| Win 7: Dateien verschlüsselt Hallo,
laut meinem Virenprogramm habe ich ein dezentes Problem. Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:06 on 30/12/2014 (Isabell)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
| Das ist der defogger-Log Zitat:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-12-30 23:25:27
Windows 6.1.7601 Service Pack 1 x64
Running: Gmer-19357.exe
---- Services - GMER 2.1 ----
Service System32\Drivers\c73b6528219c3c50.sys (*** hidden *** ) [BOOT] c73b6528219c3c50 <-- ROOTKIT !!!
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0de52b000000
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0df98a000000
Reg HKLM\SYSTEM\CurrentControlSet\services\c73b6528219c3c50@ImagePath \SystemRoot\System32\Drivers\c73b6528219c3c50.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\c73b6528219c3c50@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\services\c73b6528219c3c50@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\services\c73b6528219c3c50@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\c73b6528219c3c50@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\c73b6528219c3c50@Tag 1
Reg HKLM\SYSTEM\CurrentControlSet\services\c73b6528219c3c50@DisplayName syshost.exe
Reg HKLM\SYSTEM\CurrentControlSet\services\c73b6528219c3c50
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0de52b000000 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0df98a000000 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\c73b6528219c3c50@ImagePath \SystemRoot\System32\Drivers\c73b6528219c3c50.sys
Reg HKLM\SYSTEM\ControlSet002\services\c73b6528219c3c50@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\services\c73b6528219c3c50@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\services\c73b6528219c3c50@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\c73b6528219c3c50@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\c73b6528219c3c50@Tag 1
Reg HKLM\SYSTEM\ControlSet002\services\c73b6528219c3c50@DisplayName syshost.exe
---- EOF - GMER 2.1 ----
| Der hier ist von GMER Zitat:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Isabell (administrator) on ISABELL-PC on 30-12-2014 23:09:18
Running from C:\Users\Isabell\Downloads
Loaded Profile: Isabell (Available profiles: Isabell & Für Feli^^ & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Eamnraem Corniratu) C:\Windows\SysWOW64\tomad.exe
() C:\Windows\Installer\{FD02F469-E496-ED64-E6CC-FC93C62A8F28}\syshost.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Chicony) C:\Program Files (x86)\ChiconyCam\CECAPLF.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
(Emnraem Corporatu) C:\Users\Isabell\AppData\Roaming\Ehuqwueh\osyfe.exe
(Spotify Ltd) C:\Users\Isabell\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
() C:\Program Files (x86)\SupTab\HpUI.exe
() C:\Program Files (x86)\SupTab\Loader64.exe
() C:\Program Files (x86)\SupTab\Loader32.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIFCE.EXE
(Jumping Bytes) C:\Program Files (x86)\Mobile Master\MMAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Jumping Bytes) C:\Program Files (x86)\Mobile Master\MMScan.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Eamnraem Corniratu) C:\Users\Isabell\AppData\Roaming\Ahmihui\isoby.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Windows\Temp\8804.tmp
(Eamnraem Corniratu) C:\Windows\SysWOW64\zawauz.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Eamnraem Corniratu) C:\Users\Isabell\AppData\Roaming\Ahmihui\isoby.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2817320 2011-07-28] (Synaptics Incorporated)
HKLM\...\Run: [CECAPLF] => C:\Program Files (x86)\ChiconyCam\CECAPLF.exe [121456 2011-07-06] (Chicony)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [fssui] => C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [892416 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [Amosagmeepyxcik] => C:\Users\Isabell\AppData\Roaming\Ahmihui\isoby.exe [517258 2013-08-23] (Eamnraem Corniratu)
HKLM\...\Run: [Xoxazuedseef] => C:\Users\Isabell\AppData\Roaming\Ehuqwueh\osyfe.exe [510613 2013-08-01] (Emnraem Corporatu)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-09-12] (VIA)
HKLM-x32\...\Run: [Adobe ARM] => c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310128 2013-02-13] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [Xoxazuedseef] => C:\Users\Isabell\AppData\Roaming\Ehuqwueh\osyfe.exe [510613 2013-08-01] (Emnraem Corporatu)
HKLM-x32\...\Run: [Amosagmeepyxcik] => C:\Users\Isabell\AppData\Roaming\Ahmihui\isoby.exe [517258 2013-08-23] (Eamnraem Corniratu)
HKLM-x32\...\Run: [Ylovliwaviibli] => C:\Users\Isabell\AppData\Roaming\Urehriqe\kikytaw.exe [511648 2013-09-18] (Eamnraem Corniratu)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\zbnekda-x32: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\zbnekda.dll ()
HKU\S-1-5-21-1277135844-992974813-3746892334-1000\...\Run: [Spotify Web Helper] => C:\Users\Isabell\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-15] (Spotify Ltd)
HKU\S-1-5-21-1277135844-992974813-3746892334-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-02-13] (Samsung)
HKU\S-1-5-21-1277135844-992974813-3746892334-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-04-19] (Nokia)
HKU\S-1-5-21-1277135844-992974813-3746892334-1000\...\Run: [Facebook Update] => C:\Users\Isabell\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-09-02] (Facebook Inc.)
