|
Plagegeister aller Art und deren Bekämpfung: nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921vWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
17.01.2015, 09:25 | #1 |
| nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v Guten Morgen mein Laptop sendet an meinen Router W921v Dos Attacken ich bin neu und habe bis auf "Gmer19357.exe" (bricht ab) alle Aufgaben erledigt. Logfiles liegen vor. FRST und Fogger. Nun zum Log des Router W921v, auffällig wurde dies nur durch verlangsamung des Internets nach immer ca. 1 Woche und Probleme beim TV. Wir haben 16000 und 2 Mediareceiver für TV netto verbleibt ne 11000er und ein lahmer Upload 700 Meldungen wie diese tauche in der Log vom Router auf: ein Ausschnitt 17.01.2015 09:03:52 DoS(Denial of Service) Angriff SYN Flood Stop wurde entdeckt. (FW101) 17.01.2015 09:03:50 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 17.01.2015 09:03:50 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 17.01.2015 09:03:50 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 17.01.2015 09:03:37 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 17.01.2015 09:03:37 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 17.01.2015 09:03:37 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 17.01.2015 09:03:37 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 17.01.2015 09:03:36 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 17.01.2015 09:03:36 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 17.01.2015 09:03:35 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 17.01.2015 09:03:35 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 17.01.2015 09:03:35 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 17.01.2015 09:03:34 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 17.01.2015 09:03:34 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 17.01.2015 09:03:34 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 17.01.2015 09:03:32 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 17.01.2015 09:03:10 192.168.2.14 Anmeldung erfolgreich. (G101) 17.01.2015 09:00:30 WLAN-Station abgemeldet: Rechnername: captivapad, Mac-Adresse: gelöscht (W001) 17.01.2015 08:57:04 IP-Adresse 192.168.2.14: Abmeldung nach Time-Out. 17.01.2015 08:56:58 DHCP ist aktiv: WLAN MAC Adresse <gelöscht> IP-Adresse <192.168.2.14> Subnetzmaske <255.255.255.0> DNS-Server <192.168.2.1> Gateway <192.168.2.1> Lease Time <1 Tage> (H001) 17.01.2015 08:56:58 DHCP ist aktiv:fe80:0000:0000:0000:0000:0000:0000:0001. (DH101) 17.01.2015 08:56:55 WLAN-Station angemeldet: Rechnername: OnePC, Mac-Adresse: gelöscht (W103) 17.01.2015 08:56:21 WLAN-Station abgemeldet: Rechnername: jennyz1, Mac-Adresse: gelöscht (W001) 17.01.2015 08:55:22 DHCP ist aktiv: WLAN MAC Adresse <gelöscht> IP-Adresse <192.168.2.12> Subnetzmaske <255.255.255.0> DNS-Server <192.168.2.1> Gateway <192.168.2.1> Lease Time <Immer> (H001) 17.01.2015 08:55:21 WLAN-Station angemeldet: Rechnername: jennyz1, Mac-Adresse: 44:74:6c:55:54:ab (W103) 17.01.2015 08:49:57 WLAN-Station abgemeldet: Rechnername: OnePC, Mac-Adresse: a4:17:31:9e:de:23 (W001) 17.01.2015 08:49:54 DHCP ist aktiv: LAN MAC Adresse <gelöscht> IP-Adresse <192.168.2.19> Subnetzmaske <255.255.255.0> DNS-Server <192.168.2.1> Gateway <192.168.2.1> Lease Time <Immer> (H001) 17.01.2015 08:49:54 WLAN-Station angemeldet: Rechnername: captivapad, Mac-Adresse: gelöscht (W103) 17.01.2015 08:49:36 DHCP ist aktiv: WLAN MAC Adresse <gelöscht> IP-Adresse <192.168.2.14> Subnetzmaske <255.255.255.0> DNS-Server <192.168.2.1> Gateway <192.168.2.1> Lease Time <1 Tage> (H001) 17.01.2015 08:49:35 DHCP ist aktiv:fe80:0000:0000:0000:0000:0000:0000:0001. (DH101) 17.01.2015 08:49:32 WLAN-Station angemeldet: Rechnername: OnePC, Mac-Adresse: gelöscht (W103) 17.01.2015 08:48:06 WLAN-Station abgemeldet: Rechnername: OnePC, Mac-Adresse: gelöscht (W001) 17.01.2015 08:43:18 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 17.01.2015 08:43:18 DoS(Denial of Service) Angriff SYN Flood Stop wurde entdeckt. (FW101) 17.01.2015 08:43:18 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 17.01.2015 08:43:17 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 17.01.2015 08:43:17 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 17.01.2015 08:43:17 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 17.01.2015 08:43:16 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 17.01.2015 08:43:16 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 17.01.2015 08:42:58 WLAN-Station abgemeldet: Rechnername: captivapad, Mac-Adresse: gelöscht (W001) 17.01.2015 08:41:50 DoS(Denial of Service) Angriff UDP flood wurde entdeckt. (FW101) 17.01.2015 08:40:59 DHCP ist aktiv:fe80:0000:0000:0000:0000:0000:0000:0001. (DH101) 17.01.2015 08:40:09 DoS(Denial of Service) Angriff SYN Flood Stop wurde entdeckt. (FW101) 17.01.2015 08:40:09 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 17.01.2015 08:40:09 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 17.01.2015 08:40:08 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 17.01.2015 08:40:06 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 17.01.2015 08:40:06 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 17.01.2015 08:40:06 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 17.01.2015 08:40:06 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 17.01.2015 08:39:50 DoS(Denial of Service) Angriff UDP flood wurde entdeckt. (FW101) |
17.01.2015, 11:05 | #2 |
/// the machine /// TB-Ausbilder | nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v Hi,
__________________Dann Poste die logs Bitte in codetags.
__________________ |
17.01.2015, 12:03 | #3 |
| nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v Danke für die schnelle...
__________________Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 09:21 on 17/01/2015 (Admin) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2015 01 Ran by Admin (administrator) on ONEPC on 17-01-2015 09:22:02 Running from C:\Users\Admin\Downloads Loaded Profiles: Admin (Available profiles: Admin & Mcx1-ONEPC) Platform: Windows 8.1 Pro with Media Center (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Electronic Arts) D:\Program Files (x86)\Origin\Origin.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Internettransfer\LxTrans.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe (Geek Software GmbH) D:\Program Files (x86)\PDF24\pdf24.exe (Mischel Internet Security) C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe (Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe (Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531984 2015-01-07] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [517912 2013-02-15] (Acronis) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [TransferManager] => C:\Program Files (x86)\Common Files\Lexware\Internettransfer\LxTrans.exe [444928 2014-06-29] (Haufe-Lexware GmbH & Co. KG) HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2014-06-03] (Haufe-Lexware GmbH & Co. KG) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6405376 2013-03-28] (Acronis) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105848 2013-01-10] (Acronis) HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc) HKLM-x32\...\Run: [PDFPrint] => d:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH) HKLM-x32\...\Run: [THGuard] => C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe [1081808 2014-07-30] (Mischel Internet Security) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [SkyDrive] => C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-09] (Microsoft Corporation) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [EADM] => d:\Program Files (x86)\Origin\Origin.exe [3618648 2014-12-19] (Electronic Arts) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [GarminExpressTrayApp] => D:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [Prime95] => C:\Users\Admin\Downloads\p95v285.win64\prime95.exe [36363264 2014-05-30] () HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [PeerGuardian] => C:\Program Files (x86)\PeerGuardian2\pg2.exe [1421824 2005-09-18] (Methlabs) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\MountPoints2: {0d48a496-850f-11e3-becb-a417319ede24} - "G:\setup_vmc_lite.exe" /checkApplicationPresence HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\MountPoints2: {78f8706e-00e8-11e4-bf2b-a417319ede24} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\start.exe HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => D:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation) AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation) AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation) Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG) Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk ShortcutTarget: Tintenwarnungen überwachen - .lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{2D7BDE37-83EC-438A-9E1F-A610594DD358}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRW Download Manager.lnk ShortcutTarget: SRW Download Manager.lnk -> C:\IgniteGT\Simraceway\SRWAgent.exe (IgniteGT) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = SearchScopes: HKU\S-1-5-21-2819443126-392552937-1277417864-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_14_51_ff&cd=2XzuyEtN2Y1L1Qzu0AyEtCyBtAtCzy0E0D0EtByE0AtB0FtAtN0D0Tzu0StCtDzzyEtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyEtC0A0F0DzzyBtGtAyBtDtCtG0FtC0DyBtGyDyEyDyBtGyE0ByDzy0AyDyDyDtCzyyCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtDzzzz0C0AyBzytGyCyDtAyBtGyEzzyByDtGzzyEtC0BtGtA0AyB0E0Ezz0BtBtDtB0EyD2Q&cr=817908588&ir= SearchScopes: HKU\S-1-5-21-2819443126-392552937-1277417864-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldstr_14_51_ff&cd=2XzuyEtN2Y1L1Qzu0AyEtCyBtAtCzy0E0D0EtByE0AtB0FtAtN0D0Tzu0StCtDzzyEtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyEtC0A0F0DzzyBtGtAyBtDtCtG0FtC0DyBtGyDyEyDyBtGyE0ByDzy0AyDyDyDtCzyyCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtDzzzz0C0AyBzytGyCyDtAyBtGyEzzyByDtGzzyEtC0BtGtA0AyB0E0Ezz0BtBtDtB0EyD2Q&cr=817908588&ir= SearchScopes: HKU\S-1-5-21-2819443126-392552937-1277417864-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331398&octid=EB_ORIGINAL_CTID&ISID=M98418E83-B3EA-43D5-8755-D677627AA14D&SearchSource=58&CUI=&UM=6&UP=SPBA41B64D-0AC7-400C-8B20-B282A96FFC62&q={searchTerms}&SSPV= BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {3746422E-4692-4429-9698-E3EB34FE07BC} hxxp://192.168.1.9:88/FSIPCam.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {960DC750-7447-4CDE-BF1C-FB33F9129654} hxxp://192.168.1.9:5000/webman/3rdparty/SurveillanceStation/object/SSObject3.cab?6.1-2909 DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://192.168.1.117/codebase/DVM_IPCam2.ocx DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815 FF SelectedSearchEngine: Vosteran FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll () FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll () FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: synology.com/SurveillanceHelper -> C:\Program Files (x86)\Synology\SurveillanceHelper\1.0.0.3\npSurveillanceHelper.dll (Synology) FF Plugin-x32: synology.com/SurveillancePlugin -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.423\npSurveillancePlugin.dll (Synology) FF Plugin HKU\S-1-5-21-2819443126-392552937-1277417864-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-2819443126-392552937-1277417864-1001: hp.com/HPDetect -> C:\Users\Admin\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP) FF Plugin HKU\S-1-5-21-2819443126-392552937-1277417864-1001: synology.com/SSWebPlugin -> C:\Users\Admin\AppData\Roaming\Synology\SSWebPlugin\1.0.0.39\npSSWebPlugin.dll (Synology) FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\user.js FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\searchplugins\google-images.xml FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\searchplugins\google-maps.xml FF Extension: npIpcam - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\Extensions\npapi@n.com [2014-08-23] FF Extension: Bitdefender QuickScan - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-12-25] FF Extension: {4bca6f1e-1ab9-44ff-9461-67bd2fbe7039} - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\Extensions\{4bca6f1e-1ab9-44ff-9461-67bd2fbe7039}.xpi [2014-11-09] FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-21] FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-12-09] FF HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\extensions\cliqz@cliqz.com Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Admin\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-11-08] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 ADUServiceNSRT; C:\Program Files (x86)\Common Files\Nokia\ADUService\ADUService.exe [100984 2014-06-26] () [File not signed] S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-12-03] () S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) S4 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-12-10] (Futuremark) S4 Garmin Core Update Service; D:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries) S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-07] (NVIDIA Corporation) S4 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2015-01-15] (SurfRight B.V.) S4 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [935208 2014-09-11] (AnchorFree Inc.) S4 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-17] () S4 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [430344 2014-05-16] () S4 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-10-03] (Intel Corporation) S4 iRacingService; D:\Program Files (x86)\iRacing\iRacingService.exe [798840 2015-01-13] (iRacing.com Motorsport Simulations, LLC Bedford, MA 01730) S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-09-17] (Intel Corporation) S4 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [62504 2014-06-26] (Haufe-Lexware GmbH & Co. KG) S4 Micro Star SCM; C:\WINDOWS\SysWOW64\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) [File not signed] S4 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed] S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2015-01-07] (NVIDIA Corporation) S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19822736 2015-01-07] (NVIDIA Corporation) S4 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts) R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-06-13] () S4 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [387584 2014-09-19] (Qualcomm Atheros) [File not signed] S4 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3275728 2014-06-24] (Paramount Software UK Ltd) S4 Simraceway Update Service; C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe [1630720 2013-07-11] () [File not signed] S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3903488 2014-07-11] (Qualcomm Atheros Communications, Inc.) R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [97968 2014-09-11] (Qualcomm Atheros, Inc.) