06:17 . 2014-10-20 06:17	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2014-10-20 06:17 . 2014-10-20 06:17	363008	----a-w-	c:\windows\system32\dxgi.dll
2014-10-20 06:17 . 2014-10-20 06:17	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2014-10-20 06:17 . 2014-10-20 06:17	296960	----a-w-	c:\windows\system32\d3d10core.dll
2014-10-20 06:17 . 2014-10-20 06:17	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
2014-10-20 06:17 . 2014-10-20 06:17	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2014-10-20 06:17 . 2014-10-20 06:17	245248	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2014-10-20 06:17 . 2014-10-20 06:17	221184	----a-w-	c:\windows\system32\UIAnimation.dll
2014-10-20 06:17 . 2014-10-20 06:17	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll
2014-10-20 06:17 . 2014-10-20 06:17	207872	----a-w-	c:\windows\SysWow64\WindowsCodecsExt.dll
2014-10-20 06:17 . 2014-10-20 06:17	194560	----a-w-	c:\windows\system32\d3d10_1.dll
2014-10-20 06:17 . 2014-10-20 06:17	187392	----a-w-	c:\windows\SysWow64\UIAnimation.dll
2014-10-20 06:17 . 2014-10-20 06:17	1643520	----a-w-	c:\windows\system32\DWrite.dll
2014-10-20 06:17 . 2014-10-20 06:17	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2014-10-20 06:17 . 2014-10-20 06:17	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll
2014-10-20 06:17 . 2014-10-20 06:17	1238528	----a-w-	c:\windows\system32\d3d10.dll
2014-10-20 06:17 . 2014-10-20 06:17	1175552	----a-w-	c:\windows\system32\FntCache.dll
2014-10-20 06:17 . 2014-10-20 06:17	1080832	----a-w-	c:\windows\SysWow64\d3d10.dll
2014-09-25 02:08 . 2014-10-19 18:49	371712	----a-w-	c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-19 18:49	519680	----a-w-	c:\windows\SysWow64\qdvd.dll
2014-09-09 22:11 . 2014-10-19 14:17	2048	----a-w-	c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-10-19 14:17	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2014-09-04 05:23 . 2014-10-18 12:21	424448	----a-w-	c:\windows\system32\rastls.dll
2014-09-04 05:04 . 2014-10-18 12:21	372736	----a-w-	c:\windows\SysWow64\rastls.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"smoother"="c:\users\Myriam\AppData\Roaming\SmootherWeb\SmootherWeb-Installer.exe" [2014-08-27 489651]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-06-09 292848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-09-12 959176]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2014-02-06 189480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 51cdb72;Optimizer Pro Crash Monitor;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe;c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S2 AvrcpService;AvrcpService;c:\program files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe;c:\program files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [x]
S2 BTDevManager;BTDevManager;c:\program files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe;c:\program files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 lsdprn;lsdprn;c:\windows\SysWOW64\lsdprn.exe;c:\windows\SysWOW64\lsdprn.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 RtkBleServ;RtkBleServ;c:\program files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe;c:\program files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RtkBtFilter;Realtek Bluetooth Filter Driver;c:\windows\system32\DRIVERS\RtkBtfilter.sys;c:\windows\SYSNATIVE\DRIVERS\RtkBtfilter.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-02-24 13667032]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-02-25 1381744]
"RtHDVBg_LENOVO_DOLBYDRAGON"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-02-25 1381744]
"RtHDVBg_LENOVO_MICPKEY"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-02-25 1381744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-08 391152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-08 771568]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-08 770544]
"UMonit64"="c:\windows\SysWOW64\UMonit64.exe" [2014-01-06 53248]
"BtServer"="c:\program files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe" [2014-01-06 216064]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mDefault_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1415877113&from=cor&uid=ST500LM000-SSHD-8GB_W760PNH6XXXXW760PNH6&q={searchTerms}
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1415877113&from=cor&uid=ST500LM000-SSHD-8GB_W760PNH6XXXXW760PNH6&q={searchTerms}
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:49203;https=127.0.0.1:49203
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\1zn4v21r.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: extensions.autoDisableScopes - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\system32\StikyNot.exe
Wow6432Node-HKLM-Run-mbot_de_300 - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-11-25  20:21:38 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-11-25 19:21
.
Vor Suchlauf: 11 Verzeichnis(se), 439.494.656.000 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 444.138.037.248 Bytes frei
.
- - End Of File - - F39FC958338F3EFA5A13B7CDE4AD7361
         
--- --- ---
5FB38429D5D77768867C76DCBDB35194
Es gab 2 mal Gemecker wegen Security Essentials obwohl abgeschaltet (screenshots gemacht). weggeklickt, lief dann weiter

Habe mit Revo Uninstaller auch Clickup weggemacht

Sieht so aus als wären die Quälgeister aus dem Mozilla verschwunden. happy.
war's das (schon) ? LG MyB

Guten Morgen. Das war es wohl doch noch nicht. Der Rechner ist merkwürdig langsam. Ob es dazu noch eine Idee geben wird? warte jetzt mit Geduld der Zustand ist im Moment arbeitstauglich.

spendentechnisch: ich darf soviel wie ich kann? ich mach mal jetzt so und in einigen Wochen sieht das wohl anders aus für einen Nachschlag.

Alt 26.11.2014, 21:42   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7: Ads by clickup - Standard

Windows7: Ads by clickup



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.11.2014, 17:50   #8
myriambb
 
Windows7: Ads by clickup - Standard

Windows7: Ads by clickup



Hei Schrauber Danke für letzten Einsatz. Ergebnisse:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 27.11.2014
Suchlauf-Zeit: 16:42:04
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.09.19.05
Rootkit Datenbank: v2014.09.18.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Myriam

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 365158
Verstrichene Zeit: 5 Min, 51 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 16
PUP.Optional.Astromenda, HKU\S-1-5-21-1313315996-2717873473-2842918071-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}, In Quarantäne, [176a13dcbcbf4aec3df3385047bb649c], 
PUP.Optional.Astromenda, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}, In Quarantäne, [176a13dcbcbf4aec3df3385047bb649c], 
PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MYBESTOFFERSTODAY, In Quarantäne, [9ee3ee01bdbeff3795a64cbeb350847c], 
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [146d787704778da9fd09d9964cb82ad6], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, In Quarantäne, [770aa24d6813d165b812ef19798a3ec2], 
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\sweet-pageSoftware, In Quarantäne, [7d0435baaecd11252850342f9e6629d7], 
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, In Quarantäne, [9ce54ca3aad1de58b273b65bde25c33d], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, In Quarantäne, [bfc230bf7ffcb48266c732401ee6c63a], 
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, In Quarantäne, [4c35ae412e4da98d2c0277fbdd2728d8], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [295831beb1ca3bfb00c9c04862a1fe02], 
PUP.Optional.RocketTab.A, HKU\S-1-5-21-1313315996-2717873473-2842918071-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\RocketTabInstalled, In Quarantäne, [dca523ccdba00135f13b6e9854af956b], 
PUP.Optional.WebSearches.A, HKU\S-1-5-21-1313315996-2717873473-2842918071-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft, In Quarantäne, [daa7b8370a71a690afd79773838031cf], 
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-1313315996-2717873473-2842918071-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag, In Quarantäne, [fb86797653282313c89882f0aa5aab55], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1313315996-2717873473-2842918071-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [3c45ba35a3d860d6fe9a93a5e023966a], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1313315996-2717873473-2842918071-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [87fa5d923d3e39fd39bfa4aa51b3e41c], 
PUP.Optional.SuperFish.A, HKU\S-1-5-21-1313315996-2717873473-2842918071-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, In Quarantäne, [770a29c62853270f19e2bf55d03328d8], 