HKU\S-1-5-21-1277135844-992974813-3746892334-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1509232 2013-02-13] (Samsung)
HKU\S-1-5-21-1277135844-992974813-3746892334-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-1277135844-992974813-3746892334-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1277135844-992974813-3746892334-1000\...\Run: [EPSON SX410 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCE.EXE [223232 2008-10-01] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1277135844-992974813-3746892334-1000\...\Run: [MMAgent] => C:\Program Files (x86)\Mobile Master\MMAgent.exe [1412080 2013-10-21] (Jumping Bytes)
HKU\S-1-5-21-1277135844-992974813-3746892334-1000\...\Run: [Oqics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Isabell\AppData\Local\YjPack\uGLhelper.dll
HKU\S-1-5-21-1277135844-992974813-3746892334-1000\...\Run: [Etxtion] => regsvr32.exe C:\Users\Isabell\AppData\Local\Etxtion\AcroDrvtype.dll <===== ATTENTION
HKU\S-1-5-21-1277135844-992974813-3746892334-1000\...\Run: [TabaKocya] => regsvr32.exe "C:\ProgramData\TabaKocya\CibxElwa.tzi"
HKU\S-1-5-21-1277135844-992974813-3746892334-1000\...\Run: [Amosagmeepyxcik] => C:\Users\Isabell\AppData\Roaming\Ahmihui\isoby.exe [517258 2013-08-23] (Eamnraem Corniratu)
HKU\S-1-5-21-1277135844-992974813-3746892334-1000\...\Run: [Xoxazuedseef] => C:\Users\Isabell\AppData\Roaming\Ehuqwueh\osyfe.exe [510613 2013-08-01] (Emnraem Corporatu)
HKU\S-1-5-21-1277135844-992974813-3746892334-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1277135844-992974813-3746892334-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-18\...\Run: [zbnekda] => rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\zbnekda.dll",zbnekda <===== ATTENTION
HKU\S-1-5-18\...\Run: [TabaKocya] => regsvr32.exe "C:\ProgramData\TabaKocya\CibxElwa.tzi"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\diabi.exe (Emnraem Corporatu)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\diabi.exe (Emnraem Corporatu)
Startup: C:\Users\Für Feli^^\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sihyox.exe (Emnraem Corporatu)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\errayk.exe (Emnraem Corporatu)
Startup: C:\Users\Isabell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1277135844-992974813-3746892334-1003\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1418841753&from=wpm12173&uid=WDCXWD10JPVT-24A1YT0_WD-WXC1E32HXDS4HXDS4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1418841753&from=wpm12173&uid=WDCXWD10JPVT-24A1YT0_WD-WXC1E32HXDS4HXDS4
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1410691534&from=exp&uid=WDCXWD10JPVT-24A1YT0_WD-WXC1E32HXDS4HXDS4&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1410691534&from=exp&uid=WDCXWD10JPVT-24A1YT0_WD-WXC1E32HXDS4HXDS4&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1418841753&from=wpm12173&uid=WDCXWD10JPVT-24A1YT0_WD-WXC1E32HXDS4HXDS4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1418841753&from=wpm12173&uid=WDCXWD10JPVT-24A1YT0_WD-WXC1E32HXDS4HXDS4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1410691534&from=exp&uid=WDCXWD10JPVT-24A1YT0_WD-WXC1E32HXDS4HXDS4&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1410691534&from=exp&uid=WDCXWD10JPVT-24A1YT0_WD-WXC1E32HXDS4HXDS4&q={searchTerms}
HKU\S-1-5-21-1277135844-992974813-3746892334-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.delta-homes.com/web/?type=ds&ts=1418841753&from=wpm12173&uid=WDCXWD10JPVT-24A1YT0_WD-WXC1E32HXDS4HXDS4&q={searchTerms}
HKU\S-1-5-21-1277135844-992974813-3746892334-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1418841753&from=wpm12173&uid=WDCXWD10JPVT-24A1YT0_WD-WXC1E32HXDS4HXDS4
HKU\S-1-5-21-1277135844-992974813-3746892334-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1418841753&from=wpm12173&uid=WDCXWD10JPVT-24A1YT0_WD-WXC1E32HXDS4HXDS4
HKU\S-1-5-21-1277135844-992974813-3746892334-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1418841753&from=wpm12173&uid=WDCXWD10JPVT-24A1YT0_WD-WXC1E32HXDS4HXDS4&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1410691534&from=exp&uid=WDCXWD10JPVT-24A1YT0_WD-WXC1E32HXDS4HXDS4
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1410691534&from=exp&uid=WDCXWD10JPVT-24A1YT0_WD-WXC1E32HXDS4HXDS4&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1410691534&from=exp&uid=WDCXWD10JPVT-24A1YT0_WD-WXC1E32HXDS4HXDS4&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1410691534&from=exp&uid=WDCXWD10JPVT-24A1YT0_WD-WXC1E32HXDS4HXDS4&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1410691534&from=exp&uid=WDCXWD10JPVT-24A1YT0_WD-WXC1E32HXDS4HXDS4&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1277135844-992974813-3746892334-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1277135844-992974813-3746892334-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1277135844-992974813-3746892334-1000 -> {94A6F231-2DB2-4563-B3C3-99B9AD173011} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{48B5E10C-A027-4503-900F-34C59EB5CF61}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{622E655B-4349-488D-B94A-FE23BBD63811}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{8F10662F-B7C7-49FC-979C-1AE8194EB183}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{97896129-8C35-4F8D-997A-82E86ADF20D1}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{B7474AD3-1D95-43C2-9DED-12B1BF6C66A3}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{FAFE755A-DC04-44F6-88D5-DFCC8AC4BAF6}: [NameServer] 8.8.8.8,8.8.8.8
FireFox:
========
FF ProfilePath: C:\Users\Isabell\AppData\Roaming\Mozilla\Firefox\Profiles\79mfgaam.default
FF NewTab: chrome://quick_start/content/index.html
FF SelectedSearchEngine: search
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1277135844-992974813-3746892334-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Isabell\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Users\Isabell\AppData\Roaming\Mozilla\Firefox\Profiles\79mfgaam.default\searchplugins\search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\delta-homes.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF Extension: Security Protection - C:\Users\Isabell\AppData\Roaming\Mozilla\Firefox\Profiles\79mfgaam.default\Extensions\detgdp@gmail.com [2014-12-17]
FF Extension: Fast Start - C:\Users\Isabell\AppData\Roaming\Mozilla\Firefox\Profiles\79mfgaam.default\Extensions\faststartff@gmail.com [2014-09-14]
FF Extension: System.Security.SuppressUnmanagedCodeSecurityAttribute - C:\Users\Isabell\AppData\Roaming\Mozilla\Firefox\Profiles\79mfgaam.default\Extensions\{7AD85156-5638-FA8D-2BAD-76555EE54AAE} [2014-12-22]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Isabell\AppData\Roaming\Mozilla\Firefox\Profiles\79mfgaam.default\extensions\faststartff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\Isabell\AppData\Roaming\Mozilla\Firefox\Profiles\79mfgaam.default\extensions\detgdp@gmail.com
FF HKLM-x32\...\Thunderbird\Extensions: [{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}] - C:\Program Files (x86)\Mobile Master\ext\1
FF Extension: Mobile Master Add-In - C:\Program Files (x86)\Mobile Master\ext\1 [2014-07-25]