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2015-01-15] () R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.) R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.) R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.) S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [11776 2009-04-09] (ZTE Incorporated) [File not signed] S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4263936 2013-06-03] (Intel Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-07] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] () S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited) S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-06-23] (Research in Motion Limited) S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd) S3 SjtWinIo; C:\Windows\System32\drivers\SjtWinIo.sys [9216 2014-08-26] (SpeedJet Technology INC.) R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.) S3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-11-11] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2014-11-11] (Acronis) S3 UHSfiltv; C:\Windows\system32\drivers\UHSfiltv.sys [23552 2012-09-12] (Creative Technology Ltd.) [File not signed] S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S3 AthBTPort; \SystemRoot\system32\DRIVERS\btath_flt.sys [X] S3 BTATH_A2DP; \SystemRoot\system32\drivers\btath_a2dp.sys [X] S3 btath_avdt; \SystemRoot\system32\drivers\btath_avdt.sys [X] S3 BTATH_BUS; \SystemRoot\System32\drivers\btath_bus.sys [X] S3 BTATH_HCRP; \SystemRoot\System32\drivers\btath_hcrp.sys [X] S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X] S3 BTATH_RCP; \SystemRoot\System32\drivers\btath_rcp.sys [X] S3 cpuz138; \??\C:\WINDOWS\TEMP\cpuz138\cpuz138_x64.sys [X] S3 GPUZ; \??\C:\WINDOWS\TEMP\GPUZ.sys [X] S3 hitmanpro37; \??\C:\WINDOWS\system32\drivers\hitmanpro37.sys [X] S3 VMSMP; \SystemRoot\system32\DRIVERS\vmswitch.sys [X] U3 pxldapoc; \??\C:\Users\Admin\AppData\Local\Temp\pxldapoc.sys [X] ========================== Drivers MD5 ======================= C:\Windows\System32\drivers\1394ohci.sys E1832BD9FD7E0FC2DC9FA5935DE3E8C1 C:\Windows\System32\drivers\3ware.sys AD508A1A46EC21B740AB31C28EFDFDB1 C:\Windows\System32\drivers\ACPI.sys E796AE43DDD1844281DB4D57294D17C0 C:\Windows\System32\Drivers\acpiex.sys AC8279D229398BCF05C3154ADCA86813 C:\Windows\System32\drivers\acpipagr.sys A8970D9BF23CD309E0403978A1B58F3F C:\Windows\System32\drivers\acpipmi.sys 111A89C99C5B4F1A7BCE5F643DD86F65 C:\Windows\System32\drivers\acpitime.sys 5758387D68A20AE7D3245011B07E36E7 C:\Windows\System32\drivers\ADP80XX.SYS 7C1FDF1B48298CBA7CE4BDD4978951AD C:\Windows\System32\DRIVERS\afcdp.sys ABCF9C80EAACE03021BB7F450EB8993F C:\Windows\system32\drivers\afd.sys 374E27295F0A9DCAA8FC96370F9BEEA5 C:\Windows\System32\drivers\agp440.sys 7DFAEBA9AD62D20102B576D5CAC45EC8 C:\Windows\System32\DRIVERS\ahcache.sys F0CB6DB513CAC393D04A0FCE0A59E1BF C:\Windows\System32\drivers\amdk8.sys 7589DE749DB6F71A68489DCE04158729 C:\Windows\System32\drivers\amdppm.sys B46D2D89AFF8A9490FA8C98C7A5616E3 C:\Windows\System32\drivers\amdsata.sys D2BF2F94A47D332814910FD47C6BBCD2 C:\Windows\System32\drivers\amdsbs.sys A8E04943C7BBA7219AA50400272C3C6E C:\Windows\System32\drivers\amdxata.sys CEA5F4F27CFC08E3A44D576811B35F50 C:\Windows\system32\drivers\appid.sys 415DD71628795197F7AFC176CBADC74E C:\Windows\System32\drivers\arcsas.sys 65045784366F7EC5FB4E71BCF923187B C:\Windows\system32\DRIVERS\asyncmac.sys 3DB7721F06BC2FEDB25029EA23AB27DA C:\Windows\System32\drivers\atapi.sys 74B14192CF79A72F7536B27CB8814FBD C:\Windows\system32\DRIVERS\athwbx.sys 13BA3A9C3F97BE72F4E4B8CE348A42F6 C:\Windows\System32\drivers\bxvbda.sys A4A73F631FE2AA2826FBE4A399B04DEF C:\Windows\System32\drivers\BasicDisplay.sys 8CC7F7E4AFCBA605921B137ED7992C68 C:\Windows\System32\drivers\BasicRender.sys 38A82F4EE8C416A6744B6D30381ED768 C:\Windows\System32\drivers\bcmfn2.sys C1ABB0F7E3BEA48A0417BDF6FF14AB21 C:\Windows\System32\Drivers\Beep.sys EC19013E4CF87609534165DF897274D6 C:\Windows\system32\DRIVERS\bwcW8x64.sys 5D19E915306F162D9E8C715BB0D4503C C:\Windows\System32\DRIVERS\bowser.sys 6B4FFFDDC618FCF64473CAA86E305697 C:\Windows\system32\DRIVERS\btfilter.sys 239A81CC18170F3369D389DA65E74342 C:\Windows\System32\drivers\BthAvrcpTg.sys A8F23D453A424FF4DE04989C4727ECC7 C:\Windows\System32\drivers\BthEnum.sys 1104A31260CCF4318C884E0AE6C513BF C:\Windows\System32\drivers\bthhfenum.sys 67343511D80BF3D6D9EEDB5BA8D0B06B C:\Windows\System32\drivers\BthHFHid.sys 71FE2A48E4C93DDB9798C024880B6C07 C:\Windows\System32\drivers\BthLEEnum.sys D30C67473A2E229662D21F27EAA9AAA5 C:\Windows\System32\drivers\bthmodem.sys 07E33226AD218A2A162662A05CAFB52F C:\Windows\System32\drivers\bthpan.sys 25BB93167DEF270188072603F92A1EF5 C:\Windows\System32\Drivers\BTHport.sys C37F4930795B771400C63C3C87E7A6C2 C:\Windows\System32\Drivers\BTHUSB.sys 08EA90955AED2D959EE67DF6EDF0E2B6 C:\Windows\System32\DRIVERS\cdfs.sys 2FA6510E33F7DEFEC03658B74101A9B9 C:\Windows\System32\drivers\cdrom.sys C6796EA22B513E3457514D92DCDB1A3D C:\Windows\System32\drivers\circlass.sys BE9936EDD3267FAAFF94A7835867F00B C:\Windows\System32\drivers\CLFS.sys 179A41249055D5F039F1B6703F3B6D2B C:\Windows\System32\drivers\CmBatt.sys EF6EF85DADC3184A10D8F2F7159973CB C:\Windows\System32\Drivers\cng.sys 114AAF528D3D87D306F3682E618E8091 C:\Windows\System32\drivers\CompositeBus.sys 03AAED827C36F35D70900558B8274905 C:\Windows\System32\drivers\condrv.sys A1FF7DFBFBE164CF92603C651D304DD2 C:\Windows\System32\drivers\csc.sys 9DBC32A45CFA67074432D2AF6C2832B6 C:\Windows\System32\drivers\dam.sys 389C998C64319CD97625B0550E52ECFA C:\Windows\System32\drivers\dc3d.sys D06E443457FADC6B1AFAF3AA4B6936F6 C:\Windows\System32\Drivers\dfsc.sys A03F362C5557E238CBFA914689C77248 C:\Windows\System32\drivers\disk.sys 4D40C9B33F738797CF50E77CB7C53E85 C:\Windows\System32\drivers\dmvsc.sys EB70A894708D1BC176AFD690FF06085F C:\Windows\system32\drivers\drmkaud.sys 00C594D5A1DBD22AD8B2902B9F6EFF94 C:\WINDOWS\SysWOW64\Drivers\DrvAgent64.SYS 1ED08A6264C5C92099D6D1DAE5E8F530 C:\Windows\System32\drivers\dxgkrnl.sys E1BB0B6F00F470B451AB45EA13EBA0B3 C:\Windows\System32\drivers\evbda.sys 114BCFDF367FF37C3F1B0A96AF542E4D C:\Windows\System32\drivers\EhStorClass.sys 43531A5993380CC5113242C29D265FD9 C:\Windows\System32\drivers\EhStorTcgDrv.sys 6F8E738A9505A388B1157FDDE7B3101B C:\Windows\System32\drivers\errdev.sys DFFFAE1442BA4076E18EED5E406FA0D3 C:\Windows\System32\Drivers\exfat.sys 7729D294A555C7AEB281ED8E4D0E01E4 C:\Windows\System32\Drivers\fastfat.sys 7C4E0D5900B2A1D11EDD626D6DDB937B C:\Windows\System32\drivers\fdc.sys 5D8402613E778B3BD45E687A8372710B C:\Windows\System32\drivers\fileinfo.sys BCFD8B149B3ADF92D0DB1E909CAF0265 C:\Windows\System32\drivers\filetrace.sys A1A66C4FDAFD6B0289523232AFB7D8AF C:\Windows\System32\drivers\flpydisk.sys BE743083CF7063C486A4398E3AEFE59A C:\Windows\System32\drivers\fltmgr.sys C1FB505A73FA2E9019D32444AB33B75A C:\Windows\System32\DRIVERS\fltsrv.sys C06AF3D1E7CA6868A6A3064CE6907C4A C:\Windows\System32\drivers\FsDepends.sys A7C31B168F371E8E6796219F23E354DB C:\Windows\System32\Drivers\Fs_Rec.sys 09F460AFEDCA03F3BF6E07D1CCC9AC42 C:\Windows\System32\DRIVERS\fvevol.sys F152D55E497E12256290C43B31C7D0CE C:\Windows\System32\drivers\fxppm.sys 9591D0B9351ED489EAFD9D1CE52A8015 C:\Windows\System32\drivers\gagp30kx.sys FC3EF65EE20D39F8749C2218DBA681CA C:\Windows\System32\drivers\vmgencounter.sys 0BF5CAD281E25F1418E5B8875DC5ADD1 C:\Windows\System32\Drivers\msgpioclx.sys 8DF1254093B5C354CE725EB6B9B0DE19 C:\Windows\System32\drivers\HDAudBus.sys D4B7ED39C7900384D9E5C1283F1E7926 C:\Windows\System32\drivers\HidBatt.sys 10A70BC1871CD955D85CD88372724906 C:\Windows\System32\drivers\hidbth.sys 1EA1B4FABB8CC348E73CA90DBA22E104 C:\Windows\System32\drivers\hidi2c.sys C241A8BAFBBFC90176EA0F5240EACC17 C:\Windows\System32\drivers\hidir.sys 9BDDEE26255421017E161CCB9D5EDA95 C:\Windows\System32\drivers\hidusb.sys 8DB8EAB9D0C6A5DF0BDCADEA239220B4 C:\Windows\System32\drivers\hmpalert.sys CF07C0A9D38A248D036DD9C47E4D0D6E C:\Windows\System32\drivers\HpSAMD.sys A6AACEA4C785789BDA5912AD1FEDA80D C:\Windows\system32\DRIVERS\hssdrv6.sys 0063ACEBB5BBE8C563A6ADB09155E644 C:\Windows\System32\drivers\HTTP.sys 9DDCA7F18983C5410DEFF79F819DF93C C:\Windows\System32\drivers\hwpolicy.sys 90656C0B3864804B090434EFC582404F C:\Windows\System32\drivers\hyperkbd.sys 6D6F9E3BF0484967E52F7E846BFF1CA1 C:\Windows\system32\DRIVERS\HyperVideo.sys 907C870F8C31F8DDD6F090857B46AB25 C:\Windows\System32\drivers\i8042prt.sys 49EE0AE9E5B64FFBBD06D55C4984B598 C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 5D90E32E36CE5D4C535D17CE08AEAF05 C:\Windows\System32\drivers\iaLPSSi_I2C.sys DD05E7E80F52ADE9AEB292819920F32C C:\Windows\System32\drivers\iaStorA.sys 6C91E425ACE29594BD574DE38AC9B76D C:\Windows\System32\drivers\iaStorAV.sys 08BFE413B0B4AA8DFA4B5684CE06D3DC C:\Windows\System32\drivers\iaStorV.sys A2200C3033FA4EF249FC096A7A7D02A2 C:\Windows\system32\DRIVERS\igdkmd64.sys 076023219E918D34585B231029A44571 C:\Windows\system32\drivers\intelaud.sys FC7C456AF9B9811499EDBD10616832EE C:\Windows\system32\drivers\RTKVHD64.sys 6BDCC85422817FA53CD705ADE312CE6A C:\Windows\system32\DRIVERS\IntcDAud.sys 8AEEE0F4D210B61F917CFEA9653973C4 C:\Windows\System32\drivers\intelide.sys 4E448FCFFD00E8D657CD9E48D3E47157 C:\Windows\System32\drivers\intelpep.sys 7AA01AB1C110916825E6E1389F1B9AF2 C:\Windows\System32\drivers\intelppm.sys 47E74A8E53C7C24DCE38311E1451C1D9 C:\Windows\System32\DRIVERS\ipfltdrv.sys 9DB76D7F9E4E53EFE5DD8C53DE837514 C:\Windows\System32\drivers\IPMIDrv.sys 9C096BF5E10CA8BFA56F32522A89FAF1 C:\Windows\System32\drivers\ipnat.sys B7342B3C58E91107F6E946A93D9D4EFD C:\Windows\System32\drivers\irenum.sys AE44C526AB5F8A487D941CEB57B10C97 C:\Windows\System32\drivers\isapnp.sys 8AFEEA3955AA43616A60F133B1D25F21 C:\Windows\System32\drivers\msiscsi.sys D90AB68D0FAC9F357F663670FDBB511E C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys E489D12FF435AEEF4A5474C47D329590 C:\Windows\System32\drivers\iwdbus.sys A90C843F4FDD7A07129BA73C6BE13976 C:\Windows\System32\drivers\kbdclass.sys 5917AFE4A3F695A54B99C1849C8207FE C:\Windows\System32\drivers\kbdhid.sys 8CD840A062F6BDF41DDE3ACB96164B72 C:\Windows\System32\drivers\kbldfltr.sys DB7A09BC90DF20F44F16F8B0F9ED3491 C:\Windows\system32\DRIVERS\kdnic.sys 813871C7D402A05F2E3A7075F9584A05 C:\Windows\system32\DRIVERS\e22w8x64.sys B7086913421815DFD28FCA62BE0F43F0 C:\Windows\System32\Drivers\ksecdd.sys 4E829B18D5BAEC29893792A3C671A847 C:\Windows\System32\Drivers\ksecpkg.sys CA3F19E4B0765135B0F3C99384C535B9 C:\Windows\system32\drivers\ksthunk.sys 11AFB527AA370B1DAFD5C36F35F6D45F C:\Windows\system32\DRIVERS\lltdio.sys C09010B3680860131631F53E8FE7BAD8 C:\Windows\System32\drivers\lsi_sas.sys C755AE4635457AA2A11F79C0DF857ABC C:\Windows\System32\drivers\lsi_sas2.sys ADAC09CBE7A2040B7F68B5E5C9A75141 C:\Windows\System32\drivers\lsi_sas3.sys 04D1274BB9BBCCF12BD12374002AA191 C:\Windows\System32\drivers\lsi_sss.sys 327469EEF3833D0C584B7E88A76AEC0C C:\Windows\system32\drivers\luafv.sys DDEE191AB32DFC22C6465002ECDF5EE4 C:\Windows\System32\drivers\massfilter.sys B5E86524918EF32B32D1032E0C8E92A3 C:\Windows\system32\drivers\MBfilt64.sys 8FF2D95CBA49B405C5DE27039FF0BF35 C:\Windows\System32\drivers\megasas.sys EB5C03A070F30D64A6DF80E53B22F53F C:\Windows\System32\drivers\megasr.sys F6F13533196DE7A582D422B0241E4363 C:\Windows\System32\drivers\HECIx64.sys 2BB3EAE2EA641515D4B205CAB29E1624 C:\Windows\System32\drivers\modem.sys 8B38C44F69259987C95135C9627E2378 C:\Windows\System32\drivers\monitor.sys 601589000CC90F0DF8DA2CC254A3CCC9 C:\Windows\System32\drivers\mouclass.sys 08374E4E5B8914DE6067CBA99F61E930 C:\Windows\System32\drivers\mouhid.sys 5FCBAB60598AE119E02B4C27DE6B99EA C:\Windows\System32\drivers\mountmgr.sys D1D82F007A079A4D623DBD1F36EF30A1 C:\Windows\System32\drivers\mpsdrv.sys 6FC047578785B0435F4E2660946D1ADC C:\Windows\system32\drivers\mrxdav.sys DB32958F0E704EFBF7F15161A569E39F C:\Windows\System32\DRIVERS\mrxsmb.sys 31233271EDE50D1BBB220F78AFA60486 C:\Windows\System32\DRIVERS\mrxsmb10.sys 3E28B99198B514DFEB152EACF913025E C:\Windows\System32\DRIVERS\mrxsmb20.sys 6276AC2AA203CF47811F6EFBBD214FBF C:\Windows\system32\DRIVERS\bridge.sys F3C060444777A59FC63D920719E43CCD C:\Windows\System32\Drivers\Msfs.sys D13329FBF8345B28AB30F44CC247DC08 C:\Windows\System32\drivers\msgpiowin32.sys C6B474E46F9E543B875981ED3FFE6ADD C:\Windows\System32\drivers\mshidkmdf.sys 65C92EB9D08DB5C69F28C7FFD4E84E31 C:\Windows\System32\drivers\mshidumdf.sys 52299F086AC2DAFD100DD5DC4A8614BA C:\Windows\System32\drivers\msisadrv.sys 36D92AF3343C3A3E57FEF11C449AEA4C C:\Windows\system32\drivers\MSKSSRV.sys A9BBBD2BAE6142253B9195E949AC2E8D C:\Windows\system32\DRIVERS\mslldp.sys 51B3AC0560848CD6D65AC2033E293113 C:\Windows\system32\drivers\MSPCLOCK.sys 7B2128EB875DCBC006E6A913211006D6 C:\Windows\system32\drivers\MSPQM.sys 1E88171579B218115C7A772F8DE04BD8 C:\Windows\System32\Drivers\MsRPC.sys BBE2A455053E63BECBF42C2F9B21FAE0 C:\Windows\System32\drivers\mssmbios.sys 8D6B7D515C5CBCDB75B928A0B73C3C5E C:\Windows\system32\drivers\MSTEE.sys 115019AE01E0EB9C048530D2928AB4A2 C:\Windows\System32\drivers\MTConfig.sys 96D604A35070360F0DD4A7A8AF410B5E C:\Windows\System32\Drivers\mup.sys 619CA29326B82372621DB2C0964D8365 C:\Windows\System32\drivers\mvumis.sys B8C35C94DCB2DFEAF03BB42131F2F77F C:\Windows\system32\DRIVERS\nwifi.sys 008F7CED69FD5B30CBDE1E03C6F36A27 C:\Windows\System32\drivers\ndis.sys 21FE65E2E67C4E31EE95CBD1F91C4B24 C:\Windows\system32\DRIVERS\ndiscap.sys 8CECC8DA55F3274181FD1EA28AD76664 C:\Windows\system32\DRIVERS\NdisImPlatform.sys 269882812E9A68FFF1AFE1283D428322 C:\Windows\system32\DRIVERS\ndistapi.sys DC1D9F692C2AD84C214584C28501C1F7 C:\Windows\system32\DRIVERS\ndisuio.sys B832B35055BA2B7B4181861FF94D8E59 C:\Windows\System32\drivers\NdisVirtualBus.sys 1F58E48EF75F34C35D8E93A0DC535CFE C:\Windows\system32\DRIVERS\ndiswan.sys DEC29080202D4F9F17F55E18BCFCC41A C:\Windows\system32\DRIVERS\ndiswan.sys DEC29080202D4F9F17F55E18BCFCC41A C:\Windows\System32\Drivers\NDProxy.sys 0BBE2FA30BAD58C9ADC01E4F84A3D2A1 C:\Windows\System32\drivers\Ndu.sys 3083926D1CC5B56EA0786527B557DD1B C:\Windows\System32\DRIVERS\netbios.sys 42FF4975D032CAE558AE4BB8448F6E5A C:\Windows\System32\DRIVERS\netbt.sys 0217532E19A748F0E5D569307363D5FD C:\Windows\System32\drivers\netvsc63.sys D4DCE03870314D3354F3501F9DDD4123 C:\Windows\system32\DRIVERS\NETwew00.sys 8F72B055D8FE4DB48BBD50737E908E24 C:\Windows\System32\Drivers\Npfs.sys 8F44A2F57C9F1A19AC9C6288C10FB351 C:\Windows\System32\drivers\npsvctrig.sys CBDB4F0871C88DF930FC0E8588CA67FC C:\Windows\System32\drivers\nsiproxy.sys 0E046FF5823B95326D10CF1B4AF23541 C:\Windows\System32\Drivers\Ntfs.sys 7F68063A5A0461E02BC860CE0E6BFDDC C:\Windows\System32\Drivers\Null.sys EF1B290FC9F0E47CC0B537292BEE5904 C:\Windows\system32\drivers\nvhda64v.sys 554964B900AE2954B8B589B6287034AC C:\Windows\system32\DRIVERS\nvlddmkm.sys ED4D88A04D22E6B00DB6BC8FACDBAFED C:\Windows\System32\DRIVERS\nvpciflt.sys 34DFB4ACF03D95A51021D341CAA4E1B5 C:\Windows\System32\drivers\nvraid.sys BC6B5942AFF25EBAF62DE43C3807EDF8 C:\Windows\System32\drivers\nvstor.sys 1F43ABFFAC3D6CA356851D517392966E C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys 4583DB78F03C4C1FCC1317F8E3C2C8F5 C:\Windows\system32\drivers\nvvad64v.sys DBFE7B2DF103F74AE51840B3C5F25FE9 C:\Windows\System32\drivers\nv_agp.sys 