Registrierungswerte: 4
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, In Quarantäne, [9ce54ca3aad1de58b273b65bde25c33d]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, cor, In Quarantäne, [295831beb1ca3bfb00c9c04862a1fe02]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1313315996-2717873473-2842918071-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0X1L1C1C1J2Z, In Quarantäne, [87fa5d923d3e39fd39bfa4aa51b3e41c]
PUP.Optional.RocketTab.A, HKU\S-1-5-21-1313315996-2717873473-2842918071-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCH EXTENSIONS|RocketTab, 1, In Quarantäne, [99e8ea055427b77ff43734d27e85d52b]

Registrierungsdaten: 2
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1415877113&from=cor&uid=ST500LM000-SSHD-8GB_W760PNH6XXXXW760PNH6&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1415877113&from=cor&uid=ST500LM000-SSHD-8GB_W760PNH6XXXXW760PNH6&q={searchTerms}),Ersetzt,[9fe2d51a1a61999d25fcfc0a689d29d7]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.sweet-page.com/web/?type=ds&ts=1415877113&from=cor&uid=ST500LM000-SSHD-8GB_W760PNH6XXXXW760PNH6&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1415877113&from=cor&uid=ST500LM000-SSHD-8GB_W760PNH6XXXXW760PNH6&q={searchTerms}),Ersetzt,[1d64b03f215af83e4eb36a91ab5917e9]

Ordner: 4
PUP.Optional.OpenCandy, C:\Users\Myriam\AppData\Roaming\OpenCandy, In Quarantäne, [e9984fa07803b6809d3beaebbe44ee12], 
PUP.Optional.OpenCandy, C:\Users\Myriam\AppData\Roaming\OpenCandy\C4261B085315468781EE4FE40A45F062, In Quarantäne, [e9984fa07803b6809d3beaebbe44ee12], 
PUP.Optional.Updater.A, C:\Users\Myriam\AppData\Roaming\DigitalSites\UpdateProc, In Quarantäne, [c8b9d01f5a21171f8d0b34bf52b018e8], 
PUP.Optional.FLVMPlayer, C:\Program Files (x86)\FLVM Player, In Quarantäne, [542d28c75526c86ee8a759a3788aa957], 

Dateien: 8
PUP.Optional.RocketTab.A, C:\Windows\System32\Tasks\RocketTab, In Quarantäne, [a3ded8179edda98dd35b42c451b214ec], 
PUP.Optional.RocketTab.A, C:\Windows\System32\Tasks\RocketTab Update Task, In Quarantäne, [027f16d9c8b35cda45e93acc976cc040], 
PUP.Optional.Updater.A, C:\Users\Myriam\AppData\Roaming\DigitalSites\UpdateProc\info.dat, In Quarantäne, [c8b9d01f5a21171f8d0b34bf52b018e8], 
PUP.Optional.Updater.A, C:\Users\Myriam\AppData\Roaming\DigitalSites\UpdateProc\prod.dat, In Quarantäne, [c8b9d01f5a21171f8d0b34bf52b018e8], 
PUP.Optional.Updater.A, C:\Users\Myriam\AppData\Roaming\DigitalSites\UpdateProc\STTL.DAT, In Quarantäne, [c8b9d01f5a21171f8d0b34bf52b018e8], 
PUP.Optional.Updater.A, C:\Users\Myriam\AppData\Roaming\DigitalSites\UpdateProc\TTL.DAT, In Quarantäne, [c8b9d01f5a21171f8d0b34bf52b018e8], 
PUP.Optional.Updater.A, C:\Users\Myriam\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe, In Quarantäne, [c8b9d01f5a21171f8d0b34bf52b018e8], 
PUP.Optional.CrossRider.A, C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\1zn4v21r.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "149dbdf633a22df1d0c10ca4a47389cf");), Ersetzt,[aed35798275474c219cd46f2e61f0cf4]

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
Code:
ATTFilter
# AdwCleaner v4.102 - Bericht erstellt am 27/11/2014 um 17:01:24
# Aktualisiert 23/11/2014 von Xplode
# Database : 2014-11-23.7 [Local]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Myriam - MYRIAM-PC
# Gestartet von : C:\Users\Myriam\Downloads\AdwCleaner_4.102.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : globalUpdatem
Dienst Gelöscht : lsdprn

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\SmootherWeb
Ordner Gelöscht : C:\ProgramData\2fa710b654abf508
Ordner Gelöscht : C:\Program Files (x86)\pc speed up
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files\shopperz
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Gast\AppData\Local\torch
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\torch
Ordner Gelöscht : C:\Users\Myriam\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Myriam\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Myriam\AppData\Local\torch
Ordner Gelöscht : C:\Users\Myriam\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\Myriam\AppData\Local\BoBrowser
Ordner Gelöscht : C:\Users\Myriam\AppData\Local\Vosteran
Ordner Gelöscht : C:\Users\Myriam\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\Myriam\AppData\Roaming\SmootherWeb
Ordner Gelöscht : C:\Users\Myriam\AppData\Roaming\RHEng
Ordner Gelöscht : C:\Users\Myriam\AppData\Roaming\DriverTurbo
Ordner Gelöscht : C:\Users\Myriam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmootherWeb
Ordner Gelöscht : C:\Users\Myriam\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\Myriam\Documents\PC Speed Maximizer
Datei Gelöscht : C:\Windows\SysWOW64\lsdprn.exe
Datei Gelöscht : C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\1zn4v21r.default\user.js

***** [ Tasks ] *****

Task Gelöscht : LaunchSignup
Task Gelöscht : RocketTab Update Task
Task Gelöscht : RocketTab

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [smoother]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\Search Extensions
Schlüssel Gelöscht : HKCU\Software\SecuredDownload
Schlüssel Gelöscht : HKCU\Software\Vosteran Browser
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\Clara
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SmootherWeb
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C52B8B6-FFA2-12F6-0A5A-E8301F96A568}

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v33.1 (x86 de)

[1zn4v21r.default\prefs.js] - Zeile gelöscht : user_pref("extensions.90222mP2MQd2mmsO.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\[...]
[1zn4v21r.default\prefs.js] - Zeile gelöscht : user_pref("extensions.RaNsBqoaFFLu3fWs.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[1zn4v21r.default\prefs.js] - Zeile gelöscht : user_pref("extensions.crossrider.bic", "149dbdf633a22df1d0c10ca4a47389cf");
[1zn4v21r.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[1zn4v21r.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[1zn4v21r.default\prefs.js] - Zeile gelöscht : user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://Vosteran.com/?f=1&a=vst_secureddownload_14_46_ff&cd=2XzuyEtN2Y1L1Qzuzy0C0A0DzyyB0A0AtC0FyByCyCzy0CyCtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtBtFtDtN1L1CzutC[...]
[1zn4v21r.default\prefs.js] - Zeile gelöscht : user_pref("extensions.srchvstrn.newTabUrl", "hxxp://Vosteran.com/?f=2&a=vst_secureddownload_14_46_ff&cd=2XzuyEtN2Y1L1Qzuzy0C0A0DzyyB0A0AtC0FyByCyCzy0CyCtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtBtFtDtN1L1Czu[...]
[1zn4v21r.default\prefs.js] - Zeile gelöscht : user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");
[1zn4v21r.default\prefs.js] - Zeile gelöscht : user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");
[1zn4v21r.default\prefs.js] - Zeile gelöscht : user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://Vosteran.com/?f=3&a=vst_secureddownload_14_46_ff&cd=2XzuyEtN2Y1L1Qzuzy0C0A0DzyyB0A0AtC0FyByCyCzy0CyCtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtBtFtDtN1L1C[...]