FF HKU\S-1-5-21-1277135844-992974813-3746892334-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
Locked "c73b6528219c3c50" service could not be unlocked. <===== ATTENTION
S2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-09-14] (Cherished Technololgy LIMITED)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 PowerBiosServer; c:\Program Files (x86)\Hotkey\PowerBiosServer.exe [35840 2012-06-28] () [File not signed]
R2 SecurityCenterServer1391498252; C:\Users\Isabell\AppData\Roaming\Urehriqe\kikytaw.exe [511648 2013-09-18] (Eamnraem Corniratu) [File not signed]
R2 SecurityCenterServer1701778684; C:\Users\Isabell\AppData\Roaming\Ahmihui\isoby.exe [517258 2013-08-23] (Eamnraem Corniratu) [File not signed]
R2 syshost32; C:\Windows\Installer\{FD02F469-E496-ED64-E6CC-FC93C62A8F28}\syshost.exe [103936 2014-12-14] () [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-09-10] (VIA Technologies, Inc.)
S2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [485376 2014-12-16] (Fuyu LIMITED) [File not signed]
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [425136 2014-11-26] (Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 c73b6528219c3c50; C:\Windows\System32\Drivers\c73b6528219c3c50.sys [75208 2014-12-14] () <===== ATTENTION Necurs Rootkit?
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] () [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2013-07-04] () [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2013-04-10] () [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [288768 2013-04-10] () [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2013-04-10] () [File not signed]
R0 msahci; C:\Windows\System32\drivers\msahci.sys [31104 2010-11-21] () [File not signed]
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [140672 2010-11-21] () [File not signed]
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] () [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] () [File not signed]
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] () [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] () [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] () [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] () [File not signed]
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-21] () [File not signed]
R1 mssmbios; C:\Windows\system32\drivers\mssmbios.sys [32320 2009-07-14] () [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] () [File not signed]
S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [15360 2009-07-14] () [File not signed]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] () [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] () [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2013-04-10] () [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] () [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] () [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-21] () [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-21] () [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-21] () [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] () [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-21] () [File not signed]
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11499008 2012-06-03] () [File not signed]
S3 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [51264 2009-07-14] () [File not signed]
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] () [File not signed]
S3 nmwcd; C:\Windows\System32\drivers\ccdcmbx64.sys [19968 2013-01-23] () [File not signed]
S3 nmwcdc; C:\Windows\System32\drivers\ccdcmbox64.sys [27136 2013-01-23] () [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] () [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] () [File not signed]
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1684928 2014-01-24] () [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] () [File not signed]
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2013-04-10] () [File not signed]
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2013-04-10] () [File not signed]
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-14] () [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] () [File not signed]
S3 Parport; C:\Windows\system32\drivers\parport.sys [97280 2009-07-14] () [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2013-04-10] () [File not signed]
S3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfdx64.sys [26112 2012-10-17] () [File not signed]
R0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-21] () [File not signed]
S3 pciide; C:\Windows\system32\drivers\pciide.sys [12352 2009-07-14] () [File not signed]
S3 pcmcia; C:\Windows\system32\drivers\pcmcia.sys [220752 2009-07-14] () [File not signed]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] () [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] () [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-21] () [File not signed]
S3 Processor; C:\Windows\system32\drivers\processr.sys [60416 2009-07-14] () [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-21] () [File not signed]
S3 ql2300; C:\Windows\system32\drivers\ql2300.sys [1524816 2009-07-14] () [File not signed]
S3 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [128592 2009-07-14] () [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] () [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] () [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] () [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-21] () [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] () [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] () [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-21] () [File not signed]
S3 rdpbus; C:\Windows\system32\drivers\rdpbus.sys [24064 2009-07-14] () [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] () [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] () [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] () [File not signed]
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [19456 2012-08-23] () [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [212480 2014-07-17] () [File not signed]
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-21] () [File not signed]
S3 RFCOMM; C:\Windows\System32\DRIVERS\rfcomm.sys [158720 2009-07-14] () [File not signed]
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] () [File not signed]
R3 RSBASTOR; C:\Windows\System32\DRIVERS\RtsBaStor.sys [295056 2012-07-03] () [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] () [File not signed]
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [708200 2012-04-11] () [File not signed]
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-21] () [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-21] () [File not signed]
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] () [File not signed]
S3 Serenum; C:\Windows\system32\drivers\serenum.sys [23552 2009-07-14] () [File not signed]
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] () [File not signed]