6934A936A7369DFE37B7DBA93F5E5E49 C:\Windows\System32\drivers\parport.sys 764B1121867B2D9B31C491668AC72B2B C:\Windows\System32\drivers\partmgr.sys BAFF6122CFC9F95CA175AD8C348179A4 C:\Windows\System32\drivers\pci.sys 91ED124E261EA8FAA1C0FFDF2A71B0C4 C:\Windows\System32\drivers\pciide.sys 346E38FCC6859A727DD28AFAD1F0AFF4 C:\Windows\System32\drivers\pcmcia.sys 4D3BDCC1C7B40C9D7B6AD990E6DEC397 C:\Windows\System32\drivers\pcw.sys BF28771D1436C88BE1D297D3098B0F7D C:\Windows\System32\drivers\pdc.sys ED54A75050211DC77F9B98C41E026858 C:\Windows\System32\drivers\peauth.sys 0ECEE590F2E2EF969FB74A6FC583A1E6 C:\Windows\System32\drivers\point64.sys E4799B87675C59AA1F620DE5C6F113BB C:\Windows\system32\DRIVERS\raspptp.sys E075CC071022BD4E9BE7C024717C0E0A C:\Windows\System32\drivers\processr.sys ECD373F9571C745894367CC2635EA44F C:\Windows\system32\DRIVERS\pacer.sys FC0141B4A5AD6D637D883C1A89FC45C5 C:\WINDOWS\system32\pwdrvio.sys C32ECB99AD25E9A04F01C8665DF29EF8 C:\WINDOWS\system32\pwdspio.sys D619356B955EEFA642F5FF72755E8B3C C:\Windows\system32\drivers\qwavedrv.sys 83868EB2924E6BC21A54337C65D614D1 C:\Windows\System32\DRIVERS\rasacd.sys B337B1F1E82A83E20A1743E008E25C0F C:\Windows\system32\DRIVERS\AgileVpn.sys 3EE5097945A7F680E320953271EB2D4F C:\Windows\system32\DRIVERS\rasl2tp.sys 1BD3022FD6E450B00DE560265638FD2A C:\Windows\system32\DRIVERS\raspppoe.sys 5247F308C4103CDC4FE12AE1D235800A C:\Windows\system32\DRIVERS\rassstp.sys 41F631007A158FEBB67F0E2AD1601BBA C:\Windows\System32\DRIVERS\rdbss.sys A1A5E79C0D1352AFDC08328A623DA051 C:\Windows\System32\drivers\rdpbus.sys 6B21EBF892CD8CACB71669B35AB5DE32 C:\Windows\System32\drivers\rdpdr.sys 680C1DAE268B6FB67FA21B389A8B79EF C:\Windows\System32\drivers\rdpvideominiport.sys BC8A79C625568DDB7DCA49D0C2741A64 C:\Windows\System32\drivers\rdyboost.sys A26AEC49F318FEE141DDDB2C5F99B3E6 C:\Windows\System32\Drivers\ReFS.sys 615DFD97DEA56CE1C3A52185A3038FF8 C:\Windows\System32\drivers\rfcomm.sys 0527EF6E23B9FAB37DDCBC479C6CFA28 C:\Windows\System32\Drivers\RimUsb_AMD64.sys 13D2E03E86B34C21D108770E0B5115BB C:\Windows\System32\Drivers\rimvndis6_AMD64.sys A8C0368EF257B84D4E5A174FB999F7D2 C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys 344604E6913BD6E4EAEC34AF2E0943D7 C:\Windows\System32\Drivers\RootMdm.sys 9746BA79DE0CA5EB5104406A9ED62D01 C:\Windows\system32\DRIVERS\RtsPStor.sys 7BFDFD1D2244B444D7BBC55087426518 C:\Windows\system32\DRIVERS\rspndr.sys 2D05A5508F4685412F2B89E8C2189ABC C:\Windows\System32\drivers\vms3cap.sys 1A063730F221B2746FF00457AE17E4F0 C:\Windows\System32\drivers\sbp2port.sys C624A1B32211C3166EDB3F4AB02A30B7 C:\Windows\System32\DRIVERS\scfilter.sys 13BEA6C882D4D877A5A85CA149C86BC1 C:\Windows\System32\drivers\sdbus.sys 27FF998504DEF8D29A771FBB41707C5E C:\Windows\System32\drivers\sdstor.sys 0B1E929D11A8E358106955603FAC65E8 C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\System32\drivers\SerCx.sys DB2FF24CE0BDD15FE75870AFE312BA89 C:\Windows\System32\drivers\SerCx2.sys 0044B31F93946D5D41982314381FE431 C:\Windows\System32\drivers\serenum.sys 3CD600C089C1251BEEB4CD4CD5164F9E C:\Windows\System32\drivers\serial.sys D864381BC9C725FAB01D94C060660166 C:\Windows\System32\drivers\sermouse.sys 148195AE95D9BC7375A08846439FDAC1 C:\Windows\System32\drivers\sfloppy.sys 472B7A5AC181C050888DB454663DD764 C:\Windows\System32\drivers\SiSRaid2.sys 2F518D13DD6F3053837FE606F1A2EA1F C:\Windows\System32\drivers\sisraid4.sys 1AC9A200A9C49C4508F04AAFFCA34A3F C:\Windows\System32\drivers\SjtWinIo.sys C44D3179D9EFEBD26572A9DC6DD759DE C:\Windows\System32\DRIVERS\snapman.sys E3E56CAF0472163871B922FC7CBC9654 C:\Windows\System32\drivers\spaceport.sys D24B1945ED1F9C96DA786DBBF1E983CE C:\Windows\System32\drivers\SpbCx.sys F337BE11071818FC3F5DC2940B6BDE34 C:\Windows\System32\DRIVERS\srv.sys 6416E79A58A8FCC33A447A4DDDD3BF04 C:\Windows\System32\DRIVERS\srv2.sys 00D8AC8E3053290BDE6EA2FB6810D2FC C:\Windows\System32\DRIVERS\srvnet.sys D047CD668E6277FD80F0C613946F034C C:\Windows\System32\drivers\stexstor.sys 366DEA74BBA65B362BCCFC6FC2ADFD8B C:\Windows\System32\drivers\serscan.sys 8F3C0CCF27CFFE89424F30E9FB3381AB C:\Windows\System32\drivers\storahci.sys 0ED2E318ABB68C1A35A8B8038BDB4C90 C:\Windows\System32\drivers\vmstorfl.sys 8B9486B64E5FC17FB9CC04CA10B77A34 C:\Windows\System32\drivers\stornvme.sys 6B06E2D11E604BE2B1A406C4CB3B90DE C:\Windows\System32\drivers\storvsc.sys 548759755BC73DAD663250239D7E0B9F C:\Windows\System32\drivers\storvsp.sys 03618F935379614837F915D04C45FC0E C:\Windows\System32\drivers\swenum.sys 65454187E0F8B6C0DCECB0287D06EC43 C:\Windows\system32\DRIVERS\taphss6.sys DA0780D55E8CF724CF3EF7CCF0F0DB67 C:\Windows\System32\drivers\tcpip.sys 3C2DF97A21A9BBE6355B0A51F288EFFF C:\Windows\system32\DRIVERS\tcpip.sys 3C2DF97A21A9BBE6355B0A51F288EFFF C:\Windows\System32\drivers\tcpipreg.sys 41CF802064F72E55F50CA0A221FD36D4 C:\Windows\system32\DRIVERS\tdrpman.sys AC28A6FCA485821499FF018695CEDE16 C:\Windows\system32\DRIVERS\tdx.sys FFF28F9F6823EB1756C60F1649560BBF C:\Windows\system32\DRIVERS\teamviewervpn.sys F5520DBB47C60EE83024B38720ABDA24 C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys 4283D7125BA4BD0CB50BB0F78B54257A C:\Windows\System32\drivers\terminpt.sys 232D185D2337F141311D0CF1983E1431 C:\Windows\System32\DRIVERS\tib.sys DE604462206F7D8C203F767F425FCA8D C:\Windows\System32\DRIVERS\tib_mounter.sys 8C750FE6DE38AF13506B99EC2F519F79 C:\Windows\system32\drivers\tpm.sys 82F909359600D3603FE852DB7F135626 C:\Windows\System32\drivers\tsusbflt.sys BF8F54CA37E9C9D6582C31C5761F8C93 C:\Windows\System32\drivers\TsUsbGD.sys 20185BEB7512EDE4EFECDFA148AC9F99 C:\Windows\system32\DRIVERS\tunnel.sys C8E0E78B5D284C2FF59BDFFDAF997242 C:\Windows\System32\drivers\uagp35.sys F6EEAD052943B5A3104C1405BB856C54 C:\Windows\System32\drivers\uaspstor.sys FE6067B1FD4E63650C667B33D080565B C:\Windows\System32\drivers\ucx01000.sys 807F8CF3E973305FC435C61CBBEE2A49 C:\Windows\System32\DRIVERS\udfs.sys 1EC649F112896FAE33250F0B97AC5D0B C:\Windows\System32\drivers\UEFI.sys 9578691F297E1B1F519970FE6D47CB21 C:\Windows\system32\drivers\UHSfiltv.sys E5DA87DAB3A32FA03F13FCFAE4255084 C:\Windows\System32\drivers\uliagpkx.sys 5EAB5117DDB24FC4D39E6FFFCF1837B9 C:\Windows\System32\drivers\umbus.sys DA34C39A18E60E7C3FA0630566408034 C:\Windows\System32\drivers\umpass.sys AE8294875E5446E359B1E8035D40C05E C:\Windows\system32\drivers\usbaudio.sys DF355EB0199198728027962DCFCDE5FB C:\Windows\System32\drivers\usbccgp.sys FF78D053A05E5A394F4E3C1816CC65A8 C:\Windows\System32\drivers\usbcir.sys 0139248F6B95CF0D837B5B46A2722D40 C:\Windows\System32\drivers\usbehci.sys 48BA326A3DBA5B5BEB5F2777F4618696 C:\Windows\System32\drivers\usbhub.sys FEF0BC107812B36849741C3211BA6B60 C:\Windows\System32\drivers\UsbHub3.sys FAA564A13576F9284546BF016D27B551 C:\Windows\System32\drivers\usbohci.sys 3019097FB6C985EF24C058090FF3BDBD C:\Windows\System32\drivers\usbprint.sys 4D655E3B684BE9B0F7FFD8A2935C348C C:\Windows\system32\DRIVERS\usb80236.sys F3F90825C416B264D016AA9D02C244C4 C:\Windows\System32\drivers\USBSTOR.SYS 66732C13628BDB1AB0D6FD46027327C2 C:\Windows\System32\drivers\usbuhci.sys 064260B3A5868AC894A4943543BC7AB7 C:\Windows\System32\Drivers\usbvideo.sys 5C8F604F6DC74177CDD8372D7B1ADFF0 C:\Windows\System32\drivers\USBXHCI.SYS 1A20F03700D2B2ED775E38D751EF2F63 C:\Windows\System32\drivers\vdrvroot.sys FEB26E3B8345A7E8D62F945C4AE86562 C:\Windows\System32\drivers\VerifierExt.sys A026EDEAA5EECAE0B08E2748B616D4BD C:\Windows\System32\drivers\vhdmp.sys F6ECFD6128A16A4851CFE98D4E01B011 C:\Windows\System32\drivers\viaide.sys 06D38968028E9AB19DE9B618C7B6D199 C:\Windows\System32\drivers\Vid.sys 3CE922E34DB12D9F3C0EA856BC09687C C:\Windows\System32\drivers\vmbus.sys 511AD3FF957A0127E6BD336FF6F89C38 C:\Windows\System32\drivers\VMBusHID.sys DA40BEA0A863CE768C940CA9723BF81F C:\Windows\System32\drivers\vmbusr.sys 68F8C26DEA2D42E8DEC0778943433C80 C:\Windows\System32\drivers\volmgr.sys 55D7D963DE85162F1C49721E502F9744 C:\Windows\System32\drivers\volmgrx.sys CCB9E901F7254BF96D28EB1B0E5329B7 C:\Windows\System32\drivers\volsnap.sys 64CA2B4A49A8EAF495E435623ECCE7DB C:\Windows\System32\drivers\vpci.sys EF31713EE4C7CCFE4049F7E7F15645A2 C:\Windows\System32\drivers\vpcivsp.sys ADBE96C33D1A5BB1BBAF90B4BC84F523 C:\Windows\System32\drivers\vsmraid.sys 4539F45F9F4C9757A86A56C949421E07 C:\Windows\System32\drivers\vstxraid.sys 0849B7260F26FE05EA56DED0672E2F4B C:\Windows\System32\drivers\vwifibus.sys BE970C369E43B509C1EDA2B8FA7CECB0 C:\Windows\system32\DRIVERS\vwififlt.sys 35BF5C5F5E3C9902C98978C7640574DA C:\Windows\system32\DRIVERS\vwifimp.sys 65ED7B9CFEA893DF7748D5FF692690DE C:\Windows\System32\drivers\wacompen.sys 0910AB9ED404C1434E2D0376C2AD5D8B C:\Windows\system32\DRIVERS\wanarp.sys B41F3E5780D97CFD44A717153AD9CF2C C:\Windows\system32\DRIVERS\wanarp.sys B41F3E5780D97CFD44A717153AD9CF2C C:\Windows\System32\drivers\WdBoot.sys 0359607177E5E9F6041136CC0A5CB0B6 C:\Windows\System32\drivers\Wdf01000.sys CB6C63FF8342B467E2EF76E98D5B934D C:\Windows\System32\drivers\WdFilter.sys DE8D12B4C3F55FA2C5E9774314F6C58A C:\Windows\System32\Drivers\WdNisDrv.sys 4AD874CDC812EC156265E451B6B09DAB C:\Windows\System32\DRIVERS\wfplwfs.sys 715ABA3DD164D06457A2A3C92F6EA9D5 C:\Windows\System32\drivers\wimmount.sys 5F66B7BB330AA80067FC66149A692620 C:\Windows\System32\drivers\WinUsb.sys AC263C2F66405589528995AA41040599 C:\Windows\system32\drivers\WmBEnum.sys 680A7846370000D20D7E74917D5B7936 C:\Windows\system32\drivers\WmFilter.sys 14C35BA8189C6F65D839163AA285E954 C:\Windows\system32\drivers\WmHidLo.sys AC4331AF118A720F13C9C5CABBFE27BD C:\Windows\System32\drivers\wmiacpi.sys 2834D9D3B4F554A39C72F00EA3F0E128 C:\Windows\system32\drivers\WmVirHid.sys 8488DD91A3EE54A8E29F02AD7BB8201E C:\Windows\system32\drivers\WmXlCore.sys 14802B3A30AA849C97CB968CCC813BF3 C:\Windows\System32\Drivers\Wof.sys 7FC5667DF73D4B04AA457CC3A4180E09 C:\Windows\System32\DRIVERS\wpcfltr.sys A2468CC3509394A33C4C32F99563D845 C:\Windows\System32\drivers\WpdUpFltr.sys 9F2904B55F6CECCD1A8D986B5CE2609A C:\Windows\system32\drivers\ws2ifsl.sys AE072B0339D0A18E455DC21666CAD572 C:\Windows\System32\drivers\WSDPrint.sys F586F3F1BF962FE9AE4316E0D896B22F C:\Windows\System32\drivers\WudfPf.sys 481286719402E4BAEFEA0604AB1B5113 C:\Windows\System32\drivers\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F C:\Windows\System32\drivers\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F C:\Windows\System32\drivers\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F C:\Windows\System32\drivers\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys 31DB70A61814E4F33181D48190D46845 C:\Windows\system32\DRIVERS\ZTEusbnet.sys 01CBEEA25AA78C0F0272654048D61F34 C:\Windows\system32\DRIVERS\ZTEusbnmea.sys C9ADA887BF326D8413E81FE80B1BE7EB C:\Windows\system32\DRIVERS\ZTEusbser6k.sys 31DB70A61814E4F33181D48190D46845 C:\Windows\system32\DRIVERS\ZTEusbvoice.sys C9ADA887BF326D8413E81FE80B1BE7EB ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-17 09:21 - 2015-01-17 09:21 - 00049295 _____ () C:\Users\Admin\Desktop\FRST.txt 2015-01-17 08:49 - 2015-01-17 08:49 - 00380416 _____ () C:\Users\Admin\Downloads\Gmer-19357.exe 2015-01-17 08:44 - 2015-01-17 09:22 - 00049930 _____ () C:\Users\Admin\Downloads\FRST.txt 2015-01-17 08:44 - 2015-01-17 09:22 - 00000000 ____D () C:\FRST 2015-01-17 08:44 - 2015-01-17 08:45 - 00062504 _____ () C:\Users\Admin\Downloads\Addition.txt 2015-01-17 08:43 - 2015-01-17 09:21 - 00000472 _____ () C:\Users\Admin\Downloads\defogger_disable.log 2015-01-17 08:43 - 2015-01-17 08:43 - 02125824 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe 2015-01-17 08:43 - 2015-01-17 08:43 - 00050477 _____ () C:\Users\Admin\Downloads\Defogger.exe 2015-01-17 08:43 - 2015-01-17 08:43 - 00000000 _____ () C:\Users\Admin\defogger_reenable 2015-01-16 17:10 - 2015-01-16 17:10 - 00000000 ____D () C:\Users\Admin\Downloads\TcpView-3.05 2015-01-16 17:09 - 2015-01-16 17:09 - 01179936 _____ () C:\Users\Admin\Downloads\TCPView - CHIP-Installer.exe 2015-01-16 17:09 - 2015-01-16 17:09 - 00291606 _____ () C:\Users\Admin\Downloads\TcpView-3.05.zip 2015-01-16 14:41 - 2015-01-16 14:41 - 00003657 _____ () C:\Users\Admin\Desktop\virenverdachtdatei.txt 2015-01-16 08:41 - 2015-01-16 08:41 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu(1).exe 2015-01-15 06:14 - 2015-01-17 08:57 - 00000000 ____D () C:\WINDOWS\CryptoGuard 2015-01-15 06:14 - 2015-01-17 08:12 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert 2015-01-15 06:14 - 2015-01-15 06:37 - 00548424 _____ (SurfRight) C:\WINDOWS\system32\hmpalert.dll 2015-01-15 06:14 - 2015-01-15 06:37 - 00477008 _____ (SurfRight) C:\WINDOWS\SysWOW64\hmpalert.dll 2015-01-15 06:14 - 2015-01-15 06:37 - 00093144 _____ () C:\WINDOWS\system32\Drivers\hmpalert.sys 2015-01-15 06:14 - 2015-01-15 06:14 - 01889616 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\hmpalert.exe 2015-01-15 06:14 - 2015-01-15 06:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert 2015-01-15 06:14 - 2015-01-15 06:14 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert 2015-01-15 06:09 - 2015-01-15 06:09 - 00319536 _____ () C:\WINDOWS\Minidump\011515-10203-01.dmp 2015-01-15 06:08 - 2015-01-15 06:08 - 1604350282 _____ () C:\WINDOWS\MEMORY.DMP 2015-01-15 05:52 - 2015-01-15 05:52 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe 2015-01-15 05:52 - 2015-01-15 05:52 - 00000856 _____ () C:\WINDOWS\system32\.crusader 2015-01-15 05:52 - 2015-01-15 05:52 - 00000142 _____ () C:\WINDOWS\system32\bootdelete.lst 2015-01-14 20:20 - 2015-01-14 20:22 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.6 2015-01-14 20:20 - 2015-01-14 20:20 - 00059392 ____R () C:\WINDOWS\SysWOW64\streamhlp.dll 2015-01-14 20:20 - 2015-01-14 20:20 - 00001097 _____ () C:\Users\Admin\Desktop\TrojanHunter.lnk 2015-01-14 20:20 - 2015-01-14 20:20 - 00000000 ____D () C:\ProgramData\TrojanHunter 2015-01-14 20:20 - 2015-01-14 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter 2015-01-14 20:16 - 2015-01-14 20:16 - 00000949 _____ () C:\Users\Mcx1-ONEPC\Desktop\PeerGuardian.lnk 2015-01-14 20:16 - 2015-01-14 20:16 - 00000949 _____ () C:\Users\Admin\Desktop\PeerGuardian.lnk 2015-01-14 20:16 - 2015-01-14 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerGuardian 2 2015-01-14 20:16 - 2015-01-14 20:16 - 00000000 ____D () C:\Program Files (x86)\PeerGuardian2 2015-01-14 19:44 - 2015-01-14 19:45 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu.exe 2015-01-14 19:44 - 2015-01-14 19:44 - 02209056 _____ () C:\Users\Admin\Downloads\avira-eu-cleaner_de.exe 2015-01-14 19:44 - 2015-01-14 19:44 - 00002072 _____ () C:\Users\Admin\Desktop\Entfernen des Avira EU-Cleaners.lnk 2015-01-14 19:44 - 2015-01-14 19:44 - 00002016 _____ () C:\Users\Admin\Desktop\Avira EU-Cleaner.lnk 2015-01-14 19:35 - 2015-01-15 05:52 - 00000000 ____D () C:\ProgramData\HitmanPro 2015-01-14 19:35 - 2015-01-14 19:35 - 11225840 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\hitmanpro_x64.exe 2015-01-14 19:28 - 2015-01-17 08:36 - 00001336 _____ () C:\WINDOWS\setupact.log 2015-01-14 19:28 - 2015-01-14 19:28 - 00000000 _____ () C:\WINDOWS\setuperr.log 2015-01-14 17:25 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll 2015-01-14 17:25 