-\\ Google Chrome v


-\\ Comodo Dragon v


*************************

AdwCleaner[R0].txt - [12320 octets] - [27/11/2014 16:59:51]
AdwCleaner[S0].txt - [11589 octets] - [27/11/2014 17:01:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11650 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Professional x64
Ran by Myriam on 27.11.2014 at 17:12:09,84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\downloaditkeep



~~~ FireFox

Emptied folder: C:\Users\Myriam\AppData\Roaming\mozilla\firefox\profiles\1zn4v21r.default\minidumps [4 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.11.2014 at 17:15:49,52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by Myriam (administrator) on MYRIAM-PC on 27-11-2014 17:24:00
Running from C:\Users\Myriam\Desktop\TrojanerBoard
Loaded Profile: Myriam (Available profiles: Myriam)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\RtkBleServ.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [UMonit64] => C:\Windows\SysWOW64\UMonit64.exe [53248 2014-01-06] ()
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [216064 2014-01-06] (Realtek Semiconductor Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-06-09] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1313315996-2717873473-2842918071-1000] => http=127.0.0.1:49203;https=127.0.0.1:49203
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE160AC8BCAEACF01
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1313315996-2717873473-2842918071-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\1zn4v21r.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\1zn4v21r.default\searchplugins\ixquick-https.xml
FF Extension: Firefox Booster - C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\1zn4v21r.default\Extensions\jid1-U7omKQ6kQfxMaQ@jetpack.xpi [2014-11-27]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Myriam\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-07] (Realtek Semiconductor Corporation) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [84992 2014-01-22] () [File not signed]
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 RtkBleServ; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [42496 2013-04-25] (Realtek Semiconductor Corporation) [File not signed]
S2 51cdb72; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll",ENT

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [559320 2014-02-18] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3300568 2014-02-20] (Realtek Semiconductor Corporation                           )
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-11-13] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-27 17:15 - 2014-11-27 17:15 - 00000822 _____ () C:\Users\Myriam\Desktop\JRT.txt
2014-11-27 17:12 - 2014-11-27 17:12 - 00000000 ____D () C:\Windows\ERUNT
2014-11-27 17:10 - 2014-11-27 17:11 - 01707532 _____ (Thisisu) C:\Users\Myriam\Downloads\JRT.exe
2014-11-27 17:10 - 2014-11-27 17:10 - 00011743 _____ () C:\Users\Myriam\Desktop\AdwCleaner[S0].txt
2014-11-27 16:59 - 2014-11-27 17:01 - 00000000 ____D () C:\AdwCleaner
2014-11-27 16:58 - 2014-11-27 16:58 - 02148864 _____ () C:\Users\Myriam\Downloads\AdwCleaner_4.102.exe
2014-11-27 16:57 - 2014-11-27 16:57 - 00007055 _____ () C:\Users\Myriam\Desktop\mbam.txt
2014-11-27 16:41 - 2014-11-27 17:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-27 16:41 - 2014-11-27 16:41 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-27 16:41 - 2014-11-27 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-27 16:40 - 2014-11-27 16:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-27 16:40 - 2014-11-27 16:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-27 16:40 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-27 16:40 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-27 16:40 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-27 16:35 - 2014-11-27 16:38 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Myriam\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-27 14:40 - 2014-11-27 14:40 - 00001139 _____ () C:\Users\Myriam\Desktop\Dagmar Strack-Bidinger - Verknüpfung.lnk
2014-11-25 21:23 - 2014-11-25 21:23 - 00178447 _____ () C:\Users\Myriam\Desktop\Allgemeine Smiley1.odt
2014-11-25 21:22 - 2014-11-25 21:22 - 00178429 _____ () C:\Users\Myriam\Desktop\Allgemeine Smileys.odt
2014-11-25 20:21 - 2014-11-25 20:21 - 00040694 _____ () C:\ComboFix.txt
2014-11-25 20:08 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-25 20:08 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-25 20:08 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-25 20:08 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-25 20:08 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-25 20:08 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-25 20:08 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-25 20:08 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-25 20:03 - 2014-11-25 20:21 - 00000000 ____D () C:\Qoobox
2014-11-25 20:03 - 2014-11-25 20:20 - 00000000 ____D () C:\Windows\erdnt
2014-11-25 19:42 - 2014-11-25 19:42 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-11-24 15:33 - 2014-11-27 17:24 - 00000000 ____D () C:\FRST
2014-11-24 15:29 - 2014-11-27 17:24 - 00000000 ____D () C:\Users\Myriam\Desktop\TrojanerBoard
2014-11-24 15:26 - 2014-11-24 15:26 - 00000000 _____ () C:\Users\Myriam\defogger_reenable
2014-11-23 10:06 - 2014-11-23 10:06 - 00000000 ____D () C:\Users\Myriam\AppData\Roaming\QuickScan
2014-11-23 10:03 - 2014-11-27 17:03 - 00000442 __RSH () C:\ProgramData\ntuser.pol
2014-11-23 10:03 - 2014-11-23 12:14 - 00000000 ____D () C:\ProgramData\TinyWallet
2014-11-23 10:03 - 2014-11-23 12:08 - 00000000 ____D () C:\Program Files (x86)\TinyWallet
2014-11-23 10:03 - 2014-11-23 10:26 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Google
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Comodo
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Gast
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Administrator
2014-11-23 09:48 - 2014-11-23 09:48 - 00003150 _____ () C:\Windows\System32\Tasks\Run_Bobby_Browser
2014-11-23 09:35 - 2014-11-23 09:35 - 00001831 _____ () C:\Windows\patsearch.bin
2014-11-23 09:35 - 2014-11-23 09:35 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrT_01009.Wdf
2014-11-22 14:53 - 2014-11-22 14:53 - 09665384 _____ () C:\Users\Myriam\Documents\Regale voller GoldBarren  Focus online.odt
2014-11-22 07:34 - 2014-11-22 07:34 - 00123537 _____ () C:\Users\Myriam\Documents\Kühe.odt
2014-11-22 07:30 - 2014-11-22 07:36 - 01046283 _____ () C:\Users\Myriam\Documents\Schweine.odt
2014-11-19 14:28 - 2014-11-19 14:28 - 00952124 _____ () C:\Users\Myriam\Desktop\Audi Schätzung Nov'14.odt
2014-11-19 13:34 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 13:34 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 13:34 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 13:34 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 11:22 - 2014-11-18 11:22 - 00494259 _____ () C:\Users\Myriam\Desktop\NADH.odt
2014-11-18 11:10 - 2014-11-18 11:16 - 00017058 _____ () C:\Users\Myriam\Desktop\Serotonin.odt
2014-11-15 21:45 - 2014-11-15 21:45 - 00004700 _____ () C:\Users\Myriam\Downloads\Lass deine Augen das Beste sehen.odt
2014-11-13 19:46 - 2014-11-13 19:46 - 00006569 _____ () C:\Users\Myriam\Documents\Impressum.odt
2014-11-13 12:55 - 2014-11-13 12:55 - 00000000 ____D () C:\Users\Myriam\Documents\Fax
2014-11-13 12:53 - 2014-11-13 12:53 - 00792796 _____ () C:\Users\Myriam\Documents\141114 veraltete Treiber.odt
2014-11-13 12:52 - 2014-11-13 12:52 - 00223511 _____ () C:\Users\Myriam\Documents\141114 Erstattung Trixie Maulschlaufe.odt
2014-11-13 12:24 - 2014-11-13 12:24 - 00003152 _____ () C:\Windows\System32\Tasks\{D4059A91-59EB-4BD4-8D46-E7191558AA7A}
2014-11-13 12:10 - 2014-11-13 12:10 - 05798968 _____ (Innovative Solutions ) C:\Users\Myriam\Downloads\hp-treiber.exe
2014-11-13 12:10 - 2014-11-13 12:10 - 00000000 __SHD () C:\Users\Myriam\AppData\Local\EmieBrowserModeList
2014-11-13 12:08 - 2014-11-13 12:08 - 00825248 _____ ( ) C:\Users\Myriam\Downloads\hp-treiber_setup.exe