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [26624 2009-07-14] () [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-14] () [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-14] () [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-21] () [File not signed]
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [16896 2009-07-14] () [File not signed]
S3 SiSRaid2; C:\Windows\system32\drivers\SiSRaid2.sys [43584 2009-07-14] () [File not signed]
S3 SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [80464 2009-07-14] () [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] () [File not signed]
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] () [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2013-04-10] () [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2013-04-10] () [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2013-04-10] () [File not signed]
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [203104 2013-01-31] () [File not signed]
S3 stexstor; C:\Windows\system32\drivers\stexstor.sys [24656 2009-07-14] () [File not signed]
R3 swenum; C:\Windows\system32\drivers\swenum.sys [12496 2009-07-14] () [File not signed]
R3 SynTP; C:\Windows\system32\drivers\SynTP.sys [1448496 2011-07-28] () [File not signed]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1903552 2014-04-05] () [File not signed]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1903552 2014-04-05] () [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2013-04-10] () [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] () [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2013-04-10] () [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2014-11-11] () [File not signed]
R1 TermDD; C:\Windows\system32\drivers\termdd.sys [63360 2010-11-21] () [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2014-07-17] () [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [57856 2012-08-23] () [File not signed]
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [30208 2012-08-23] () [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-21] () [File not signed]
S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [64080 2009-07-14] () [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-21] () [File not signed]
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-14] () [File not signed]
R3 umbus; C:\Windows\system32\drivers\umbus.sys [48640 2010-11-21] () [File not signed]
S3 UmPass; C:\Windows\system32\drivers\umpass.sys [9728 2009-07-14] () [File not signed]
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys [9216 2013-01-23] () [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-06-10] () [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-27] () [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] () [File not signed]
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [53248 2013-11-27] () [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2013-11-27] () [File not signed]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2013-11-27] () [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-14] () [File not signed]
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [42496 2013-07-03] () [File not signed]
S3 usbser; C:\Windows\System32\DRIVERS\usbser.sys [33280 2013-08-29] () [File not signed]
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys [9216 2013-01-23] () [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2013-04-10] () [File not signed]
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2014-06-02] () [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-11-27] () [File not signed]
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] () [File not signed]
S3 usb_rndisx; C:\Windows\System32\DRIVERS\usb8023x.sys [19968 2013-02-12] () [File not signed]
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] () [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] () [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] () [File not signed]
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-21] () [File not signed]
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [2204816 2012-09-10] () [File not signed]
S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] () [File not signed]
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-21] () [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] () [File not signed]
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-21] () [File not signed]
S3 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [161872 2009-07-14] () [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] () [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-14] () [File not signed]
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-14] () [File not signed]
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [27776 2009-07-14] () [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-21] () [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-21] () [File not signed]
S3 Wd; C:\Windows\system32\drivers\wd.sys [21056 2009-07-14] () [File not signed]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-25] () [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] () [File not signed]
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] () [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-21] () [File not signed]
R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-14] () [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] () [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-26] () [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-26] () [File not signed]
S3 cpuz136; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-30 23:09 - 2014-12-30 23:09 - 00038983 _____ () C:\Users\Isabell\Downloads\FRST.txt
2014-12-30 23:09 - 2014-12-30 23:09 - 00000000 ____D () C:\FRST
2014-12-30 23:08 - 2014-12-30 23:08 - 02123264 _____ (Farbar) C:\Users\Isabell\Downloads\FRST64.exe
2014-12-30 23:07 - 2014-12-30 23:07 - 01114624 _____ (Farbar) C:\Users\Isabell\Downloads\FRST.exe
2014-12-30 23:06 - 2014-12-30 23:06 - 00000476 _____ () C:\Users\Isabell\Desktop\defogger_disable.log
2014-12-30 23:06 - 2014-12-30 23:06 - 00000000 _____ () C:\Users\Isabell\defogger_reenable
2014-12-30 23:04 - 2014-12-30 23:04 - 00050477 _____ () C:\Users\Isabell\Downloads\Defogger.exe
2014-12-30 21:50 - 2014-12-30 21:50 - 03148854 _____ () C:\Users\Isabell\Documents\Decrypt All Files gouygpm.bmp
2014-12-30 21:50 - 2014-12-30 21:50 - 00001240 _____ () C:\Users\Isabell\Documents\Decrypt All Files gouygpm.txt
2014-12-30 21:32 - 2014-12-30 22:58 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-12-29 14:24 - 2014-12-30 23:00 - 00000820 _____ () C:\Windows\Tasks\Security Center Update - 1391498252.job
2014-12-29 14:24 - 2014-12-29 14:24 - 00003836 _____ () C:\Windows\System32\Tasks\Security Center Update - 1391498252
2014-12-29 14:24 - 2014-12-29 14:24 - 00000000 ____D () C:\Users\Isabell\AppData\Roaming\Urehriqe
2014-12-29 14:24 - 2013-09-18 01:12 - 00511648 _____ (Eamnraem Corniratu) C:\Windows\SysWOW64\zawauz.exe
2014-12-29 14:22 - 2014-12-29 14:22 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-12-28 22:06 - 2014-12-30 23:00 - 00000812 _____ () C:\Windows\Tasks\Security Center Update - 1701778684.job