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll 2015-01-14 10:15 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-01-14 10:15 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-01-14 10:15 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-01-14 10:15 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-01-14 10:15 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-01-14 10:15 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-01-14 10:15 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-01-14 10:15 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-01-14 10:15 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-01-14 10:15 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-01-14 10:15 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-01-14 10:15 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-01-14 10:15 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-01-14 10:15 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-01-14 10:15 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-01-13 14:36 - 2015-01-13 14:41 - 00000000 ____D () C:\Users\Admin\Documents\InfiniteCrisis 2015-01-13 14:36 - 2015-01-13 14:36 - 00000000 ____D () C:\Users\Admin\AppData\Local\InfiniteCrisis 2015-01-13 08:17 - 2015-01-13 12:41 - 00000000 ____D () C:\Users\Admin\AppData\Local\Turbine 2015-01-13 08:08 - 2015-01-13 08:08 - 00000000 ____D () C:\ProgramData\Turbine 2015-01-13 07:17 - 2015-01-13 07:19 - 164623600 _____ () C:\Users\Admin\Desktop\InfiniteCrisisInstaller.exe 2015-01-10 12:50 - 2015-01-10 12:50 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf 2015-01-10 12:49 - 2015-01-10 12:50 - 05410368 _____ (Code Laboratories, Inc.) C:\Users\Admin\Downloads\CL-Eye-Driver-5.3.0.0341.exe 2015-01-10 12:42 - 2015-01-10 12:43 - 23535342 _____ () C:\Users\Admin\Downloads\ECam-V2_0_3_0.zip 2015-01-09 17:16 - 2015-01-09 17:50 - 2840363008 _____ () C:\Users\Admin\Downloads\Image_Windows7_32+64.iso 2015-01-05 14:30 - 2015-01-05 14:30 - 01923104 _____ (CTS Games Ltd. ) C:\Users\Admin\Downloads\szone_webinst.exe 2015-01-04 19:49 - 2015-01-14 19:24 - 00067584 ___SH () C:\Users\Admin\Desktop\Thumbs.db 2015-01-04 11:54 - 2015-01-17 08:37 - 00003132 _____ () C:\WINDOWS\System32\Tasks\FRAPS 2015-01-03 16:16 - 2015-01-03 16:16 - 00000876 _____ () C:\Users\Admin\Desktop\X-Motor Racing Launcher.lnk 2015-01-03 16:16 - 2015-01-03 16:16 - 00000831 _____ () C:\Users\Admin\Desktop\X-Motor Racing.lnk 2015-01-03 16:16 - 2015-01-03 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X-Motor Racing Demo 2015-01-03 16:15 - 2015-01-03 16:15 - 00000000 ____D () C:\Games 2015-01-03 16:11 - 2015-01-03 16:14 - 220323599 _____ () C:\Users\Admin\Downloads\x-motor-racing.demo.v1.48.zip 2014-12-30 13:55 - 2014-12-30 13:55 - 00003909 _____ () C:\Users\Admin\Downloads\Transformers.Rise.of.the.Dark.Spark.save100.zip 2014-12-30 13:47 - 2014-12-30 13:47 - 00000000 ____H () C:\Users\Admin\Documents\Default.rdp 2014-12-29 18:53 - 2014-12-29 18:53 - 00000000 ____D () C:\Lohnkonto 2014-12-29 17:46 - 2014-12-29 17:46 - 00002860 _____ () C:\Users\Admin\Desktop\ToppKurierMA2014.csv 2014-12-29 17:42 - 2014-12-29 17:42 - 00004266 _____ () C:\Users\Admin\Desktop\MA2014.txt 2014-12-29 17:35 - 2014-12-29 19:12 - 00000000 ____D () C:\Users\Admin\elan2014 2014-12-29 17:34 - 2014-12-29 17:34 - 00001985 _____ () C:\Users\Admin\Desktop\REHADAT_Elan_2014.lnk 2014-12-29 17:34 - 2014-12-29 17:34 - 00000000 ____D () C:\Users\Admin\elan2014start 2014-12-29 17:34 - 2014-12-29 17:34 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\REHADAT_Elan_2014 2014-12-28 15:26 - 2014-12-28 15:26 - 00000000 ____D () C:\Users\Admin\AppData\Local\Skyrim 2014-12-28 08:06 - 2014-12-28 08:06 - 00000000 ____D () C:\Users\Admin\AppData\Local\techland 2014-12-27 21:21 - 2014-12-27 21:21 - 00000222 _____ () C:\Users\Admin\Desktop\Call of Juarez Gunslinger.url 2014-12-26 08:14 - 2014-12-26 08:14 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2014-12-25 14:03 - 2015-01-08 18:54 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\QuickScan 2014-12-25 09:52 - 2014-12-25 09:52 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2819443126-392552937-1277417864-1001 2014-12-24 20:00 - 2014-12-24 20:00 - 00000222 _____ () C:\Users\Admin\Desktop\Next Car Game Wreckfest.url 2014-12-24 19:03 - 2014-12-24 19:03 - 00000000 ____D () C:\Users\Admin\AppData\Local\next car game technology sneak peek 2014-12-24 19:02 - 2014-12-24 19:02 - 11754447 _____ () C:\Users\Admin\Downloads\ncg_wallpapers.zip 2014-12-24 18:26 - 2014-12-24 19:00 - 00000222 _____ () C:\Users\Admin\Desktop\Next Car Game Sneak Peek 2.0.url 2014-12-24 12:15 - 2014-12-24 12:15 - 00000221 _____ () C:\Users\Admin\Desktop\Cogs.url 2014-12-24 11:39 - 2014-12-24 11:38 - 00000444 _____ () C:\Users\Admin\Desktop\Delivery report.ext 2014-12-22 19:50 - 2015-01-17 09:10 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2819443126-392552937-1277417864-1001 2014-12-22 19:44 - 2014-12-22 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Copa Petrobras de Marcas 2014-12-22 19:41 - 2014-12-22 20:20 - 00000000 ____D () C:\Marcas 2014-12-22 17:33 - 2014-12-22 17:34 - 06177829 _____ () C:\Users\Admin\Downloads\Helmet&Driver.rar 2014-12-22 17:33 - 2014-12-22 17:33 - 00534227 _____ (Reiza Studios Ltda. ) C:\Users\Admin\Downloads\Marcas_v102_Setup.exe 2014-12-22 12:40 - 2015-01-17 09:17 - 01926771 _____ () C:\WINDOWS\WindowsUpdate.log 2014-12-22 12:37 - 2015-01-17 09:06 - 00005122 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ONEPC-Admin OnePC 2014-12-22 12:34 - 2014-12-22 12:34 - 00002772 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2014-12-22 12:34 - 2014-12-22 12:34 - 00000794 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-12-22 12:34 - 2014-12-22 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-12-22 12:34 - 2014-12-22 12:34 - 00000000 ____D () C:\Program Files\CCleaner 2014-12-22 12:30 - 2015-01-05 14:39 - 00000000 ____D () C:\Program Files (x86)\Panda Security 2014-12-22 12:30 - 2015-01-05 14:38 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Panda Security 2014-12-22 12:30 - 2014-12-22 12:31 - 04036200 _____ (Piriform Ltd) C:\Users\Admin\Downloads\ccsetup500_slim.exe 2014-12-22 12:29 - 2015-01-05 14:38 - 00000000 ____D () C:\ProgramData\Panda Security 2014-12-22 12:15 - 2014-12-22 12:15 - 00000000 ____D () C:\WINDOWS\SysWOW64\Hotspot Shield 2014-12-21 11:49 - 2014-12-21 11:49 - 00000222 _____ () C:\Users\Admin\Desktop\The Great War 1918.url 2014-12-21 11:46 - 2014-12-21 11:46 - 00001373 _____ () C:\Users\Admin\Desktop\The Great War 1918.lnk 2014-12-21 09:44 - 2014-12-21 09:44 - 00000222 _____ () C:\Users\Admin\Desktop\Company of Heroes (New Steam Version).url 2014-12-20 11:53 - 2014-12-25 13:17 - 00000022 _____ () C:\WINDOWS\GPU-Z.INI 2014-12-20 11:43 - 2014-12-20 11:43 - 00000000 ____D () C:\Program Files (x86)\Futuremark 2014-12-20 11:40 - 2014-12-20 11:41 - 02674688 _____ () C:\Users\Admin\Downloads\Futuremark_SystemInfo_v433_installer.msi 2014-12-20 11:40 - 2014-12-20 11:40 - 00000000 ____D () C:\Users\Admin\AppData\Local\Futuremark 2014-12-20 11:33 - 2014-12-20 11:33 - 00001176 _____ () C:\Users\Public\Desktop\3DMark.lnk 2014-12-20 11:33 - 2014-12-20 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark 2014-12-20 11:33 - 2014-12-20 11:33 - 00000000 ____D () C:\Program Files\Futuremark 2014-12-20 11:22 - 2014-12-20 11:43 - 00000000 ____D () C:\Users\Admin\AppData\Local\Vosteran 2014-12-20 08:41 - 2014-12-20 08:41 - 00000975 _____ () C:\Users\Admin\Desktop\TechPowerUp GPU-Z.lnk 2014-12-20 08:41 - 2014-12-20 08:41 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z 2014-12-20 08:41 - 2014-12-20 08:41 - 00000000 ____D () C:\Program Files (x86)\GPU-Z 2014-12-20 08:40 - 2014-12-20 08:40 - 01577464 _____ ( ) C:\Users\Admin\Downloads\cpu-z_1.71.1-setup-en.exe 2014-12-20 08:09 - 2014-12-20 08:09 - 00001098 _____ () C:\Users\Admin\Desktop\MSI Afterburner.lnk 2014-12-20 08:08 - 2014-12-20 08:08 - 00000000 ____D () C:\Users\Admin\Downloads\MSIAfterburnerSetup400 2014-12-19 13:00 - 2015-01-03 08:38 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-17 09:20 - 2014-08-26 16:37 - 00000000 ____D () C:\Users\Admin\Desktop\Neues Verzeichnis 2015-01-17 09:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-01-17 08:57 - 2013-06-04 18:18 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps 2015-01-17 08:56 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2015-01-17 08:43 - 2013-10-23 15:32 - 00000000 ____D () C:\Users\Admin 2015-01-17 08:43 - 2013-09-30 05:14 - 01780344 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-01-17 08:43 - 2013-09-30 04:58 - 00766800 _____ () C:\WINDOWS\system32\perfh007.dat 2015-01-17 08:43 - 2013-09-30 04:58 - 00160082 _____ () C:\WINDOWS\system32\perfc007.dat 2015-01-17 08:39 - 2013-06-20 18:11 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TeamViewer 2015-01-17 08:37 - 2014-09-28 09:25 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Raptr 2015-01-17 08:37 - 2013-11-03 07:37 - 00000000 ____D () C:\Fraps 2015-01-17 08:37 - 2013-08-04 19:03 - 00000000 ____D () C:\ProgramData\Origin 2015-01-17 08:37 - 2013-06-04 07:27 - 00000000 ___DO () C:\Users\Admin\SkyDrive 2015-01-17 08:36 - 2013-11-03 10:49 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-17 08:36 - 2013-11-03 10:49 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-17 08:36 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-01-17 08:36 - 2013-08-22 14:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI 2015-01-17 08:24 - 2013-11-03 16:46 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-01-17 07:52 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-01-16 08:53 - 2013-12-28 10:24 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2015-01-15 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-01-15 15:12 - 2014-10-20 16:39 - 00000000 ____D () C:\Users\Mcx1-ONEPC 2015-01-15 06:12 - 2014-10-21 11:59 - 00000000 ____D () C:\ProgramData\Netzmanager 2015-01-15 06:09 - 2014-11-28 10:25 - 32799365 _____ () C:\Simraceway.log 2015-01-15 06:09 - 2014-01-17 15:30 - 00000000 ____D () C:\WINDOWS\Minidump 2015-01-14 19:27 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-01-14 19:23 - 2013-06-27 19:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TS3Client 2015-01-14 10:34 - 2013-07-12 17:28 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-01-14 10:31 - 2013-06-03 19:18 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-01-13 21:46 - 2013-06-04 07:07 - 00000000 ____D () C:\ProgramData\Lexware 2015-01-13 19:24 - 2013-11-03 16:46 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-01-13 18:25 - 2014-02-11 16:50 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\apsec 2015-01-13 08:17 - 2014-08-19 15:45 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe 2015-01-13 07:07 - 2014-12-02 10:55 - 00000000 ____D () C:\Users\Admin\Documents\The Crew 2015-01-13 07:07 - 2014-03-01 12:42 - 00000000 ____D () C:\Users\Admin\Documents\DayZ 2015-01-13 07:07 - 2013-09-26 18:04 - 00000000 ____D () C:\Users\Admin\Documents\Arma 3 2015-01-12 20:56 - 2013-06-03 18:14 - 00000000 ____D () C:\Users\Admin\AppData\Local\Packages 2015-01-10 16:31 - 2013-06-27 08:14 - 00000000 ____D () C:\Users\Admin\Documents\Outlook-Dateien 2015-01-07 08:35 - 2014-06-03 10:45 - 01291280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll 2015-01-07 08:35 - 2014-04-08 20:01 - 02210224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll 2015-01-07 08:34 - 2014-06-03 10:45 - 01715408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll 2015-01-07 08:34 - 2014-04-08 20:01 - 02824504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll 2015-01-06 01:08 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-01-06 01:08 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-05 14:39 - 2014-12-17 22:00 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV 2015-01-05 14:39 - 2014-12-17 22:00 - 00000000 ____D () C:\WINDOWS\system32\NV 2015-01-05 14:39 - 2013-08-22 15:44 - 00500104 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-01-05 14:34 - 2013-08-04 19:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Origin 2015-01-04 19:49 - 2014-07-29 13:47 - 00000000 ____D () C:\Users\Admin\Desktop\Alte Firefox-Daten 2015-01-03 08:22 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries 2014-12-31 12:14 - 2013-06-03 19:24 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2014-12-31 11:31 - 2013-11-30 13:20 - 00000000 ____D () C:\Users\Admin\Documents\SimCity 2014-12-28 11:52 - 2013-06-04 16:16 - 00000000 ____D () C:\Users\Admin\Documents\my games 2014-12-28 09:27 - 2013-08-26 18:03 - 00000000 ____D () C:\Users\Admin\Documents\4A Games 2014-12-27 21:21 - 2013-06-05 20:49 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-12-25 10:02 - 2014-10-05 11:21 - 00007602 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg 2014-12-25 09:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\schemas 2014-12-25 07:33 - 2013-07-07 18:47 - 00000000 ____D () C:\Users\Admin\AppData\Local\4A Games 2014-12-23 20:23 - 2014-04-21 10:25 - 00000000 ____D () C:\Users\Admin\Downloads\recuva 8gb stick 2014-12-23 06:55 - 2013-09-12 07:56 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-12-22 12:49 - 2014-11-12 10:36 - 27590656 _____ () C:\WINDOWS\system32\vmguest.iso 2014-12-22 12:18 - 2013-11-17 08:59 - 00015512 _____ () C:\Users\Admin\Downloads\hijackthis.log 2014-12-22 12:15 - 2013-11-17 09:04 - 00000000 ____D () C:\Users\Admin\Downloads\backups 2014-12-21 08:24 - 2013-06-22 13:07 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\.rFactor 2014-12-21 08:03 - 2013-06-20 18:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rFactor 2 2014-12-20 19:56 - 2014-12-02 10:55 - 00000000 ____D () C:\Users\Admin\Documents\ProfileCache 2014-12-20 18:31 - 2014-08-26 16:52 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server 2014-12-20 11:57 - 2013-08-25 15:25 - 00000000 ____D () C:\Users\Admin\Documents\3DMark 2014-12-20 11:33 - 2013-10-04 13:33 - 00000000 ____D () C:\ProgramData\Package Cache 2014-12-20 08:40 - 2014-07-15 15:20 - 00000845 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk 2014-12-20 08:09 - 2013-11-03 07:59 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx 2014-12-20 08:09 - 2013-11-03 07:59 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner 2014-12-20 08:09 - 2013-11-03 07:59 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner 2014-12-20 06:40 - 2014-12-15 22:52 - 00000000 ____D () C:\Users\Admin\Documents\Assetto Corsa 2014-12-19 18:04 - 2014-10-05 09:33 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Simraceway 2014-12-19 13:00 - 2014-07-14 06:12 - 00001082 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-12-18 18:52 - 2014-12-05 11:15 - 00002510 _____ () C:\WINDOWS\system32\TeamViewer10_Hooks.log 2014-12-18 18:52 - 2014-12-05 11:15 - 00000983 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk ==================== Files in the root of some directories ======= 2014-07-05 19:34 - 2014-07-06 05:11 - 0000154 _____ () C:\Users\Admin\AppData\Roaming\Rim.Desktop.Exception.log 2014-07-05 19:34 - 2014-11-28 10:20 - 0001937 _____ () C:\Users\Admin\AppData\Roaming\Rim.Desktop.HttpServerSetup.log 2014-07-05 19:34 - 2014-07-06 05:11 - 0000154 _____ () C:\Users\Admin\AppData\Roaming\Rim.DesktopHelper.Exception.log 2014-04-13 13:44 - 2014-10-23 09:10 - 0000000 _____ () C:\Users\Admin\AppData\Local\BluetoothPresent.flag 2014-04-13 13:44 - 2014-10-23 09:10 - 0000000 _____ () C:\Users\Admin\AppData\Local\Driver_Jupiter_01Present.flag 2014-04-13 13:44 - 2014-10-23 09:10 - 0000000 _____ () C:\Users\Admin\AppData\Local\Driver_LOM_8161Present.flag 2014-11-09 07:59 - 2014-11-09 08:00 - 0318088 _____ () C:\Users\Admin\AppData\Local\HDGraph.log 2014-04-13 13:41 - 2014-04-13 13:43 - 0000078 _____ () C:\Users\Admin\AppData\Local\killertool.log 2014-01-04 17:12 - 2014-11-10 16:33 - 0000600 _____ () C:\Users\Admin\AppData\Local\PUTTY.RND 2014-10-05 11:21 - 2014-12-25 10:02 - 0007602 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg 2013-09-09 14:29 - 2013-09-09 14:29 - 0000057 _____ () C:\ProgramData\Ament.ini Some content of TEMP: ==================== C:\Users\Admin\AppData\Local\Temp\hmpalert_update.