2014-11-12 06:55 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 06:55 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 06:55 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 06:55 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 06:55 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 06:55 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 06:55 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 06:55 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 06:55 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 06:55 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 06:55 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 06:55 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 06:55 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 06:55 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 06:55 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 06:55 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 06:55 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 06:55 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 06:55 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 06:55 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 06:55 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 06:55 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 06:55 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 06:55 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 06:55 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 06:55 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 06:55 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 06:55 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 06:55 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 06:55 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 06:55 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 06:55 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 06:55 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 06:55 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 06:55 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 06:55 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 06:55 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 06:55 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 06:55 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 06:55 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 06:55 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 06:55 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 06:55 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 06:55 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 06:55 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 06:55 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 06:55 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 06:55 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 06:55 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 06:55 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 06:55 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 06:55 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 06:55 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 06:55 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 06:55 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 06:55 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 06:53 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 06:53 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 06:53 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 06:53 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 06:53 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 06:53 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 06:53 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 06:53 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 06:53 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 06:53 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 06:53 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 06:53 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 06:48 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 06:48 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 06:48 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 06:48 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 06:48 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 06:48 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 06:48 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 06:48 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 06:48 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 06:48 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 06:48 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 06:48 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 06:48 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 06:48 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 06:48 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 06:48 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 06:48 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 06:48 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 06:48 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 06:48 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 06:48 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 22:54 - 2014-11-11 22:54 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-11-11 07:00 - 2014-11-11 07:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-10 11:57 - 2014-11-10 21:10 - 00005558 _____ () C:\Users\Myriam\Documents\Hundespiel.odt
2014-11-10 06:58 - 2014-11-10 06:58 - 00004809 _____ () C:\Users\Myriam\Documents\Kfz in der BF  6 Absatz 1 Nr.odt
2014-11-09 19:42 - 2014-11-09 19:42 - 00000000 ____D () C:\Users\Myriam\AppData\Local\PDF24
2014-11-09 19:41 - 2014-11-09 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2014-11-09 19:41 - 2014-11-09 19:41 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-11-09 10:10 - 2014-11-09 19:25 - 00005619 _____ () C:\Users\Myriam\Desktop\Liebe Devani.odt
2014-11-08 17:18 - 2014-11-08 17:18 - 00000000 ____D () C:\Program Files (x86)\downloaditkeep
2014-11-08 12:45 - 2014-11-25 08:15 - 00000085 _____ () C:\Users\Myriam\AppData\Roaming\WB.CFG
2014-11-08 12:12 - 2014-11-13 12:54 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-11-08 11:49 - 2014-11-08 12:03 - 00000000 ____D () C:\Users\Myriam\AppData\Local\CUSTPDF Writer
2014-11-08 11:39 - 2014-11-13 12:15 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Downloaded Installers
2014-11-08 11:39 - 2014-11-08 11:39 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc
2014-11-08 11:36 - 2014-11-13 13:01 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2014-11-08 11:36 - 2014-11-13 12:12 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-11-08 11:36 - 2014-11-08 11:36 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-11-08 11:36 - 2014-11-08 11:36 - 00000000 ____D () C:\Users\Myriam\AppData\Local\SlimWare Utilities Inc
2014-11-08 11:31 - 2014-11-08 11:31 - 00000000 __SHD () C:\Users\Myriam\AppData\Local\EmieUserList
2014-11-08 11:31 - 2014-11-08 11:31 - 00000000 __SHD () C:\Users\Myriam\AppData\Local\EmieSiteList
2014-11-08 11:29 - 2014-11-08 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Creator
2014-11-08 11:29 - 2014-11-08 11:29 - 00000000 ____D () C:\Program Files\PDFCreator
2014-11-08 11:29 - 2014-11-08 11:29 - 00000000 ____D () C:\Program Files (x86)\PDF Creator
2014-11-08 11:29 - 2014-11-08 11:29 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-11-08 11:29 - 2011-10-04 21:43 - 00087552 _____ () C:\Windows\system32\custmon64i.dll
2014-11-08 11:25 - 2014-11-08 11:25 - 00812160 _____ ( ) C:\Users\Myriam\Downloads\PdfCreatorSetup.exe
2014-11-02 19:20 - 2014-11-02 19:22 - 00011776 ___SH () C:\Users\Myriam\Documents\Thumbs.db
2014-11-02 18:24 - 2014-11-02 19:18 - 58885280 _____ () C:\Users\Myriam\Documents\Gute Energie 141102 NutzenFußnote.pptx
2014-10-31 11:23 - 2014-10-31 11:24 - 05033168 _____ (Lenovo Group Limited ) C:\Users\Myriam\Downloads\a3ub03w7.exe
2014-10-31 07:12 - 2014-10-31 07:12 - 00000000 ____D () C:\ProgramData\EasyCash&Tax
2014-10-31 06:14 - 2014-11-20 21:32 - 00000000 ____D () C:\Users\Myriam\Documents\EC&T KontenDateien Einst
2014-10-30 22:33 - 2014-10-30 22:33 - 00003036 _____ () C:\Windows\System32\Tasks\{F21E1B53-A4BF-42A2-965F-D8F872357334}
2014-10-30 07:45 - 2014-10-30 08:19 - 00000000 ____D () C:\Users\Myriam\Programme
2014-10-29 21:58 - 2014-10-29 22:03 - 307709680 _____ () C:\Users\Myriam\Downloads\OJJ4500_Full_13.exe
2014-10-29 18:10 - 2014-10-29 18:10 - 00000000 ____D () C:\Users\Myriam\Documents\OneNote-Notizbücher
2014-10-29 12:17 - 2014-10-29 12:17 - 01825672 _____ () C:\Users\Myriam\Documents\141029 Erklärung Datenschutz.odt
2014-10-29 10:09 - 2014-11-25 07:54 - 00000000 ____D () C:\Users\Myriam\Downloads\141125 Silverlight statt FlashP
2014-10-29 09:37 - 2014-10-29 12:11 - 00043265 _____ () C:\Users\Myriam\Documents\Bild Löwe Regulus von Devani.odt
2014-10-28 11:32 - 2014-10-28 11:32 - 01189723 _____ () C:\Users\Myriam\Desktop\141028 Dame...Herr.odt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-27 17:10 - 2009-07-14 05:45 - 00032768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-27 17:10 - 2009-07-14 05:45 - 00032768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-27 17:07 - 2011-04-12 08:43 - 00702436 _____ () C:\Windows\system32\perfh007.dat