2014-12-28 22:06 - 2014-12-28 22:06 - 00003828 _____ () C:\Windows\System32\Tasks\Security Center Update - 1701778684
2014-12-28 22:06 - 2014-12-28 22:06 - 00000000 ____D () C:\Users\Isabell\AppData\Roaming\Ahmihui
2014-12-28 22:06 - 2013-08-23 21:45 - 00517258 _____ (Eamnraem Corniratu) C:\Windows\SysWOW64\tomad.exe
2014-12-27 18:10 - 2014-12-30 21:50 - 02930808 _____ () C:\ProgramData\ztybsij.html
2014-12-27 17:29 - 2014-12-27 20:23 - 00001723 _____ () C:\Users\Isabell\Desktop\Computer.lnk
2014-12-27 17:29 - 2014-12-27 20:23 - 00000288 _____ () C:\Users\Isabell\AppData\Roaming\B977B28F.reg
2014-12-27 17:29 - 2014-12-27 18:38 - 01083392 _____ (Oracle Corporation) C:\Users\Isabell\AppData\Roaming\ScanDisc.exe
2014-12-27 17:20 - 2014-12-30 23:00 - 00000820 _____ () C:\Windows\Tasks\Security Center Update - 537170910.job
2014-12-27 17:20 - 2014-12-27 17:20 - 00003832 _____ () C:\Windows\System32\Tasks\Security Center Update - 537170910
2014-12-27 17:20 - 2014-12-27 17:20 - 00000000 ____D () C:\Users\Isabell\AppData\Roaming\Ohucluag
2014-12-27 17:15 - 2014-12-27 17:15 - 00003028 _____ () C:\Windows\System32\Tasks\rnzebsi
2014-12-27 17:15 - 2014-12-27 17:15 - 00000000 ____D () C:\ProgramData\TabaKocya
2014-12-27 17:11 - 2014-12-30 23:00 - 00000816 _____ () C:\Windows\Tasks\Security Center Update - 1183821805.job
2014-12-27 17:11 - 2014-12-27 17:11 - 00003828 _____ () C:\Windows\System32\Tasks\Security Center Update - 1183821805
2014-12-27 17:11 - 2014-12-27 17:11 - 00000000 ____D () C:\Users\Isabell\AppData\Roaming\Ehuqwueh
2014-12-22 15:38 - 2014-12-22 15:38 - 00000000 ____D () C:\Users\Isabell\AppData\Local\Etxtion
2014-12-22 15:37 - 2014-12-22 15:37 - 00000000 ____D () C:\Users\Isabell\AppData\Local\YjPack
2014-12-21 14:36 - 2014-12-27 21:15 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-12-17 19:48 - 2014-12-17 19:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-17 19:42 - 2014-12-30 21:18 - 00000000 ____D () C:\Program Files (x86)\WinZipper
2014-12-17 19:42 - 2014-12-17 19:42 - 00000000 ____D () C:\Users\Isabell\AppData\Roaming\WinZipper
2014-12-17 19:42 - 2014-12-17 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
2014-12-14 20:08 - 2014-12-14 20:08 - 00075208 _____ () C:\Windows\system32\Drivers\c73b6528219c3c50.sys
2014-12-14 17:49 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-14 17:49 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-14 17:49 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-14 17:49 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-14 17:49 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-14 17:49 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-14 17:49 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-14 17:49 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-14 17:49 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-14 17:49 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-10 20:07 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 20:07 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 20:07 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 20:07 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 20:07 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 20:07 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 20:07 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 20:07 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 20:07 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 20:07 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 20:07 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 20:07 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 20:07 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 20:07 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 20:07 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 20:07 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 20:07 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 20:07 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 20:07 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 20:07 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 20:07 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 20:07 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 20:07 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 20:07 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 20:07 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 20:07 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 20:07 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 20:07 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 20:07 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 20:07 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 20:07 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 20:07 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 20:07 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 20:07 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-10 20:07 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 20:07 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 20:07 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 20:07 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 20:07 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 20:07 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 20:07 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 20:07 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 20:07 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 20:07 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 20:07 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 20:07 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 20:07 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 20:07 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 20:07 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 20:07 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 20:07 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 20:07 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 20:07 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 20:07 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 20:07 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 20:07 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 20:07 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 20:07 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 20:07 - 2014-11-11 02:46 - 00119296 _____ () C:\Windows\system32\Drivers\tdx.sys
2014-12-10 19:35 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 19:35 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 19:35 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 19:35 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 19:35 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 19:35 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 19:35 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 19:35 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 19:35 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 19:35 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 19:35 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 19:35 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-10 19:34 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 19:34 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-03 17:31 - 2014-12-03 17:31 - 00000000 ____D () C:\Users\Isabell\AppData\Roaming\TI-Nspire