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ Windows-Start-Manager --------------------- Bezeichner {bootmgr} device partition=\Device\HarddiskVolume1 description Windows Boot Manager locale de-DE inherit {globalsettings} integrityservices Enable default {current} resumeobject {abc97fa6-3bf7-11e3-aef0-dbb9fd509566} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Windows-Startladeprogramm ------------------------- Bezeichner {current} device partition=C: path \WINDOWS\system32\winload.exe description Windows 8.1 locale de-DE inherit {bootloadersettings} recoverysequence {fbe88233-3bf7-11e3-aef0-dbb9fd509566} integrityservices Enable recoveryenabled Yes allowedinmemorysettings 0x15000075 osdevice partition=C: systemroot \WINDOWS resumeobject {abc97fa6-3bf7-11e3-aef0-dbb9fd509566} nx OptIn bootmenupolicy Standard hypervisorlaunchtype Off Windows-Startladeprogramm ------------------------- Bezeichner {e990b581-cc78-11e2-b6a3-d09594044607} device ramdisk=[\Device\HarddiskVolume1]\Recovery\e990b581-cc78-11e2-b6a3-d09594044607\Winre.wim,{e990b582-cc78-11e2-b6a3-d09594044607} path \windows\system32\winload.exe description Windows Recovery Environment locale de-DE inherit {bootloadersettings} displaymessage Recovery displaymessageoverride Recovery osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\e990b581-cc78-11e2-b6a3-d09594044607\Winre.wim,{e990b582-cc78-11e2-b6a3-d09594044607} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Windows-Startladeprogramm ------------------------- Bezeichner {fbe88233-3bf7-11e3-aef0-dbb9fd509566} device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{fbe88234-3bf7-11e3-aef0-dbb9fd509566} path \windows\system32\winload.exe description Windows Recovery Environment locale de-DE inherit {bootloadersettings} displaymessage Recovery osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{fbe88234-3bf7-11e3-aef0-dbb9fd509566} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Wiederaufnahme aus dem Ruhezustand ---------------------------------- Bezeichner {abc97fa6-3bf7-11e3-aef0-dbb9fd509566} device partition=C: path \WINDOWS\system32\winresume.exe description Windows Resume Application locale de-DE inherit {resumeloadersettings} recoverysequence {fbe88233-3bf7-11e3-aef0-dbb9fd509566} recoveryenabled Yes allowedinmemorysettings 0x15000075 filedevice partition=C: filepath \hiberfil.sys bootmenupolicy Standard debugoptionenabled No Wiederaufnahme aus dem Ruhezustand ---------------------------------- Bezeichner {e990b57f-cc78-11e2-b6a3-d09594044607} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale de-DE inherit {resumeloadersettings} recoverysequence {e990b581-cc78-11e2-b6a3-d09594044607} recoveryenabled Yes allowedinmemorysettings 0x15000075 filedevice partition=C: filepath \hiberfil.sys bootmenupolicy Standard debugoptionenabled No Windows-Speichertestprogramm ---------------------------- Bezeichner {memdiag} device partition=\Device\HarddiskVolume1 path \boot\memtest.exe description Windows-Speicherdiagnose locale de-DE inherit {globalsettings} badmemoryaccess Yes EMS-Einstellungen ----------------- Bezeichner {emssettings} bootems No Debuggereinstellungen --------------------- Bezeichner {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM-Defekte ----------- Bezeichner {badmemory} Globale Einstellungen --------------------- Bezeichner {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Startladeprogramm-Einstellungen ------------------------------- Bezeichner {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisoreinstellungen ------------------- Bezeichner {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Einstellungen zur Ladeprogrammfortsetzung ----------------------------------------- Bezeichner {resumeloadersettings} inherit {globalsettings} Ger„teoptionen -------------- Bezeichner {e990b582-cc78-11e2-b6a3-d09594044607} description Windows Recovery ramdisksdidevice partition=\Device\HarddiskVolume1 ramdisksdipath \Recovery\e990b581-cc78-11e2-b6a3-d09594044607\boot.sdi Ger„teoptionen -------------- Bezeichner {e990b583-cc78-11e2-b6a3-d09594044607} description Windows Setup ramdisksdidevice partition=C: ramdisksdipath \$WINDOWS.~BT\Sources\SafeOS\boot.sdi Ger„teoptionen -------------- Bezeichner {fbe88234-3bf7-11e3-aef0-dbb9fd509566} description Windows Recovery ramdisksdidevice partition=\Device\HarddiskVolume1 ramdisksdipath \Recovery\WindowsRE\boot.sdi LastRegBack: 2015-01-16 03:34 ==================== End Of Log ============================ gmer ältere version ging dann durch Code:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net Rootkit scan 2015-01-17 12:08:06 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000044 SSD2SC480G726A104-46827799 rev.524ABBF0 447,13GB Running: gmer-2.0.18444.exe; Driver: C:\Users\Admin\AppData\Local\Temp\pxldapoc.sys ---- Threads - GMER 2.0 ---- Thread C:\WINDOWS\system32\csrss.exe [664:3396] fffff960009442d0 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6164] 000000005d99cb88 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6176] 000000005d4211d4 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6180] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6188] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6192] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6196] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6200] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6204] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6208] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6212] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6216] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6220] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6224] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6228] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6232] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6236] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6240] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6244] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6248] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6264] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6272] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6276] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6280] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6284] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6292] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6296] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6300] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6320] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6336] 000000005d4211d4 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6340] 000000005d4211d4 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6360] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6416] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6420] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6424] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6428] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6432] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6436] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6440] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6480] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6496] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6500] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6548] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6596] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6600] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6784] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6788] 000000005d4211d4 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:3964] 000000007453cf40 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:4892] 00000000744b28d0 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:1632] 0000000076f64e40 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:2180] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:3804] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:2856] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6404] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:2920] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:5148] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:4560] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:4840] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6816] 0000000060c174d6 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:3700] 0000000076f64e40 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:6288] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:5132] 0000000076f64e40 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:1328] 0000000060cac724 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:2976] 0000000076f64e40 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:7436] 0000000076f64e40 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:7456] 0000000076f64e40 Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6152:7548] 0000000076f64e40 ---- Processes - GMER 2.0 ---- Library ? (*** suspicious ***) @ C:\Windows\System32\skydrive.exe [4188] 00007ffa17310000 Library C:\Program (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [7008] 000000005a430000 Library C:\Program (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [7008] 0000000054410000 Library C:\Program (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [7008] 0000000053540000 Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [6780] 00007ffa1cfd0000 ---- EOF - GMER 2.0 ---- Geändert von andto (17.01.2015 um 12:12 Uhr) Grund: gmer log nachgereicht |
17.01.2015, 18:10 | #4 |
/// the machine /// TB-Ausbilder | nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v Addition.txt von FRST fehlt noch.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
17.01.2015, 21:38 | #5 |
| nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921vCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2015 01 Ran by Admin at 2015-01-17 09:22:25 Running from C:\Users\Admin\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) CAT 3 - West - v4.0 (HKLM-x32\...\{D3D02004-0977-4BB1-8FE8-8BC4230DCEEC}}_is1) (Version: - Eutechnyx, Ltd) 3DMark (HKLM-x32\...\{7330098c-3669-4f39-9e82-4221d489db39}) (Version: 1.4.828.0 - Futuremark) 3DMark (Version: 1.4.828.0 - Futuremark) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.) Adobe Connect 9 Add-in (HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Adobe Connect 9 Add-in) (Version: 11,9,959,0 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden Alan Wake (HKLM-x32\...\Steam App 108710) (Version: - Remedy Entertainment) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive) Assetto Corsa - Technology Preview Version 0.9.9 (HKLM-x32\...\{29826B4C-ADEF-4729-90D7-5011FD1C2B5E}_is1) (Version: 0.9.9 - Kunos Simulazioni) Assetto Corsa (HKLM-x32\...\Steam App 244210) (Version: - Kunos Simulazioni) Battery Calibration (HKLM-x32\...\{619FA785-489B-4D22-911F-82D6EDF5BDB0}) (Version: 1.0.1405.0701 - Micro-Star International Co., Ltd.) Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB) Call of Duty: Advanced Warfare (HKLM-x32\...\Steam App 209650) (Version: - Sledgehammer Games) Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version: - ) Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version: - Treyarch) Call of Duty: Ghosts - Multiplayer (HKLM-x32\...\Steam App 209170) (Version: - ) Call of Juarez Gunslinger (HKLM-x32\...\Steam App 204450) (Version: - Techland) CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform) Cogs (HKLM-x32\...\Steam App 26500) (Version: - Lazy 8 Studios) Company of Heroes (New Steam Version) (HKLM-x32\...\Steam App 228200) (Version: - Relic) Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version: - Relic Entertainment) CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts) dakota.ag (HKLM-x32\...\dakota.ag) (Version: 6.0.30 - ITSG GmbH) dakota.ag (x32 Version: 6.0.30 - ITSG GmbH) Hidden DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive) DGS-1500-28 (HKLM-x32\...\{A0EBA397-F8F2-43A8-BF90-BFB06720EFB4}) (Version: 1.0.0.7 - D-Link) D-Link SmartConsole Utility (HKLM-x32\...\InstallShield_{4FCE40BB-5BD6-43C9-8DAD-5B0551D8DF0C}) (Version: 3.00.10 - D-Link) D-Link SmartConsole Utility (x32 Version: 3.00.10 - D-Link) Hidden Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden Emergency Download Driver (HKLM-x32\...\{9ED72246-E35D-4B03-8369-605E82465A29}) (Version: 1.1.5.1416 - Nokia) eMule (HKLM-x32\...\eMule) (Version: - ) Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.04 - Ubisoft) Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version: - Ubisoft) FileViewPro (HKLM\...\{29938C06-6962-4C27-A94C-25E4F424A665}_is1) (Version: 1.5 - Solvusoft Corporation) FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse) FOSCAM Client (HKLM-x32\...\{9F9CDA0B-2291-4061-85C4-441A75BE6713}) (Version: 1.4.13 - FOSCAM) Fraps (HKLM-x32\...\Fraps) (Version: - ) Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.) Free YouTube Download version 3.2.49.1122 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1122 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.39.604 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.39.604 - DVDVideoSoft Ltd.) FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version: Preview - Marek Jasinski) Fuse Drivers x64 (HKLM-x32\...\{06904B2B-5000-4C58-9471-256BA1A303BE}) (Version: 11.34.1 - Nokia) Futuremark SystemInfo (HKLM-x32\...\{2FE4C157-30AD-47F3-9D93-D9A2AFF25D3F}) (Version: 4.33.485.0 - Futuremark) Game Copa Petrobras de Marcas version 1.02 (HKLM-x32\...\{A5075C60-242E-432B-B935-31C90D127DA9}}_is1) (Version: 1.02 - Reiza Studios Ltda.) Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden GRID Autosport (HKLM-x32\...\Steam App 255220) (Version: - Codemasters Racing) Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve) HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.) Hotspot Shield 3.42 (HKLM-x32\...