2014-11-27 17:07 - 2011-04-12 08:43 - 00150044 _____ () C:\Windows\system32\perfc007.dat
2014-11-27 17:07 - 2009-07-14 06:13 - 01626920 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-27 17:05 - 2014-10-18 13:18 - 00000000 ____D () C:\Users\Myriam\Documents\Outlook-Dateien
2014-11-27 17:03 - 2014-10-18 12:46 - 00239034 _____ () C:\Users\Myriam\AppData\Local\BTServer.log
2014-11-27 17:02 - 2014-10-18 02:10 - 01137824 _____ () C:\Windows\WindowsUpdate.log
2014-11-27 17:02 - 2010-11-21 04:47 - 00051758 _____ () C:\Windows\PFRO.log
2014-11-27 17:02 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-27 17:02 - 2009-07-14 05:51 - 00033454 _____ () C:\Windows\setupact.log
2014-11-27 16:53 - 2014-10-20 13:08 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{01AB2F2F-7029-49A9-8627-BE87BF065232}
2014-11-25 20:24 - 2014-10-20 21:57 - 01646762 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-11-25 20:21 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-11-25 20:18 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-25 20:17 - 2009-07-14 03:34 - 62652416 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-11-25 20:17 - 2009-07-14 03:34 - 18350080 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-11-25 20:17 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-11-25 20:17 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-11-25 20:17 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-11-24 17:40 - 2014-04-26 08:21 - 00000000 ____D () C:\Users\Myriam\Downloads\exe Betrieb
2014-11-24 15:26 - 2014-10-17 20:16 - 00000000 ____D () C:\Users\Myriam
2014-11-24 14:04 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-23 10:03 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-11-23 10:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-11-23 09:39 - 2014-10-18 13:03 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Adobe
2014-11-22 07:50 - 2014-10-21 12:59 - 00000000 ____D () C:\Users\Myriam\Documents\DVDVideoSoft
2014-11-20 19:41 - 2014-10-18 12:52 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Microsoft Help
2014-11-19 14:21 - 2014-10-19 15:04 - 00000416 _____ () C:\Windows\BRWMARK.INI
2014-11-19 14:21 - 2014-10-19 15:04 - 00000034 _____ () C:\Windows\SysWOW64\BD2030.DAT
2014-11-14 16:18 - 2011-04-12 08:54 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-13 21:50 - 2014-10-20 08:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyCash
2014-11-13 21:50 - 2014-10-20 08:07 - 00000000 ____D () C:\Program Files (x86)\EasyCash&Tax
2014-11-13 13:23 - 2014-10-20 15:21 - 00002480 _____ () C:\ProgramData\hpzinstall.log
2014-11-13 08:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 07:06 - 2014-10-18 13:04 - 00086552 _____ () C:\Users\Myriam\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-13 07:05 - 2009-07-14 05:45 - 00342576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 07:03 - 2014-10-20 08:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 21:02 - 2014-10-18 12:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 20:57 - 2014-10-27 09:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 20:55 - 2014-10-27 09:27 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 06:26 - 2014-10-18 12:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-02 14:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-10-29 14:26 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp

Some content of TEMP:
====================
C:\Users\Myriam\AppData\Local\Temp\Quarantine.exe
C:\Users\Myriam\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-25 09:12

==================== End Of Log ============================
         
--- --- ---


Was jetzt während der CHecks aufkam: eine Flash Player Warnung in Mozilla:

Download Flash Player
die sich mehrmals aufgerufen hat.

Hoffe Hausaufgaben ok. Grüße Freude MyB

Alt 28.11.2014, 17:40   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7: Ads by clickup - Standard

Windows7: Ads by clickup




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.11.2014, 18:54   #10
myriambb
 
Windows7: Ads by clickup - Standard

Windows7: Ads by clickup



new results:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d90951a6d411a24a80330f00b2342074
# engine=21314
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-28 05:33:36
# local_time=2014-11-28 06:33:36 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 3562250 40180010 0 0
# scanned=11760
# found=11
# cleaned=0
# scan_time=1484
sh=1135DD49674F04451296CAF3DFBE2EA360E1546B ft=1 fh=bec9e5b6c6c31d3d vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1313315996-2717873473-2842918071-1000\$RTTQIQW.exe"
sh=65231873C2B9508463CE3924E61E68D4EDC44F7A ft=1 fh=7fa43737affed640 vn="Variante von Win32/FirseriaInstaller.U evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\pc speed up\Uninstall_PCSpeedUp.exe.vir"
sh=744A0640927DA7065DC79212074BF7D69FDD316F ft=1 fh=0394227f5f901456 vn="Win32/SmootherWeb.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\SmootherWeb\Uninstall.exe.vir"
sh=E5A22D682B5B9C1F5AD1E1F7D98E685772BED8FC ft=0 fh=0000000000000000 vn="JS/Astromenda.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Myriam\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\background.js.vir"
sh=F2A8917500E1C6B9E4ADD5299BAF66B57DD4EB63 ft=0 fh=0000000000000000 vn="JS/Astromenda.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Myriam\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\bootstrap.js.vir"
sh=CE3159B58A6DFF52E43F2445A4E094B983DD0EBA ft=0 fh=0000000000000000 vn="JS/Astromenda.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Myriam\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\newtab.js.vir"
sh=FD7368BFE59CB6D2E4853110A8BDE09937D30BFA ft=0 fh=0000000000000000 vn="JS/Astromenda.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Myriam\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\opentab.js.vir"
sh=976811C69907F2A7CEA2337FC38B1A1DF1D2936B ft=0 fh=0000000000000000 vn="Win32/SmootherWeb.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Myriam\AppData\Roaming\SmootherWeb\jid1-U7omKQ6kQfxMaQ@jetpack.xpi.vir"
sh=0C53AD8C5815EC193F269B7F4225526331F55560 ft=1 fh=428351b47f1227d5 vn="Win32/SmootherWeb.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Myriam\AppData\Roaming\SmootherWeb\SmootherWeb-Installer.exe.vir"
sh=83F0543DF9233DBE19DCA183E2738C9A1F1036C2 ft=1 fh=34e7354aef346a57 vn="Variante von Win64/Toolbar.Perion.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\lsdprn.exe.vir"
sh=D957B0EC634B5C52AA2B8934223A6248D5152807 ft=1 fh=4c2491a4bea30714 vn="Variante von Win32/InstallCore.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\PDF Creator\message.exe"
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.90  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 15.0.0.189  
 Adobe Reader XI  
 Mozilla Firefox (33.1) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by Myriam (administrator) on MYRIAM-PC on 28-11-2014 18:47:36
Running from C:\Users\Myriam\Desktop\TrojanerBoard
Loaded Profile: Myriam (Available profiles: Myriam)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\RtkBleServ.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
() C:\Users\Myriam\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)
HKLM\...\Run: [UMonit64] => C:\Windows\SysWOW64\UMonit64.exe [53248 2014-01-06] ()
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [216064 2014-01-06] (Realtek Semiconductor Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-06-09] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\EnergyCut\utilty.exe [1581056 2007-04-27] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [EnergyCut] => C:\Program Files (x86)\Lenovo\EnergyCut\EnergyCut.exe [1167360 2007-03-09] (Lenovo (Beijing) Limited)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1313315996-2717873473-2842918071-1000] => http=127.0.0.1:49203;https=127.0.0.1:49203
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE160AC8BCAEACF01
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1313315996-2717873473-2842918071-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\1zn4v21r.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1313315996-2717873473-2842918071-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Myriam\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF SearchPlugin: C:\Users\Myriam\AppData\Roaming\Mozilla\Firefox\Profiles\1zn4v21r.default\searchplugins\ixquick-https.xml
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Myriam\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-07] (Realtek Semiconductor Corporation) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [84992 2014-01-22] () [File not signed]