2014-12-03 17:30 - 2014-12-03 18:28 - 00000000 ____D () C:\Users\Isabell\Documents\TI-Nspire
2014-12-03 17:28 - 2014-12-03 17:28 - 00000000 ____D () C:\Users\Isabell\AppData\Roaming\Texas Instruments
2014-12-03 17:28 - 2014-12-03 17:28 - 00000000 ____D () C:\ProgramData\SafeNet Sentinel
2014-12-03 17:27 - 2014-12-03 17:27 - 00002276 _____ () C:\Users\Public\Desktop\TI-Nspire Student Software.lnk
2014-12-03 17:27 - 2014-12-03 17:27 - 00002232 _____ () C:\Windows\SysWOW64\INSTALL.LOG
2014-12-03 17:27 - 2012-11-26 11:35 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-12-03 17:26 - 2014-12-03 17:26 - 00000000 ____D () C:\ProgramData\TI-Nspire
2014-12-03 17:26 - 2014-12-03 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TI Tools
2014-12-03 17:26 - 2014-12-03 17:26 - 00000000 ____D () C:\Program Files (x86)\TI Education
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-30 23:07 - 2013-06-16 13:29 - 00000000 ____D () C:\Users\Isabell\AppData\Roaming\Skype
2014-12-30 23:06 - 2013-06-06 17:43 - 00000000 ____D () C:\Users\Isabell
2014-12-30 21:52 - 2013-05-27 07:59 - 01328373 _____ () C:\Windows\WindowsUpdate.log
2014-12-30 21:35 - 2013-06-06 19:38 - 00000000 ____D () C:\Users\Isabell\Documents\isa
2014-12-30 21:35 - 2013-06-06 19:33 - 00000000 ____D () C:\Users\Isabell\Documents\schule
2014-12-30 21:30 - 2013-09-02 19:09 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1277135844-992974813-3746892334-1000Core.job
2014-12-30 21:20 - 2013-06-19 18:49 - 00000000 ____D () C:\Users\Isabell\Documents\My Digital Editions
2014-12-30 21:16 - 2013-09-02 19:09 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1277135844-992974813-3746892334-1000UA.job
2014-12-30 17:07 - 2013-09-01 17:39 - 00000000 ____D () C:\ProgramData\tmp
2014-12-30 15:24 - 2011-02-23 13:12 - 00699994 _____ () C:\Windows\system32\perfh007.dat
2014-12-30 15:24 - 2011-02-23 13:12 - 00150288 _____ () C:\Windows\system32\perfc007.dat
2014-12-30 15:24 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-29 14:28 - 2013-09-07 20:51 - 00000000 ____D () C:\Users\Isabell\Documents\opberki
2014-12-29 14:24 - 2014-11-04 19:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-29 14:24 - 2014-08-02 14:57 - 00000000 ____D () C:\Program Files\iPod
2014-12-29 14:24 - 2014-08-02 14:57 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-12-29 14:24 - 2014-08-02 14:32 - 00000000 ____D () C:\Program Files (x86)\MediaMonkey
2014-12-29 14:24 - 2014-07-25 13:14 - 00000000 ____D () C:\Program Files (x86)\Mobile Master
2014-12-29 14:11 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-29 14:11 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-29 14:08 - 2013-06-19 21:02 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F5A5A78C-11EE-4999-B1B3-5DF1FF07F37F}
2014-12-29 14:02 - 2014-08-16 18:04 - 00000680 __RSH () C:\Users\Isabell\ntuser.pol
2014-12-29 14:02 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-29 14:02 - 2009-07-14 05:51 - 00109718 _____ () C:\Windows\setupact.log
2014-12-27 19:21 - 2013-06-07 17:22 - 00000000 ____D () C:\Users\Isabell\Documents\ideen
2014-12-27 17:29 - 2013-05-16 10:33 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-27 17:17 - 2013-09-01 17:39 - 00000000 ____D () C:\ProgramData\hps
2014-12-27 17:15 - 2014-09-14 11:47 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-12-25 22:36 - 2013-06-16 13:29 - 00000000 ____D () C:\ProgramData\Skype
2014-12-23 11:10 - 2013-06-16 13:54 - 00000000 ____D () C:\Users\Isabell\AppData\Roaming\Spotify
2014-12-21 14:35 - 2014-07-25 12:09 - 00000000 ____D () C:\Users\Isabell\Documents\SelfMV
2014-12-19 16:54 - 2013-06-16 14:46 - 00000000 ____D () C:\Users\Isabell\AppData\Local\Spotify
2014-12-18 19:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-18 17:35 - 2013-06-17 12:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-17 19:42 - 2013-06-17 12:00 - 00001367 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-17 19:42 - 2013-06-06 17:43 - 00001641 _____ () C:\Users\Isabell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-14 20:08 - 2010-11-21 04:47 - 00440602 _____ () C:\Windows\PFRO.log
2014-12-14 20:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-14 18:10 - 2013-06-06 17:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-14 18:05 - 2013-09-20 17:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-14 17:54 - 2013-09-20 17:43 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-11 19:12 - 2014-02-25 14:43 - 01073152 _____ () C:\Users\Isabell\Downloads\Planung Schullaufbahn EF Abi 2017.lpo
2014-12-10 20:27 - 2013-06-06 17:43 - 00000000 ____D () C:\Users\Isabell\AppData\Local\VirtualStore
2014-12-05 16:03 - 2013-06-06 17:44 - 00088976 _____ () C:\Users\Isabell\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-05 16:03 - 2009-07-14 05:45 - 00390144 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-03 17:10 - 2014-08-18 13:00 - 00001338 __RSH () C:\Users\Für Feli^^\ntuser.pol
2014-12-03 17:10 - 2014-08-18 13:00 - 00000000 ____D () C:\Users\Für Feli^^
Some content of TEMP:
====================
C:\Users\Isabell\AppData\Local\Temp\NEventMessages.dll
C:\Users\Isabell\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Isabell\AppData\Local\Temp\SEF9AB.tmp.dll
C:\Users\Isabell\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Isabell\AppData\Local\Temp\UpdateFlashPlayer_29a39dba.exe
C:\Users\Isabell\AppData\Local\Temp\UpdateFlashPlayer_31ea75f8.exe
C:\Users\Isabell\AppData\Local\Temp\UpdateFlashPlayer_6674a08f.exe
C:\Users\Isabell\AppData\Local\Temp\UpdateFlashPlayer_918dda82.exe
C:\Users\Isabell\AppData\Local\Temp\UpdateFlashPlayer_99f41bfe.exe
C:\Users\Isabell\AppData\Local\Temp\UpdateFlashPlayer_be695492.exe
C:\Users\Isabell\AppData\Local\Temp\UpdateFlashPlayer_e4bd812d.exe
C:\Users\Isabell\AppData\Local\Temp\UpdateFlashPlayer_f39b74ad.exe
C:\Users\Isabell\AppData\Local\Temp\wafwdvf.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys
[2010-11-21 04:23] - [2010-11-21 04:23] - 0295808 ____A () D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\Drivers\volsnap.sys No Company Name <===== ATTENTION!
testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!
LastRegBack: 2014-12-18 18:20
| der FRST-Log. Zitat:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by Isabell at 2014-12-30 23:10:35
Running from C:\Users\Isabell\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BisonCam (HKLM-x32\...\{5BBC4803-C96E-4D3E-9D1D-2E43774C4062}) (Version: - BisonCam)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ChiconyCam (HKLM-x32\...\{A2201542-DA80-457F-8BD9-6C9C90196481}) (Version: 1.0.47.0819 - Chicony Electronics Co.,Ltd.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Druckerdeinstallation für EPSON SX410 Series (HKLM\...\EPSON SX410 Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.13.925 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.13.925 - DVDVideoSoft Ltd.)
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Hotkey 6.0069 (HKLM-x32\...\InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}) (Version: 6.0069 - NoteBook)
Hotkey 6.0069 (x32 Version: 6.0069 - NoteBook) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Master (x32 Version: 8.8.0 - Jumping Bytes) Hidden
Mobile Master 8.8.0 (HKLM-x32\...\Mobile Master) (Version: 8.8.0 - Jumping Bytes)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.30.0 - Nokia)
Nokia Suite (x32 Version: 3.8.30.0 - Nokia) Hidden
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.58.411.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27024 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.18.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1277135844-992974813-3746892334-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.18.0 - Synaptics Incorporated)
TI-Nspire™ Student Software (HKLM-x32\...\{F46F949B-755F-4BEF-A4B9-7B3B73D0104A}) (Version: 3.9.0.463 - Texas Instruments Inc.)
T-Online 6.0 (HKLM-x32\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version: - )
T-Online WLAN-Access Finder (HKLM-x32\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version: - )
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
WebCam Installer (HKLM-x32\...\InstallShield_{2A14D7BC-1876-4B38-830B-18856C27F550}) (Version: 4.04 - WebCam)
WebCam Installer (x32 Version: 4.04 - WebCam) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinZipper (HKLM-x32\...\WinZipper) (Version: 1.5.66 - Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-12-29 14:22 - 00001500 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
162.247.13.77 www.google-analytics.com.
162.247.13.77 google-analytics.com.
162.247.13.77 connect.facebook.net.
162.247.13.85 www.google-analytics.com.
162.247.13.85 google-analytics.com.
162.247.13.85 connect.facebook.net.
85.17.81.54 www.google-analytics.com.
85.17.81.54 google-analytics.com.
85.17.81.54 connect.facebook.net.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0AD81334-82A7-48FE-BEA4-319EE0222513} - System32\Tasks\Security Center Update - 1391498252 => C:\Users\Isabell\AppData\Roaming\Urehriqe\kikytaw.exe [2013-09-18] (Eamnraem Corniratu) <==== ATTENTION
Task: {0F80C734-8CAE-4D22-B563-5560127A4282} - System32\Tasks\Security Center Update - 1701778684 => C:\Users\Isabell\AppData\Roaming\Ahmihui\isoby.exe [2013-08-23] (Eamnraem Corniratu) <==== ATTENTION
Task: {13346523-4BCF-42E2-9E51-62185F9D0D8A} - System32\Tasks\rnzebsi => C:\Users\Isabell\AppData\Local\Temp\wafwdvf.exe [2014-12-27] () <==== ATTENTION
Task: {2908E4A6-9C43-442B-B41A-E2BF7F7F5B32} - System32\Tasks\{ABF6D49E-F2A9-46F7-8FD3-7C128A5087FD} => pcalua.exe -a C:\Users\Isabell\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=exp
Task: {4E70153A-D77A-4C7E-87F5-A13628101B35} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1277135844-992974813-3746892334-1000UA => C:\Users\Isabell\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-02] (Facebook Inc.)
Task: {959B255A-323B-41C1-B811-B05D053E99BF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1277135844-992974813-3746892334-1000Core => C:\Users\Isabell\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-02] (Facebook Inc.)
Task: {C6863530-E4A5-4F5E-887B-CC414D5BE906} - System32\Tasks\Security Center Update - 1183821805 => C:\Users\Isabell\AppData\Roaming\Ehuqwueh\osyfe.exe [2013-08-01] (Emnraem Corporatu) <==== ATTENTION
Task: {D645F6C2-C97D-47B2-BB82-552E9204684A} - System32\Tasks\Security Center Update - 537170910 => C:\Users\Isabell\AppData\Roaming\Ohucluag\xoaglel.exe [2013-10-14] (Emnraem Corporatu) <==== ATTENTION
Task: {F2AF21C6-9F1D-4338-92B4-A21986D29CC6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1277135844-992974813-3746892334-1000Core.job => C:\Users\Isabell\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1277135844-992974813-3746892334-1000UA.job => C:\Users\Isabell\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\Security Center Update - 1183821805.job => C:\Users\Isabell\AppData\Roaming\Ehuqwueh\osyfe.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 1391498252.job => C:\Users\Isabell\AppData\Roaming\Urehriqe\kikytaw.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 1701778684.job => C:\Users\Isabell\AppData\Roaming\Ahmihui\isoby.exe <==== ATTENTION
Task: C:\Windows\Tasks\Security Center Update - 537170910.job => C:\Users\Isabell\AppData\Roaming\Ohucluag\xoaglel.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2013-09-12 14:16 - 2013-08-02 03:12 - 00043520 _____ () C:\Windows\system32\CSRSRV.dll
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () C:\Windows\system32\pcwum.dll
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () C:\Windows\system32\pcwum.DLL
2009-07-14 00:19 - 2009-07-14 02:41 - 00036864 _____ () c:\windows\system32\pcwum.dll
2012-06-28 15:44 - 2012-06-28 15:44 - 00035840 _____ () c:\Program Files (x86)\Hotkey\PowerBiosServer.exe
2014-08-21 11:33 - 2014-09-14 11:48 - 00106376 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll
2012-12-10 11:45 - 2012-05-21 03:38 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-08-21 11:32 - 2014-09-14 11:47 - 00733576 _____ () C:\Program Files (x86)\SupTab\HpUI.exe
2014-07-16 10:55 - 2014-07-16 10:55 - 00073216 _____ () C:\Program Files (x86)\SupTab\Loader64.exe
2014-07-16 11:16 - 2014-07-16 11:16 - 00064000 _____ () C:\Program Files (x86)\SupTab\Loader32.exe
2012-09-18 18:53 - 2012-09-18 18:53 - 04736512 _____ () C:\Program Files (x86)\Hotkey\Hotkey.exe
2013-05-16 10:18 - 2012-09-12 16:55 - 00078480 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-05-16 10:18 - 2012-09-12 16:55 - 00386192 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-12-29 14:22 - 2014-12-29 14:22 - 00290304 _____ () C:\Windows\TEMP\8804.tmp
2014-12-17 19:42 - 2014-11-26 04:42 - 00612528 _____ () C:\Program Files (x86)\WinZipper\sqlite3.dll
2014-07-03 12:20 - 2014-07-03 12:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 12:19 - 2014-07-03 12:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-22 15:38 - 2014-12-22 15:38 - 00035840 _____ () C:\Users\Isabell\AppData\Local\Etxtion\AcroDrvtype.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 08507232 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 02354016 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 01014624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 00364384 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 02480992 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 01346912 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 00206176 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 02653024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