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 RtkBleServ; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [42496 2013-04-25] (Realtek Semiconductor Corporation) [File not signed]
S2 51cdb72; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll",ENT

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [559320 2014-02-18] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3300568 2014-02-20] (Realtek Semiconductor Corporation                           )
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-11-13] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-28 18:37 - 2014-11-28 18:37 - 00854414 _____ () C:\Users\Myriam\Downloads\SecurityCheck.exe
2014-11-28 17:58 - 2014-11-28 17:58 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-28 17:57 - 2014-11-28 17:57 - 02347384 _____ (ESET) C:\Users\Myriam\Downloads\esetsmartinstaller_deu.exe
2014-11-28 11:09 - 2014-11-28 11:10 - 02000331 _____ () C:\Users\Myriam\Desktop\141127 ESA Webinar Holz in die Hand.odt
2014-11-28 09:49 - 2014-11-28 18:24 - 00000568 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1313315996-2717873473-2842918071-1000.job
2014-11-28 09:49 - 2014-11-28 09:49 - 00003598 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1313315996-2717873473-2842918071-1000
2014-11-28 09:48 - 2014-11-28 09:49 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Citrix
2014-11-28 09:47 - 2014-11-28 09:47 - 00293944 _____ (Citrix Online) C:\Users\Myriam\Downloads\GoToWebinar Launcher(1).exe
2014-11-28 08:32 - 2014-11-28 08:32 - 00000000 ____D () C:\Users\Myriam\Downloads\exe Drucker
2014-11-28 08:28 - 2014-11-28 08:30 - 00000000 ____D () C:\Users\Myriam\Downloads\exe von TrojanerBoard
2014-11-28 08:26 - 2014-11-28 08:30 - 00000000 ____D () C:\Users\Myriam\Downloads\Lenovo
2014-11-28 08:26 - 2014-11-28 08:26 - 00004549 _____ () C:\Users\Myriam\Desktop\Das schönste was ein Mensch tragen kann.odt
2014-11-28 07:16 - 2014-11-28 07:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-11-28 07:16 - 2014-11-28 07:16 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2014-11-28 07:15 - 2014-11-28 07:15 - 00000000 ____D () C:\Users\Myriam\AppData\Roaming\InstallShield
2014-11-27 18:57 - 2014-11-27 18:57 - 436912709 _____ () C:\Windows\MEMORY.DMP
2014-11-27 18:57 - 2014-11-27 18:57 - 00281904 _____ () C:\Windows\Minidump\112714-12589-01.dmp
2014-11-27 18:57 - 2014-11-27 18:57 - 00000000 ____D () C:\Windows\Minidump
2014-11-27 17:12 - 2014-11-27 17:12 - 00000000 ____D () C:\Windows\ERUNT
2014-11-27 16:59 - 2014-11-27 17:01 - 00000000 ____D () C:\AdwCleaner
2014-11-27 16:41 - 2014-11-28 18:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-27 16:41 - 2014-11-27 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-27 16:40 - 2014-11-27 16:41 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-11-27 16:40 - 2014-11-27 16:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-27 16:40 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-27 16:40 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-27 16:40 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-25 20:21 - 2014-11-25 20:21 - 00040694 _____ () C:\ComboFix.txt
2014-11-25 20:08 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-25 20:08 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-25 20:08 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-25 20:08 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-25 20:08 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-25 20:08 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-25 20:08 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-25 20:08 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-25 20:03 - 2014-11-25 20:21 - 00000000 ____D () C:\Qoobox
2014-11-25 20:03 - 2014-11-25 20:20 - 00000000 ____D () C:\Windows\erdnt
2014-11-25 19:42 - 2014-11-25 19:42 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-11-24 15:33 - 2014-11-28 18:47 - 00000000 ____D () C:\FRST
2014-11-24 15:29 - 2014-11-28 18:47 - 00000000 ____D () C:\Users\Myriam\Desktop\TrojanerBoard
2014-11-24 15:26 - 2014-11-24 15:26 - 00000000 _____ () C:\Users\Myriam\defogger_reenable
2014-11-23 10:06 - 2014-11-23 10:06 - 00000000 ____D () C:\Users\Myriam\AppData\Roaming\QuickScan
2014-11-23 10:03 - 2014-11-28 06:50 - 00000442 __RSH () C:\ProgramData\ntuser.pol
2014-11-23 10:03 - 2014-11-23 10:26 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Google
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Comodo
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Gast
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-11-23 10:03 - 2014-11-23 10:03 - 00000000 ____D () C:\Users\Administrator
2014-11-23 09:48 - 2014-11-23 09:48 - 00003150 _____ () C:\Windows\System32\Tasks\Run_Bobby_Browser
2014-11-23 09:35 - 2014-11-23 09:35 - 00001831 _____ () C:\Windows\patsearch.bin
2014-11-23 09:35 - 2014-11-23 09:35 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrT_01009.Wdf
2014-11-22 14:53 - 2014-11-22 14:53 - 09665384 _____ () C:\Users\Myriam\Documents\Regale voller GoldBarren  Focus online.odt
2014-11-22 07:34 - 2014-11-22 07:34 - 00123537 _____ () C:\Users\Myriam\Documents\Kühe.odt
2014-11-22 07:30 - 2014-11-22 07:36 - 01046283 _____ () C:\Users\Myriam\Documents\Schweine.odt
2014-11-19 13:34 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 13:34 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 13:34 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 13:34 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-15 21:45 - 2014-11-15 21:45 - 00004700 _____ () C:\Users\Myriam\Desktop\Lass deine Augen das Beste sehen.odt
2014-11-13 19:46 - 2014-11-13 19:46 - 00006569 _____ () C:\Users\Myriam\Documents\Impressum.odt
2014-11-13 12:55 - 2014-11-13 12:55 - 00000000 ____D () C:\Users\Myriam\Documents\Fax
2014-11-13 12:53 - 2014-11-13 12:53 - 00792796 _____ () C:\Users\Myriam\Documents\141114 veraltete Treiber.odt
2014-11-13 12:52 - 2014-11-13 12:52 - 00223511 _____ () C:\Users\Myriam\Documents\141114 Erstattung Trixie Maulschlaufe.odt
2014-11-13 12:24 - 2014-11-13 12:24 - 00003152 _____ () C:\Windows\System32\Tasks\{D4059A91-59EB-4BD4-8D46-E7191558AA7A}
2014-11-13 12:10 - 2014-11-13 12:10 - 00000000 __SHD () C:\Users\Myriam\AppData\Local\EmieBrowserModeList
2014-11-12 06:55 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 06:55 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 06:55 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 06:55 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 06:55 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 06:55 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 06:55 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 06:55 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 06:55 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 06:55 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 06:55 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 06:55 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 06:55 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 06:55 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 06:55 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 06:55 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 06:55 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 06:55 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 06:55 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 06:55 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 06:55 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 06:55 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 06:55 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 06:55 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 06:55 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 06:55 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 06:55 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 06:55 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 06:55 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 06:55 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 06:55 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 06:55 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 06:55 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 06:55 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 06:55 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 06:55 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 06:55 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 06:55 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 06:55 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 06:55 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 