2013-04-19 00:45 - 2013-04-19 00:45 - 00033120 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll
2013-04-19 00:45 - 2013-04-19 00:45 - 00035680 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll
2013-04-19 00:45 - 2013-04-19 00:45 - 00207200 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2014-08-21 11:33 - 2014-09-14 11:47 - 00023944 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 11166560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 00276832 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
2013-04-15 12:26 - 2013-04-15 12:26 - 00391600 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
2013-04-15 12:26 - 2013-04-15 12:26 - 00059280 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
2013-04-19 00:45 - 2013-04-19 00:45 - 00438624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 00446304 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 00520544 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 00720736 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
2013-04-19 00:44 - 2013-04-19 00:44 - 00606560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
2013-04-19 00:46 - 2013-04-19 00:46 - 00093024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
2014-12-22 15:37 - 2014-12-22 15:37 - 00037888 _____ () C:\Users\Isabell\AppData\Local\YjPack\uGLhelper.dll
2009-06-06 13:50 - 2009-06-06 13:50 - 00019968 _____ () C:\Program Files (x86)\Hotkey\Audiodll.dll
2013-05-16 10:15 - 2012-06-25 03:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-12-17 19:48 - 2014-12-17 19:48 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1277135844-992974813-3746892334-500 - Administrator - Disabled)
Für Feli^^ (S-1-5-21-1277135844-992974813-3746892334-1003 - Limited - Enabled) => C:\Users\Für Feli^^
Gast (S-1-5-21-1277135844-992974813-3746892334-501 - Administrator - Disabled) => C:\Users\Gast
Isabell (S-1-5-21-1277135844-992974813-3746892334-1000 - Administrator - Enabled) => C:\Users\Isabell
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/30/2014 09:41:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15007
Error: (12/30/2014 09:41:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15007
Error: (12/30/2014 09:41:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/30/2014 09:41:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13868
Error: (12/30/2014 09:41:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13868
Error: (12/30/2014 09:41:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/30/2014 09:41:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12807
Error: (12/30/2014 09:41:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12807
Error: (12/30/2014 09:41:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/30/2014 09:41:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11809
System errors:
=============
Error: (12/30/2014 10:16:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "WindowsMangerProtect Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/30/2014 10:16:21 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (12/30/2014 10:16:21 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (12/30/2014 10:16:21 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (12/30/2014 10:16:17 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (12/30/2014 10:16:17 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (12/30/2014 10:16:16 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (12/30/2014 10:16:15 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (12/30/2014 10:15:06 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (12/30/2014 09:52:53 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.191.946.0
Aktualisierungsquelle: %NT-AUTORITÄT59
Aktualisierungsphase: 4.6.0305.00
Quellpfad: 4.6.0305.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Microsoft Office Sessions:
=========================
Error: (12/30/2014 09:41:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15007
Error: (12/30/2014 09:41:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15007
Error: (12/30/2014 09:41:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/30/2014 09:41:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13868
Error: (12/30/2014 09:41:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13868
Error: (12/30/2014 09:41:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/30/2014 09:41:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12807
Error: (12/30/2014 09:41:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12807
Error: (12/30/2014 09:41:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/30/2014 09:41:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11809
CodeIntegrity Errors:
===================================
Date: 2014-12-14 20:06:04.933
Description: N/A
Date: 2014-12-14 20:06:04.718
Description: N/A
==================== Memory info ===========================
Processor: Intel(R) Celeron(R) CPU 1037U @ 1.80GHz
Percentage of memory in use: 59%
Total physical RAM: 3988.01 MB
Available physical RAM: 1602.71 MB
Total Pagefile: 7974.2 MB
Available Pagefile: 5295.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.51 GB) (Free:825.33 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AE7503C5)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
| Addition-Log
Das ist ein Ausschnitt meines Desktops, wurde nicht von mir geändert. Die Datei ist beispielhaft für viele andere. Sie haben alle diese Endung.
Und das ist der Log von meinem Virenscanner, Microsoft Security Essentials.
Weitere Probleme, die seit längerem bestehen, sind zum einen, dass die Startseite vom Browser (Firefox) automatisch erscheint d.h. eine andere als von mir in den Einstellung angegeben. Außerdem funktioniert der sog. Echtzeitschutz von o.g. Antivierenprogramm nicht mehr.
Letzte Woche sind bereits Viren/Trojaner entdeckt worden, die ich per Antivirenprogramm entfernt habe.
Ich hoffe, dass ich das soweit alles richtig gemacht habe und bedanke mich schon mal für die Bemühungen.
LG iska |