06:55 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 06:55 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 06:55 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 06:55 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 06:55 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 06:55 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 06:55 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 06:55 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 06:55 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 06:55 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 06:55 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 06:55 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 06:55 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 06:55 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 06:55 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 06:55 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 06:53 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 06:53 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 06:53 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 06:53 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 06:53 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 06:53 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 06:53 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 06:53 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 06:53 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 06:53 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 06:53 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 06:53 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 06:48 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 06:48 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 06:48 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 06:48 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 06:48 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 06:48 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 06:48 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 06:48 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 06:48 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 06:48 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 06:48 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 06:48 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 06:48 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 06:48 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 06:48 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 06:48 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 06:48 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 06:48 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 06:48 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 06:48 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 06:48 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 06:48 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 06:48 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 22:54 - 2014-11-11 22:54 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-11-11 07:00 - 2014-11-11 07:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-10 11:57 - 2014-11-10 21:10 - 00005558 _____ () C:\Users\Myriam\Documents\Hundespiel.odt
2014-11-10 06:58 - 2014-11-10 06:58 - 00004809 _____ () C:\Users\Myriam\Documents\Kfz in der BF  6 Absatz 1 Nr.odt
2014-11-09 19:42 - 2014-11-09 19:42 - 00000000 ____D () C:\Users\Myriam\AppData\Local\PDF24
2014-11-09 19:41 - 2014-11-09 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2014-11-09 19:41 - 2014-11-09 19:41 - 00000000 ____D () C:\Program Files (x86)\PDF24
2014-11-08 17:18 - 2014-11-08 17:18 - 00000000 ____D () C:\Program Files (x86)\downloaditkeep
2014-11-08 12:45 - 2014-11-25 08:15 - 00000085 _____ () C:\Users\Myriam\AppData\Roaming\WB.CFG
2014-11-08 12:12 - 2014-11-13 12:54 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-11-08 11:49 - 2014-11-08 12:03 - 00000000 ____D () C:\Users\Myriam\AppData\Local\CUSTPDF Writer
2014-11-08 11:39 - 2014-11-13 12:15 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Downloaded Installers
2014-11-08 11:39 - 2014-11-08 11:39 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc
2014-11-08 11:36 - 2014-11-13 13:01 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2014-11-08 11:36 - 2014-11-13 12:12 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-11-08 11:36 - 2014-11-08 11:36 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-11-08 11:36 - 2014-11-08 11:36 - 00000000 ____D () C:\Users\Myriam\AppData\Local\SlimWare Utilities Inc
2014-11-08 11:31 - 2014-11-08 11:31 - 00000000 __SHD () C:\Users\Myriam\AppData\Local\EmieUserList
2014-11-08 11:31 - 2014-11-08 11:31 - 00000000 __SHD () C:\Users\Myriam\AppData\Local\EmieSiteList
2014-11-08 11:29 - 2014-11-08 11:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Creator
2014-11-08 11:29 - 2014-11-08 11:29 - 00000000 ____D () C:\Program Files\PDFCreator
2014-11-08 11:29 - 2014-11-08 11:29 - 00000000 ____D () C:\Program Files (x86)\PDF Creator
2014-11-08 11:29 - 2014-11-08 11:29 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-11-08 11:29 - 2011-10-04 21:43 - 00087552 _____ () C:\Windows\system32\custmon64i.dll
2014-11-02 19:20 - 2014-11-02 19:22 - 00011776 ___SH () C:\Users\Myriam\Documents\Thumbs.db
2014-11-02 18:24 - 2014-11-02 19:18 - 58885280 _____ () C:\Users\Myriam\Documents\Gute Energie 141102 NutzenFußnote.pptx
2014-10-31 07:12 - 2014-10-31 07:12 - 00000000 ____D () C:\ProgramData\EasyCash&Tax
2014-10-31 06:14 - 2014-11-20 21:32 - 00000000 ____D () C:\Users\Myriam\Documents\EC&T KontenDateien Einst
2014-10-30 22:33 - 2014-10-30 22:33 - 00003036 _____ () C:\Windows\System32\Tasks\{F21E1B53-A4BF-42A2-965F-D8F872357334}
2014-10-30 07:45 - 2014-10-30 08:19 - 00000000 ____D () C:\Users\Myriam\Programme
2014-10-29 18:10 - 2014-10-29 18:10 - 00000000 ____D () C:\Users\Myriam\Documents\OneNote-Notizbücher
2014-10-29 12:17 - 2014-10-29 12:17 - 01825672 _____ () C:\Users\Myriam\Documents\141029 Erklärung Datenschutz.odt
2014-10-29 10:09 - 2014-11-25 07:54 - 00000000 ____D () C:\Users\Myriam\Downloads\141125 Silverlight statt FlashP
2014-10-29 09:37 - 2014-10-29 12:11 - 00043265 _____ () C:\Users\Myriam\Documents\Bild Löwe Regulus von Devani.odt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-28 18:33 - 2014-10-18 13:18 - 00000000 ____D () C:\Users\Myriam\Documents\Outlook-Dateien
2014-11-28 17:50 - 2011-04-12 08:43 - 00702436 _____ () C:\Windows\system32\perfh007.dat
2014-11-28 17:50 - 2011-04-12 08:43 - 00150044 _____ () C:\Windows\system32\perfc007.dat
2014-11-28 17:50 - 2009-07-14 06:13 - 01626920 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-28 17:50 - 2009-07-14 05:51 - 00035268 _____ () C:\Windows\setupact.log
2014-11-28 17:35 - 2014-10-20 13:08 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{01AB2F2F-7029-49A9-8627-BE87BF065232}
2014-11-28 17:31 - 2014-10-18 02:10 - 01227148 _____ () C:\Windows\WindowsUpdate.log
2014-11-28 09:47 - 2014-04-24 22:24 - 00000000 ____D () C:\Users\Myriam\Downloads\exe on hold
2014-11-28 08:33 - 2014-10-20 07:29 - 00000000 ____D () C:\Users\Myriam\Downloads\exe FondsFinanz
2014-11-28 08:33 - 2014-04-26 08:21 - 00000000 ____D () C:\Users\Myriam\Downloads\exe Betrieb
2014-11-28 07:16 - 2014-10-18 12:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-28 06:57 - 2009-07-14 05:45 - 00032768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-28 06:57 - 2009-07-14 05:45 - 00032768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-28 06:49 - 2014-10-18 12:46 - 00255710 _____ () C:\Users\Myriam\AppData\Local\BTServer.log
2014-11-28 06:49 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-27 17:02 - 2010-11-21 04:47 - 00051758 _____ () C:\Windows\PFRO.log
2014-11-25 20:24 - 2014-10-20 21:57 - 01646762 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-11-25 20:21 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-11-25 20:18 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-25 20:17 - 2009-07-14 03:34 - 62652416 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-11-25 20:17 - 2009-07-14 03:34 - 18350080 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-11-25 20:17 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-11-25 20:17 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-11-25 20:17 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-11-24 15:26 - 2014-10-17 20:16 - 00000000 ____D () C:\Users\Myriam
2014-11-24 14:04 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-23 10:03 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-11-23 10:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-11-23 09:39 - 2014-10-18 13:03 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Adobe
2014-11-22 07:50 - 2014-10-21 12:59 - 00000000 ____D () C:\Users\Myriam\Documents\DVDVideoSoft
2014-11-20 19:41 - 2014-10-18 12:52 - 00000000 ____D () C:\Users\Myriam\AppData\Local\Microsoft Help
2014-11-19 14:21 - 2014-10-19 15:04 - 00000416 _____ () C:\Windows\BRWMARK.INI
2014-11-19 14:21 - 2014-10-19 15:04 - 00000034 _____ () C:\Windows\SysWOW64\BD2030.DAT
2014-11-14 16:18 - 2011-04-12 08:54 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-13 21:50 - 2014-10-20 08:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyCash
2014-11-13 21:50 - 2014-10-20 08:07 - 00000000 ____D () C:\Program Files (x86)\EasyCash&Tax
2014-11-13 13:23 - 2014-10-20 15:21 - 00002480 _____ () C:\ProgramData\hpzinstall.log
2014-11-13 08:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 07:06 - 2014-10-18 13:04 - 00086552 _____ () C:\Users\Myriam\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-13 07:05 - 2009-07-14 05:45 - 00342576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 07:03 - 2014-10-20 08:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 21:02 - 2014-10-18 12:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 20:57 - 2014-10-27 09:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 20:55 - 2014-10-27 09:27 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 06:26 - 2014-10-18 12:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-02 14:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-10-29 14:26 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp

Some content of TEMP:
====================
C:\Users\Myriam\AppData\Local\Temp\Quarantine.exe
C:\Users\Myriam\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-25 09:12

==================== End Of Log ============================
         
--- --- ---


War heute kaum am Rechner, scheint normal zu laufen. Liebe Grüße Freude MyB

Alt 29.11.2014, 18:28   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7: Ads by clickup - Standard

Windows7: Ads by clickup



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\$RECYCLE.BIN
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-1313315996-2717873473-2842918071-1000] => http=127.0.0.1:49203;https=127.0.0.1:49203
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S2 51cdb72; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll",ENT
c:\Program Files (x86)\Optimizer Pro 3.11
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.11.2014, 07:07   #12
myriambb
 
Windows7: Ads by clickup - Standard

heute Weihnachtsmarkt-Arbeit :abklatsch:



hier Fixlog die ganze andere Liste werde ich in Ruhe abarbeiten. :

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01
Ran by Myriam at 2014-11-30 06:27:57 Run:1
Running from C:\Users\Myriam\Desktop\TrojanerBoard
Loaded Profile: Myriam (Available profiles: Myriam)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\$RECYCLE.BIN
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-1313315996-2717873473-2842918071-1000] => http=127.0.0.1:49203;https=127.0.0.1:49203
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S2 51cdb72; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll",ENT
c:\Program Files (x86)\Optimizer Pro 3.11
*****************

C:\$RECYCLE.BIN => Moved successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
"HKU\S-1-5-21-1313315996-2717873473-2842918071-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
51cdb72 => Service deleted successfully.
"c:\Program Files (x86)\Optimizer Pro 3.11" => File/Directory not found.


The system needed a reboot. 

==== End of Fixlog ====
         
Liebe Grüße Freude MyB

Alt 30.11.2014, 09:04   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7: Ads by clickup - Standard

Windows7: Ads by clickup



ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.12.2014, 09:53   #14
myriambb
 
Windows7: Ads by clickup - Standard

Windows7: Ads by clickup



Yippieehh alles erledigt Riesen Danke an dich report/fragen:

Auf Automatisierung der Updates habe ich bisher geachtet.
Seit diesem Jahr habe ich einige Backoffice Anbindungen, täglich lange Verweilzeiten online.

im Lauf der Zeit gearbeitet mit Norton Gdata Trendmicro - nacheinander!
Antivirus hat oft vorhandene Systemtools gestört.
zuletzt auf den Tipp gehört, mich auf Security Essentials zu verlassen.
Scheint, das reicht nicht aus.

Jetzt unsicher - auch angesichts deiner Tipps - welche Schutzsoftware
ich neu reinnehmen soll, was von den Systemtools aktiv laufen soll. WinSecEssentials lassen?
Welche Kombination funktioniert?

Kann / soll ich jetzt wirklich
-Secunia Online Software.
-MalwareBytes Anti Malware
-WinPatrol
-SpywareBlaster
-MVPs hosts file
-WOT
alle in mein System einbauen ?

hab ich so verstanden, (jedes tut einen anderen Zweck und Du sagst die vertragen sich alle)
oder sind da welche nicht parallel zu fahren?

Was mache ich mit dem Smartfon ??!! das hängt regelmäßig am Rechner.
Gibt es ein Kombiangebot für Rechner und Smart ggf auch Tablet das Du empfehlen kannst?

Wenn ich den Tipp noch bekommen kann, wie ich security gesamt hinbekomme,
da bin ich echt dankbar. Freeware tipps find ich klasse. Klar auch dass ich ein nötiges Programm kaufe, so der preis tragbar ist.

Bleibe gern bei Mozilla. Browser Apps hab ich übernommen.
TFC habe ich übernommen. der Registry Cleaner ist gefressen worden - hab ich verstanden,
(die Blogs dazu, da bin ich wg englisch nicht so sattelfest, lass ich mal on hold.)

Bin total happy, dass Du / Trojanerboard mich da durchgelotst hast
Hoffe damit krieg ich jetzt eine komplette Sicherheitsroutine hin. DANKEdankedanke spendeauchklar.
Freue mich auf die letzten Hinweise. Liebe Grüße Freude MyB

Nachtrag: kann WOT nicht öffnen "Programm nicht bekannt"
Suche nach Programm www no result.

Alt 05.12.2014, 09:02   #15
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7: Ads by clickup - Standard

Windows7: Ads by clickup



SpywareBlaster und WinPatrol sind nicht unbedingt nötig, wenn Du dich ein wenig auskennst und nicht auf alles klickst was bunt ist.

Ich empfehle immer Emsisoft
Dort gibt es auch Mobile Angebote.


WOT und Co bitte direkt in FIrefox unter Extras > Addons suchen und installieren, dann kannste ie XPI Dateien löschen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows7: Ads by clickup
ads by clickup, bobrowser, bobrowser entfernen, dvdvideosoft ltd., fehlercode 0x80000003, fehlercode 28, firefox 33.1, freude, install.exe, pup.optional.astromenda, pup.optional.flvmplayer, pup.optional.globalupdate.a, pup.optional.globalupdate.t, pup.optional.installcore.a, pup.optional.mbot.a, pup.optional.opencandy, pup.optional.rockettab.a, pup.optional.superfish.a, pup.optional.suptab.a, pup.optional.sweetpage.a, pup.optional.tuto4pc.a, pup.optional.updater.a, pup.optional.websearches.a, pup.optional.wpm.a, rockettab entfernen, saleitcoupon entfernen, sweet-page, sweet-page entfernen, system error




Ähnliche Themen: Windows7: Ads by clickup


  1. Windows7; Claraupdater.exe;
    Log-Analyse und Auswertung - 30.05.2015 (1)
  2. Windows7 Bluescreen
    Alles rund um Windows - 20.04.2015 (27)
  3. Windows7: Virenbefall
    Log-Analyse und Auswertung - 19.01.2015 (55)
  4. Windows7: TR/BProtector.Gen
    Log-Analyse und Auswertung - 07.06.2014 (12)
  5. GVU Trojaner Windows7
    Log-Analyse und Auswertung - 12.02.2014 (17)
  6. GVU Trojaner - Windows7
    Log-Analyse und Auswertung - 21.01.2014 (9)
  7. Windows7, Trojaner
    Log-Analyse und Auswertung - 14.12.2013 (9)
  8. GVU Trojaner Windows7
    Log-Analyse und Auswertung - 06.08.2013 (4)
  9. GVU-Trojaner Windows7
    Plagegeister aller Art und deren Bekämpfung - 25.07.2013 (25)
  10. GVU Trojaner, Windows7
    Plagegeister aller Art und deren Bekämpfung - 29.05.2013 (9)
  11. Gvu Trojaner windows7
    Plagegeister aller Art und deren Bekämpfung - 19.05.2013 (2)
  12. Windows7 Virus
    Plagegeister aller Art und deren Bekämpfung - 15.04.2013 (1)
  13. Windows7 Virus
    Alles rund um Windows - 12.04.2013 (1)
  14. Bluescreen Windows7
    Alles rund um Windows - 04.03.2013 (45)
  15. JS/Redirector.SY.1 auf Windows7
    Log-Analyse und Auswertung - 15.08.2012 (20)
  16. S.M.A.R.T HDD Virus unter Windows7
    Log-Analyse und Auswertung - 16.04.2012 (17)
  17. Windows7 Verbindungsgesamtübersicht
    Alles rund um Windows - 04.01.2012 (0)

Zum Thema Windows7: Ads by clickup - Hei hallo! myriambb hier. mein rechner ist für mein Gewerbe tätig, das ich noch "umsatzneutral" aufbaue (arbeite gerade an meiner Verlulst-Steuererklärung 2013). OK dass ich hier frage? Gestern habe ich - Windows7: Ads by clickup...
Archiv
Du betrachtest: Windows7: Ads by clickup auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.