\HotspotShield) (Version: 3.42 - AnchorFree Inc.) HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP) HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard) HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation) Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel) IPCamSetup (HKLM-x32\...\{02C39DE9-B03A-4FE7-89F9-61E224FE65CC}) (Version: 1.00.0000 - FOSCAM) IPCWebComponents 3.1.0.5 (HKLM-x32\...\{4740E1B2-51CF-4083-8976-D6B3B5A5064F}_is1) (Version: 3.1.0.5 - ) iRacing.com Race Simulation (HKLM-x32\...\{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}) (Version: 1.01.0485 - iRacing.com Motorsport Simulations) iSpy (HKLM-x32\...\{067B0B45-5718-4AF1-AAAB-A8D0894183A0}) (Version: 5.6.8 - iSpy) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) Lexware Elster (HKLM-x32\...\{CEF3D480-E4A5-4962-BCF5-D72F355B4E98}) (Version: 14.02.00.0015 - Haufe-Lexware GmbH & Co.KG) Lexware financial office 2014 (x32 Version: 18.51.00.0199 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware financial office plus 2014 (HKLM-x32\...\{cceb5f5e-fa2f-4632-aa50-1dffce083c79}) (Version: 18.0.0.98 - Haufe-Lexware GmbH & Co.KG) Lexware Info Service (HKLM-x32\...\{C5F9841A-CE4B-4D57-AB97-D7A82910E1F6}) (Version: 4.51.00.0091 - Haufe-Lexware GmbH & Co.KG) Lexware Installations Dienst (HKLM-x32\...\{1071B240-540B-420C-A40F-EF0AF5CD4892}) (Version: 3.51.00.0022 - Haufe-Lexware GmbH & Co.KG) Lexware online banking (HKLM-x32\...\{7F603892-89C9-4EC4-9236-7AD4A798EA41}) (Version: 21.00.00.0039 - Haufe-Lexware GmbH & Co.KG) Lexware PDF-Export 5 (x32 Version: 5.00.00.0005 - Haufe-Lexware GmbH & Co.KG) Hidden LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere) Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.) Macrium Reflect Free Edition (Version: 5.3.7086 - Paramount Software (UK) Ltd.) Hidden Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Memory Cleaner 2.00 (HKLM-x32\...\MemClean) (Version: 2.00 - KoshyJohn.com) Metro 2033 Redux (HKLM-x32\...\Steam App 286690) (Version: - 4A GAMES) Metro: Last Light Redux (HKLM-x32\...\Steam App 287390) (Version: - 4A Games) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0407-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla) Mozilla Thunderbird 17.0.6 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 17.0.6 (x86 de)) (Version: 17.0.6 - Mozilla) Mozilla Thunderbird 24.0.1 (x86 de) (HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Mozilla Thunderbird 24.0.1 (x86 de)) (Version: 24.0.1 - Mozilla) MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD) MSI Kombustor 2.5.0 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version: - MSI Co., LTD) Need for Speed™ Rivals (HKLM-x32\...\{E0A32336-AA27-4053-99B2-C3380B7B95AC}) (Version: 1.4.0.0 - Electronic Arts) Nero 9 Lite (HKLM-x32\...\{f50f5bef-c397-4ef8-a24c-4d151e4c22ec}) (Version: - Nero AG) Nero Burning ROM 2014 (HKLM-x32\...\{A4DC74AA-F4DF-48B9-AA4B-C30CA0DBCA33}) (Version: 15.0.04600 - Nero AG) Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG) Netzmanager (HKLM-x32\...\Netzmanager) (Version: 1.081 - Deutsche Telekom AG) Netzmanager (Version: 1.081 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden Next Car Game Sneak Peek 2.0 (HKLM-x32\...\Steam App 272860) (Version: - Bugbear) Next Car Game: Wreckfest (HKLM-x32\...\Steam App 228380) (Version: - Bugbear) Nokia Software Recovery Tool (HKLM-x32\...\{637CB9CC-5F9E-40C1-ACF2-979733241E3E}) (Version: 1.4.3 - Nokia) NVIDIA GeForce Experience 2.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.1 - NVIDIA Corporation) NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.) PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PeerGuardian 2.0 (HKLM-x32\...\PeerGuardian_is1) (Version: 2.0.6.4 - Methlabs Productions) Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden Puddle (HKLM-x32\...\Steam App 222140) (Version: - Neko Entertainment) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.47.1374 - Qualcomm Atheros) Hidden Qualcomm Atheros Killer E220x Drivers (Version: 1.1.47.1374 - Qualcomm Atheros) Hidden Qualcomm Atheros Killer Performance Suite (HKLM-x32\...\{D675B346-8CDB-4C8E-804E-17FC9F62CEA5}) (Version: 1.1.47.1374 - Qualcomm Atheros) Qualcomm Atheros Killer Wireless-N Drivers (Version: 1.1.47.1374 - Qualcomm Atheros) Hidden Qualcomm Atheros Network Manager (Version: 1.1.47.1374 - Qualcomm Atheros) Hidden RACE 07 (HKLM-x32\...\Steam App 8600) (Version: - SimBin) Race Injection (HKLM-x32\...\Steam App 44680) (Version: - SimBin Studios AB) RaceRoom Racing Experience (HKLM-x32\...\Steam App 211500) (Version: - SimBin Studios AB) RaceRoom Racing Experience Launcher (HKLM-x32\...\{1FD9F07F-7BBF-4C91-B3F0-A23714A3A913}_is1) (Version: 1.0 - SimBin) Raptr (HKLM-x32\...\Raptr) (Version: - ) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform) rFactor2 (HKLM-x32\...\rFactor2) (Version: - ) RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder) Roadkil's Unstoppable Copier Version 5.2 (HKLM-x32\...\{A306FD29-7D3A-4287-91AC-9A0180931395}_is1) (Version: - Roadkil.Net) SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.18.14 - NVIDIA Corporation) Hidden SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts) SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts) Simraceway 28.92 (HKLM-x32\...\Simraceway) (Version: 28.92 - Simraceway) SSWebPlugin (HKLM-x32\...\{8E545090-944A-4AAE-8B20-23DF1786F17D}) (Version: 1.0.0.39 - Synology) Starbound (HKLM-x32\...\Steam App 211820) (Version: - ) StormFall (HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StormFall) (Version: - StormFall) <==== ATTENTION! Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{B9824225-2055-4700-BCD4-64B25EC88264}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) SurveillanceHelper (HKLM-x32\...\{E8236305-76A1-4AE2-A35C-2498D6876912}) (Version: 1.0.0.3 - Synology) SurveillancePlugin (HKLM-x32\...\{B4637DBD-7E8E-46D4-BC9C-EC1C9F1DC561}) (Version: 1.0.0.423 - Synology) sv.net (HKLM-x32\...\sv.net) (Version: 14.1 - ITSG GmbH) System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer) TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp) The Bureau: XCOM Declassified (HKLM-x32\...\Steam App 65930) (Version: - 2K Marin) The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version: - Ubisoft) The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios) The Evil Within Demo (HKLM-x32\...\Steam App 329960) (Version: - Tango Gameworks) The Great War 1918 (HKLM-x32\...\Steam App 314420) (Version: - Relic Entertainment) Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH) Transformers: Fall of Cybertron (HKLM-x32\...\Steam App 213120) (Version: - Mercenary Technologies) TRANSFORMERS: Rise of the Dark Spark (HKLM-x32\...\Steam App 245760) (Version: - Edge of Reality) TreeSize Free V3.2.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.2.1 - JAM Software) TrojanHunter 5.6 (HKLM-x32\...\TrojanHunter_is1) (Version: 5.6 - Bytelayer AB) True Image 2013 (HKLM-x32\...\{4AA75223-6CBF-46F4-8EE4-7BF0591089F7}Visible) (Version: 16.0.6514 - Acronis) True Image 2013 (x32 Version: 16.0.6514 - Acronis) Hidden True Image 2013 Plus Pack (HKLM-x32\...\{1547FF3D-F82F-46AE-819B-78C7BB3D53EC}) (Version: 16.0.6514 - Acronis) UltraISO Premium V9.6 (HKLM-x32\...\UltraISO_is1) (Version: - ) Unity Web Player (HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Uplay (HKLM-x32\...\Uplay) (Version: 4.5 - Ubisoft) USB Serial Port Driver (HKLM-x32\...\{281A7FBF-9E98-4639-AC73-D205BBF979AA}) (Version: 1.1.4.1416 - Nokia) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) War Thunder (HKLM-x32\...\Steam App 236390) (Version: - Gaijin Entertainment) Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version: - Ubisoft) Windows Phone app for desktop (HKLM-x32\...\{19773614-FC22-4ACC-AAA3-E6BDA81ACF92}) (Version: 1.1.2726.0 - Microsoft Corporation) Windows Phone app for desktop (HKLM-x32\...\{9C4D79B6-238E-49D8-AEBC-26384EBDE6B3}) (Version: 1.0.1720.1 - Microsoft Corporation) Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows-Treiberpaket - Lexmark International Printer (07/06/2012 2.1.5.0) (HKLM\...\BF11496524DAA0EE0B3DE7C870A7D17BC97C0B14) (Version: 07/06/2012 2.1.5.0 - Lexmark International) Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) WinToUSB version 1.4 (HKLM-x32\...\WinToUSB_is1) (Version: 1.4 - The EasyUEFI Development Team.) WinUsb CoInstallers (HKLM-x32\...\{B7D4B08A-9D89-4369-B51C-92CF8C03D2F8}) (Version: 1.1.8.1406 - Nokia) WinUSB Compatible ID Drivers (HKLM-x32\...\{C97989C1-551F-4F41-A069-2A49567FD36B}) (Version: 1.1.6.1416 - Nokia) WinUSB Drivers ext (HKLM-x32\...\{0ED6AC75-474D-4511-B198-05B8C99F6B8B}) (Version: 1.1.7.1416 - Nokia) Wolfenstein: The New Order German Edition (HKLM-x32\...\Steam App 288570) (Version: - MachineGames) WRC 4 FIA WORLD RALLY CHAMPIONSHIP (HKLM-x32\...\Steam App 256330) (Version: - Milestone S.r.l.) X-Motor Racing Demo (HKLM-x32\...\X-Motor Racing Demo_is1) (Version: - Exotypos) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2819443126-392552937-1277417864-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-2819443126-392552937-1277417864-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 28-12-2014 08:06:02 DirectX wurde installiert 04-01-2015 14:53:21 Geplanter Prüfpunkt 12-01-2015 18:14:24 Geplanter Prüfpunkt 15-01-2015 05:51:28 Prüfpunkt von HitmanPro ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0AA1F179-FA10-46AF-9EAF-C6933A770D59} - \Seagate_Install_Launch No Task File <==== ATTENTION Task: {1887A53C-F03A-4C3F-8FEC-01CA1DB6EA08} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ONEPC-Admin OnePC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation) Task: {19395FDD-F5F0-447C-A834-FC9D8D1674EE} - \HPCustParticipation HP Officejet Pro 8600 No Task File <==== ATTENTION Task: {203982B8-C446-4F4F-8EF0-0BF4BC3A8952} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation) Task: {287F3197-7998-470F-B04D-6E2A296FABCB} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION Task: {3036B396-15F3-4430-98A9-337AB8481398} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION Task: {338EF201-1E25-40B3-98AE-3CFE691E881A} - \Microsoft_MKC_Logon_Task_itype.exe No Task File <==== ATTENTION Task: {3AA151C0-7079-4BD8-89B0-609D22DCA726} - \Microsoft_Hardware_Launch_mousekeyboardcenter_exe No Task File <==== ATTENTION Task: {41EED3EA-2A03-4192-87D2-5C3782189C28} - \User_Feed_Synchronization-{DF772C42-9DA6-4A07-A576-E2DAD94F2096} No Task File <==== ATTENTION Task: {51474427-D684-45F5-8DB5-C0732E75E7CA} - \{26CC40C6-7AF6-4A6A-B384-369B1AFDBE66} No Task File <==== ATTENTION Task: {57F7813B-623C-48B4-A6C2-525117AC3F7C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {619D129F-4304-4C73-A121-6730E9FA3027} - \CreateChoiceProcessTask No Task File <==== ATTENTION Task: {7015B8D7-DDB2-4A32-8E32-10F221DF0882} - \Microsoft_Hardware_Launch_itype_exe No Task File <==== ATTENTION Task: {796504CA-79C5-458A-9541-3173FACB30C1} - \Core Temp Autostart Admin No Task File <==== ATTENTION Task: {7B229291-634C-4B5B-8CA2-0FF9C5D4E72C} - \Microsoft_Hardware_Launch_ipoint_exe No Task File <==== ATTENTION Task: {88FA4920-C21E-4BB0-ACB3-1E00E1C234E1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation) Task: {8DECFF88-F9C4-4FF9-974B-245F72E1A9D6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation) Task: {A669484B-2B77-435D-A374-7A47988CF89F} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2819443126-392552937-1277417864-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe Task: {B86FCF37-6A96-4790-8328-5F8CC3E35BAB} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG) Task: {BA578D76-4613-45AB-8355-C0E4E3AA2CBC} - \MSIAfterburner No Task File <==== ATTENTION Task: {C5050D0C-D39A-4B60-92FD-B5AA00AE652F} - \Microsoft_MKC_Logon_Task_ipoint.exe No Task File <==== ATTENTION Task: {D8E1604D-4461-4BEF-B40D-5AC569CD1890} - \GarminUpdaterTask No Task File <==== ATTENTION Task: {E30E0525-FD4D-468D-B8B6-3BD9F61056C3} - \HP AR Program Upload - c8ac4278ca3949a487036fae545744fe5052aa724f0240da89d05ea85040bf29 No Task File <==== ATTENTION Task: {E551B41C-005D-431F-9533-76BFA25BCAC2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd) Task: {F0548ACB-7990-4C42-BD97-653F71BDB95B} - System32\Tasks\FRAPS => C:\Fraps\fraps.exe [2013-02-26] (Beepa P/L) Task: {F8BAAB94-6F81-4DEF-BE85-6B3592734D8B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated) Task: {FA3CDBEE-0CC7-4B6A-9DA9-4D2154F03A36} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-ONEPC => C:\Windows\ehome\McxTask.exe [2013-09-30] (Microsoft Corporation) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-06-20 18:09 - 2014-12-15 11:45 - 00020240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll 2014-03-22 09:08 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2013-08-10 21:00 - 2014-06-13 14:17 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe 2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2013-03-27 22:39 - 2013-03-27 22:39 - 00021824 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\x64\ti_managers_proxy_stub.dll 2014-11-25 08:19 - 2014-11-25 08:19 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll 2014-09-19 14:48 - 2014-09-19 14:48 - 00330240 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe 2014-11-22 01:03 - 2014-11-22 01:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2014-12-19 09:41 - 2014-12-19 09:41 - 01007104 _____ () D:\Program Files (x86)\Origin\platforms\qwindows.dll 2014-12-19 09:40 - 2014-12-19 09:40 - 00023552 _____ () D:\Program Files (x86)\Origin\imageformats\qgif.dll 2014-12-19 09:40 - 2014-12-19 09:40 - 00024576 _____ () D:\Program Files (x86)\Origin\imageformats\qico.dll 2014-12-19 09:40 - 2014-12-19 09:40 - 00216576 _____ () D:\Program Files (x86)\Origin\imageformats\qjpeg.dll 2014-12-19 09:40 - 2014-12-19 09:40 - 00261120 _____ () D:\Program Files (x86)\Origin\imageformats\qmng.dll 2014-12-19 09:40 - 2014-12-19 09:40 - 00019456 _____ () D:\Program Files (x86)\Origin\imageformats\qtga.dll 2014-12-19 09:40 - 2014-12-19 09:40 - 00337408 _____ () D:\Program Files (x86)\Origin\imageformats\qtiff.dll 2014-12-19 09:40 - 2014-12-19 09:40 - 00018944 _____ () D:\Program Files (x86)\Origin\imageformats\qwbmp.dll 2013-09-26 11:20 - 2013-09-26 11:20 - 00176168 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll 2013-09-26 11:20 - 2013-09-26 11:20 - 00043048 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll 2010-11-22 23:56 - 2010-11-22 23:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd 2014-05-14 00:26 - 2014-05-14 00:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd 2014-05-14 00:26 - 2014-05-14 00:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd 2014-05-14 00:26 - 2014-05-14 00:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd 2014-05-14 00:26 - 2014-05-14 00:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd 2010-11-22 23:57 - 2010-11-22 23:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll 2010-11-22 23:56 - 2010-11-22 23:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd 2010-11-22 23:57 - 2010-11-22 23:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd 2010-11-22 23:57 - 2010-11-22 23:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd 2011-02-15 19:17 - 2011-02-15 19:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll 2010-11-22 23:57 - 2010-11-22 23:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd 2014-05-14 00:26 - 2014-05-14 00:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll 2010-11-22 23:57 - 2010-11-22 23:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd 2014-08-14 01:37 - 2014-08-14 01:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll 2014-08-14 01:37 - 2014-08-14 01:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll 2010-11-22 23:56 - 2010-11-22 23:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd 2011-11-21 03:20 - 2011-11-21 03:20 - 01949696 _____ () C:\Program Files (x86)\Raptr\libtorrent.pyd 2010-11-22 23:57 - 2010-11-22 23:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd 2013-11-21 01:05 - 2013-11-21 01:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll 2010-11-22 23:57 - 2010-11-22 23:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd 2014-06-18 01:56 - 2014-06-18 01:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd 2011-02-15 19:17 - 2011-02-15 19:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll 2010-11-23 00:06 - 2010-11-23 00:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll 2013-05-10 00:52 - 2013-05-10 00:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll 2013-05-10 00:52 - 2013-05-10 00:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll 2013-05-10 00:52 - 2013-05-10 00:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll 2013-05-03 19:56 - 2013-05-03 19:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll 2013-05-03 19:56 - 2013-05-03 19:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll 2013-05-03 19:56 - 2013-05-03 19:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll 2014-12-09 07:16 - 2014-12-09 07:16 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-11-21 05:49 - 2014-11-21 05:49 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Admin\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: AcrSch2Svc => 2 MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: ADUServiceNSRT => 2 MSCONFIG\Services: afcdpsrv => 2 MSCONFIG\Services: BEService => 3 MSCONFIG\Services: cphs => 3 MSCONFIG\Services: Futuremark SystemInfo Service => 3 MSCONFIG\Services: Garmin Core Update Service => 3 MSCONFIG\Services: GfExperienceService => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: hmpalertsvc => 2 MSCONFIG\Services: hshld => 2 MSCONFIG\Services: HssTrayService => 3 MSCONFIG\Services: HssWd => 2 MSCONFIG\Services: IAStorDataMgrSvc => 2 MSCONFIG\Services: ICCS => 3 MSCONFIG\Services: igfxCUIService1.0.0.0 => 2 MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2 MSCONFIG\Services: iRacingService => 2 MSCONFIG\Services: jhi_service => 2 MSCONFIG\Services: Lexware_Update_Service => 2 MSCONFIG\Services: LMS => 2 MSCONFIG\Services: Micro Star SCM => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: NAUpdate => 2 MSCONFIG\Services: Netzmanager Service => 2 MSCONFIG\Services: NvNetworkService => 2 MSCONFIG\Services: NvStreamSvc => 2 MSCONFIG\Services: nvsvc => 2 MSCONFIG\Services: Origin Client Service => 3 MSCONFIG\Services: Qualcomm Atheros Killer Service V2 => 2 MSCONFIG\Services: ReflectService.exe => 2 MSCONFIG\Services: Simraceway Update Service => 2 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\Services: syncagentsrv => 2 MSCONFIG\Services: TeamViewer => 2 MSCONFIG\Services: UNS => 2 HKLM\...\StartupApproved\StartupFolder: => "SRW Download Manager.lnk" HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service" HKLM\...\StartupApproved\Run32: => "IAStorIcon" HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor" HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe" HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray" HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\StartupFolder: => "Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk" HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk" HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\StartupFolder: => "Tintenwarnungen überwachen - .lnk" HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\Run: => "GarminExpressTrayApp" HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\Run: => "Uploader" HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\Run: => "Prime95" ========================= Accounts: ========================== Admin (S-1-5-21-2819443126-392552937-1277417864-1001 - Administrator - Enabled) => C:\Users\Admin Administrator (S-1-5-21-2819443126-392552937-1277417864-500 - Administrator - Disabled) fbwuser2B82 (S-1-5-21-2819443126-392552937-1277417864-1007 - Limited - Enabled) fbwuser6E92 (S-1-5-21-2819443126-392552937-1277417864-1008 - Limited - Enabled) fbwuserADE8 (S-1-5-21-2819443126-392552937-1277417864-1005 - Limited - Enabled) fbwuserB171 (S-1-5-21-2819443126-392552937-1277417864-1006 - Limited - Enabled) fbwuserB705 (S-1-5-21-2819443126-392552937-1277417864-1010 - Limited - Enabled) fbwuserF7BE (S-1-5-21-2819443126-392552937-1277417864-1009 - Limited - Enabled) Gast (S-1-5-21-2819443126-392552937-1277417864-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2819443126-392552937-1277417864-1012 - Limited - Enabled) Mcx1-ONEPC (S-1-5-21-2819443126-392552937-1277417864-1004 - Limited - Enabled) => C:\Users\Mcx1-ONEPC ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: High Definition Audio-Controller Description: High Definition Audio-Controller Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: HDAudBus Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Microsoft Bluetooth-Auflistung Description: Microsoft Bluetooth-Auflistung Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Microsoft Service: BthEnum Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Virtueller Microsoft-Adapter für direktes WiFi #3 Description: Virtueller Microsoft-Adapter für direktes WiFi Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: vwifimp Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (01/17/2015 08:57:37 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83 Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000011aa ID des fehlerhaften Prozesses: 0xbe4 Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0 Pfad der fehlerhaften Anwendung: Gmer-19357.exe1 Pfad des fehlerhaften Moduls: Gmer-19357.exe2 Berichtskennung: Gmer-19357.exe3 Vollständiger Name des fehlerhaften Pakets: Gmer-19357.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Gmer-19357.exe5 Error: (01/17/2015 08:56:23 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: rundll32.exe_winethc.dll, Version: 6.3.9600.17415, Zeitstempel: 0x54504eb8 Name des fehlerhaften Moduls: USER32.dll, Version: 6.3.9600.17476, Zeitstempel: 0x54516b13 Ausnahmecode: 0xc0000142 Fehleroffset: 0x00000000000ec5a0 ID des fehlerhaften Prozesses: 0x1838 Startzeit der fehlerhaften Anwendung: 0xrundll32.exe_winethc.dll0 Pfad der fehlerhaften Anwendung: rundll32.exe_winethc.dll1 Pfad des fehlerhaften Moduls: rundll32.exe_winethc.dll2 Berichtskennung: rundll32.exe_winethc.dll3 Vollständiger Name des fehlerhaften Pakets: rundll32.exe_winethc.dll4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: rundll32.exe_winethc.dll5 Error: (01/17/2015 08:55:38 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83 Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000011aa ID des fehlerhaften Prozesses: 0x1d54 Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0 Pfad der fehlerhaften Anwendung: Gmer-19357.exe1 Pfad des fehlerhaften Moduls: Gmer-19357.exe2 Berichtskennung: Gmer-19357.exe3 Vollständiger Name des fehlerhaften Pakets: Gmer-19357.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Gmer-19357.exe5 Error: (01/17/2015 08:54:34 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83 Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000011aa ID des fehlerhaften Prozesses: 0x76c Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0 Pfad der fehlerhaften Anwendung: Gmer-19357.exe1 Pfad des fehlerhaften Moduls: Gmer-19357.exe2 Berichtskennung: Gmer-19357.exe3 Vollständiger Name des fehlerhaften Pakets: Gmer-19357.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Gmer-19357.exe5 Error: (01/17/2015 08:54:13 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest. Error: (01/17/2015 08:54:13 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest. Error: (01/17/2015 08:50:15 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83 Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000011aa ID des fehlerhaften Prozesses: 0x1f90 Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0 Pfad der fehlerhaften Anwendung: Gmer-19357.exe1 Pfad des fehlerhaften Moduls: Gmer-19357.exe2 Berichtskennung: Gmer-19357.exe3 Vollständiger Name des fehlerhaften Pakets: Gmer-19357.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Gmer-19357.exe5 Error: (01/16/2015 05:25:44 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest. Error: (01/16/2015 05:25:44 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest. Error: (01/16/2015 05:09:50 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest. System errors: ============= Error: (01/17/2015 08:36:22 AM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden. Error: (01/17/2015 08:15:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Windows Defender-Netzwerkinspektionsdienst" ist vom Dienst "Treiber für Windows Defender-Netzwerkinspektionssystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (01/17/2015 08:15:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Treiber für Windows Defender-Netzwerkinspektionssystem" ist vom Dienst "Basisfiltermodul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (01/17/2015 08:14:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Windows Defender-Netzwerkinspektionsdienst" ist vom Dienst "Treiber für Windows Defender-Netzwerkinspektionssystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (01/17/2015 08:14:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Treiber für Windows Defender-Netzwerkinspektionssystem" ist vom Dienst "Basisfiltermodul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (01/17/2015 08:13:40 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Windows Defender-Netzwerkinspektionsdienst" ist vom Dienst "Treiber für Windows Defender-Netzwerkinspektionssystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (01/17/2015 08:13:40 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Treiber für Windows Defender-Netzwerkinspektionssystem" ist vom Dienst "Basisfiltermodul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (01/17/2015 08:12:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Windows Defender-Netzwerkinspektionsdienst" ist vom Dienst "Treiber für Windows Defender-Netzwerkinspektionssystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (01/17/2015 08:12:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Treiber für Windows Defender-Netzwerkinspektionssystem" ist vom Dienst "Basisfiltermodul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (01/17/2015 08:11:58 AM) (Source: DCOM) (EventID: 10010) (User: ONEPC) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Microsoft Office Sessions: ========================= Error: (01/17/2015 08:57:37 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000005000011aabe401d0322b383542daC:\Users\Admin\Downloads\Gmer-19357.exeC:\Users\Admin\Downloads\Gmer-19357.exe80290772-9e1e-11e4-bffd-a417319ede24 Error: (01/17/2015 08:56:23 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: rundll32.exe_winethc.dll6.3.9600.1741554504eb8USER32.dll6.3.9600.1747654516b13c000014200000000000ec5a0183801d0322b169eadd0C:\WINDOWS\System32\rundll32.exeUSER32.dll5452e9d3-9e1e-11e4-bffd-a417319ede24 Error: (01/17/2015 08:55:38 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000005000011aa1d5401d0322af12514b2C:\Users\Admin\Downloads\Gmer-19357.exeC:\Users\Admin\Downloads\Gmer-19357.exe392e1f27-9e1e-11e4-bffd-a417319ede24 Error: (01/17/2015 08:54:34 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000005000011aa76c01d0322acac9c6a0C:\Users\Admin\Downloads\Gmer-19357.exeC:\Users\Admin\Downloads\Gmer-19357.exe12e78c55-9e1e-11e4-bffd-a417319ede24 Error: (01/17/2015 08:54:13 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Admin\Downloads\esetsmartinstaller_deu(1).exe Error: (01/17/2015 08:54:13 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Admin\Downloads\esetsmartinstaller_deu.exe Error: (01/17/2015 08:50:15 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c0000005000011aa1f9001d0322a3096c0b2C:\Users\Admin\Downloads\Gmer-19357.exeC:\Users\Admin\Downloads\Gmer-19357.exe789c3bd7-9e1d-11e4-bffd-a417319ede24 Error: (01/16/2015 05:25:44 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Admin\Downloads\esetsmartinstaller_deu.exe Error: (01/16/2015 05:25:44 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Admin\Downloads\esetsmartinstaller_deu(1).exe Error: (01/16/2015 05:09:50 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Admin\Downloads\esetsmartinstaller_deu(1).exe CodeIntegrity Errors: =================================== Date: 2015-01-17 08:38:50.628 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. Date: 2015-01-17 08:37:13.378 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. Date: 2015-01-17 08:37:02.549 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements. Date: 2015-01-17 08:36:56.127 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. Date: 2015-01-17 08:36:53.330 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\NisSrv.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-01-17 08:36:49.177 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-01-17 08:14:57.301 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. Date: 2015-01-17 08:12:32.033 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-01-17 07:52:03.116 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements. Date: 2015-01-17 07:51:55.202 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz Percentage of memory in use: 21% Total physical RAM: 16276.89 MB Available physical RAM: 12839.71 MB Total Pagefile: 32660.89 MB Available Pagefile: 29557.85 MB Total Virtual: 131072 MB Available Virtual: 131071.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:446.79 GB) (Free:128.83 GB) NTFS Drive d: (Volume) (Fixed) (Total:931.39 GB) (Free:217.49 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 447.1 GB) (Disk ID: 003DE352) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=446.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: 000ABBCC) Partition: GPT Partition Type. ==================== End Of Log ============================ Geändert von andto (17.01.2015 um 21:39 Uhr) Grund: ohje in Brocken.... |
17.01.2015, 23:43 | #6 |
/// the machine /// TB-Ausbilder | nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v |
18.01.2015, 10:54 | #7 |
| nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v Achtung das abarbeiten mit einem Programm führt zum Verlust der WLan und Netzwerk anbindung es scheint das dort etwas gelöscht wird. Ich habe den Wiederherstellungspunkt genutzt und bin wieder Stand heute morgen 07:00 "stormfall" aber nun muss ich erst prüfen was wird da weggenommen aber wichtig für den Zugang zum Internet beinhaltet. Vielen Dank 1. REVO Check 2. Malwarebyte Check Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 18.01.2015 Suchlauf-Zeit: 09:19:43 Logdatei: Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.01.18.04 Rootkit Datenbank: v2015.01.14.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Admin Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 416779 Verstrichene Zeit: 7 Min, 27 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.108 - Bericht erstellt am 18/01/2015 um 07:05:51 # Aktualisiert 17/01/2015 von Xplode # Database : 2015-01-13.2 [Live] # Betriebssystem : Windows 8.1 Pro with Media Center (64 bits) # Benutzername : Admin - ONEPC # Gestartet von : C:\Users\Admin\Downloads\AdwCleaner_4.108(1).exe # Option : Suchen ***** [ Dienste ] ***** Dienst Gefunden : hshld Dienst Gefunden : hsstrayservice Dienst Gefunden : hsswd ***** [ Dateien / Ordner ] ***** Datei Gefunden : C:\Users\Public\Desktop\Hotspot Shield.lnk Datei Gefunden : C:\Users\Public\Desktop\Hotspot Shield.lnk Datei Gefunden : C:\WINDOWS\System32\drivers\hssdrv6.sys Datei Gefunden : C:\WINDOWS\System32\drivers\taphss6.sys Ordner Gefunden : C:\Program Files (x86)\hotspot shield Ordner Gefunden : C:\ProgramData\hotspot shield Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield Ordner Gefunden : C:\Users\Admin\AppData\Local\CrashRpt Ordner Gefunden : C:\Users\Admin\AppData\Local\eSupport.com Ordner Gefunden : C:\Users\Admin\AppData\Local\PackageAware Ordner Gefunden : C:\Users\Admin\AppData\Roaming\hotspot shield Ordner Gefunden : C:\Users\Admin\AppData\Roaming\RHEng Ordner Gefunden : C:\Users\Admin\AppData\Roaming\Solvusoft Ordner Gefunden : C:\WINDOWS\SysWOW64\hotspot shield ***** [ Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gefunden : HKCU\Software\anchorfree Schlüssel Gefunden : HKCU\Software\eSupport.com Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} Schlüssel Gefunden : HKCU\Software\OCS Schlüssel Gefunden : [x64] HKCU\Software\anchorfree Schlüssel Gefunden : [x64] HKCU\Software\eSupport.com Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} Schlüssel Gefunden : [x64] HKCU\Software\OCS Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Schlüssel Gefunden : HKLM\SOFTWARE\hotspotshield Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 228200 Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Mozilla Firefox v34.0.5 (x86 de) [mpiofm0i.default-1406638029815] - Zeile gefunden : user_pref("browser.search.selectedEngine", "Vosteran"); [mpiofm0i.default-1406638029815] - Zeile gefunden : user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://Vosteran.com/?f=1&a=vst_dnldstr_14_51_ff&cd=2XzuyEtN2Y1L1Qzu0AyEtCyBtAtCzy0E0D0EtByE0AtB0FtAtN0D0Tzu0StCtDzzyEtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtBzy[...] [mpiofm0i.default-1406638029815] - Zeile gefunden : user_pref("extensions.srchvstrn.newTabUrl", "hxxp://Vosteran.com/?f=2&a=vst_dnldstr_14_51_ff&cd=2XzuyEtN2Y1L1Qzu0AyEtCyBtAtCzy0E0D0EtByE0AtB0FtAtN0D0Tzu0StCtDzzyEtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyEtB[...] [mpiofm0i.default-1406638029815] - Zeile gefunden : user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran"); [mpiofm0i.default-1406638029815] - Zeile gefunden : user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran"); [mpiofm0i.default-1406638029815] - Zeile gefunden : user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://Vosteran.com/?f=3&a=vst_dnldstr_14_51_ff&cd=2XzuyEtN2Y1L1Qzu0AyEtCyBtAtCzy0E0D0EtByE0AtB0FtAtN0D0Tzu0StCtDzzyEtN1L2XzutAtFyCtFtCtDtFyBtN1L1CzutCyE[...] ************************* AdwCleaner[R0].txt - [3862 octets] - [17/01/2015 13:14:26] AdwCleaner[R1].txt - [3765 octets] - [18/01/2015 07:05:51] ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [3825 octets] ########## 4. JRT Protokoll Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.1 (12.28.2014:1) OS: Windows 8.1 Pro with Media Center x64 Ran by Admin on 18.01.2015 at 9:34:43,94 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [Service] hshld Successfully deleted: [Service] hshld Successfully stopped: [Service] hsstrayservice Successfully deleted: [Service] hsstrayservice Successfully stopped: [Service] hsswd Successfully deleted: [Service] hsswd ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\hotspot shield" Successfully deleted: [Folder] "C:\Users\Admin\AppData\Roaming\hotspot shield" Successfully deleted: [Folder] "C:\Program Files (x86)\hotspot shield" ~~~ FireFox Successfully deleted the following from C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\mpiofm0i.default-1406638029815\prefs.js user_pref("browser.search.selectedEngine", "Vosteran"); user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://Vosteran.com/?f=1&a=vst_dnldstr_14_51_ff&cd=2XzuyEtN2Y1L1Qzu0AyEtCyBtAtCzy0E0D0EtByE0AtB0FtAtN0D0Tzu0StCtDzzyEtN1L2XzutAtFyCt user_pref("extensions.srchvstrn.newTabUrl", "hxxp://Vosteran.com/?f=2&a=vst_dnldstr_14_51_ff&cd=2XzuyEtN2Y1L1Qzu0AyEtCyBtAtCzy0E0D0EtByE0AtB0FtAtN0D0Tzu0StCtDzzyEtN1L2XzutAtFy user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran"); user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran"); user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://Vosteran.com/?f=3&a=vst_dnldstr_14_51_ff&cd=2XzuyEtN2Y1L1Qzu0AyEtCyBtAtCzy0E0D0EtByE0AtB0FtAtN0D0Tzu0StCtDzzyEtN1L2XzutAt Emptied folder: C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\mpiofm0i.default-1406638029815\minidumps [8 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 18.01.2015 at 9:40:30,79 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ siehe code von adware... klar da is noch vosteran was drauf aber das sieht nicht nach dem Übeltäter für das Abschalten des Netzwerkes verantwortlich zu sein und ein neues FRST FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015 Ran by Admin (administrator) on ONEPC on 18-01-2015 10:11:30 Running from C:\Users\Admin\Downloads Loaded Profiles: Admin (Available profiles: Admin & Mcx1-ONEPC) Platform: Windows 8.1 Pro with Media Center (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe () C:\Program Files (x86)\Common Files\Nokia\ADUService\ADUService.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (iRacing.com Motorsport Simulations, LLC Bedford, MA 01730) D:\Program Files (x86)\iRacing\iRacingService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe (Micro-Star International Co., Ltd.) C:\Windows\SysWOW64\MSIService.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe (Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe () C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Beepa P/L) C:\Fraps\fraps.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Internettransfer\LxTrans.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe (Geek Software GmbH) D:\Program Files (x86)\PDF24\pdf24.exe (Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe (Mischel Internet Security) C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe (Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Beepa P/L) C:\Fraps\fraps64.dat (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe (Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officec2rclient.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531984 2015-01-07] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [517912 2013-02-15] (Acronis) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [TransferManager] => C:\Program Files (x86)\Common Files\Lexware\Internettransfer\LxTrans.exe [444928 2014-06-29] (Haufe-Lexware GmbH & Co. KG) HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2014-06-03] (Haufe-Lexware GmbH & Co. KG) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6405376 2013-03-28] (Acronis) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1105848 2013-01-10] (Acronis) HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc) HKLM-x32\...\Run: [PDFPrint] => d:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH) HKLM-x32\...\Run: [THGuard] => C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe [1081808 2014-07-30] (Mischel Internet Security) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [SkyDrive] => C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-09] (Microsoft Corporation) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [EADM] => d:\Program Files (x86)\Origin\Origin.exe [3618648 2014-12-19] (Electronic Arts) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [GarminExpressTrayApp] => D:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [Prime95] => C:\Users\Admin\Downloads\p95v285.win64\prime95.exe [36363264 2014-05-30] () HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [PeerGuardian] => C:\Program Files (x86)\PeerGuardian2\pg2.exe [1421824 2005-09-18] (Methlabs) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\MountPoints2: {0d48a496-850f-11e3-becb-a417319ede24} - "G:\setup_vmc_lite.exe" /checkApplicationPresence HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\MountPoints2: {78f8706e-00e8-11e4-bf2b-a417319ede24} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\start.exe HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => D:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation) AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation) AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation) Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG) Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk ShortcutTarget: Tintenwarnungen überwachen - .lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{2D7BDE37-83EC-438A-9E1F-A610594DD358}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRW Download Manager.lnk ShortcutTarget: SRW Download Manager.lnk -> C:\IgniteGT\Simraceway\SRWAgent.exe (IgniteGT) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = SearchScopes: HKU\S-1-5-21-2819443126-392552937-1277417864-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {3746422E-4692-4429-9698-E3EB34FE07BC} hxxp://192.168.1.9:88/FSIPCam.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {960DC750-7447-4CDE-BF1C-FB33F9129654} hxxp://192.168.1.9:5000/webman/3rdparty/SurveillanceStation/object/SSObject3.cab?6.1-2909 DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://192.168.1.117/codebase/DVM_IPCam2.ocx DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815 FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll () FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll () FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: synology.com/SurveillanceHelper -> C:\Program Files (x86)\Synology\SurveillanceHelper\1.0.0.3\npSurveillanceHelper.dll (Synology) FF Plugin-x32: synology.com/SurveillancePlugin -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.423\npSurveillancePlugin.dll (Synology) FF Plugin HKU\S-1-5-21-2819443126-392552937-1277417864-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-2819443126-392552937-1277417864-1001: hp.com/HPDetect -> C:\Users\Admin\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP) FF Plugin HKU\S-1-5-21-2819443126-392552937-1277417864-1001: synology.com/SSWebPlugin -> C:\Users\Admin\AppData\Roaming\Synology\SSWebPlugin\1.0.0.39\npSSWebPlugin.dll (Synology) FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\searchplugins\google-images.xml FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\searchplugins\google-maps.xml FF Extension: npIpcam - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\Extensions\npapi@n.com [2014-08-23] FF Extension: Bitdefender QuickScan - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-12-25] FF Extension: {4bca6f1e-1ab9-44ff-9461-67bd2fbe7039} - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\Extensions\{4bca6f1e-1ab9-44ff-9461-67bd2fbe7039}.xpi [2014-11-09] FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-21] FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-12-09] FF HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\extensions\cliqz@cliqz.com Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Admin\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-11-08] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ADUServiceNSRT; C:\Program Files (x86)\Common Files\Nokia\ADUService\ADUService.exe [100984 2014-06-26] () [File not signed] S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-12-03] () S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-12-10] (Futuremark) S3 Garmin Core Update Service; D:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-07] (NVIDIA Corporation) R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2015-01-15] (SurfRight B.V.) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-10-03] (Intel Corporation) R2 iRacingService; D:\Program Files (x86)\iRacing\iRacingService.exe [798840 2015-01-13] (iRacing.com Motorsport Simulations, LLC Bedford, MA 01730) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-09-17] (Intel Corporation) R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [62504 2014-06-26] (Haufe-Lexware GmbH & Co. KG) R2 Micro Star SCM; C:\WINDOWS\SysWOW64\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) [File not signed] R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2015-01-07] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19822736 2015-01-07] (NVIDIA Corporation) S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts) R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-06-13] () R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [387584 2014-09-19] (Qualcomm Atheros) [File not signed] R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3275728 2014-06-24] (Paramount Software UK Ltd) R2 Simraceway Update Service; C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe [1630720 2013-07-11] () [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3905536 2014-08-22] (Qualcomm Atheros Communications, Inc.) R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [97968 2014-09-11] (Qualcomm Atheros, Inc.) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2015-01-15] () R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.) R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.) R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.) S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [11776 2009-04-09] (ZTE Incorporated) [File not signed] S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-18] (Malwarebytes Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4263936 2013-06-03] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-07] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] () S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited) S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-06-23] (Research in Motion Limited) S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd) S3 SjtWinIo; C:\Windows\System32\drivers\SjtWinIo.sys [9216 2014-08-26] (SpeedJet Technology INC.) S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.) R3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-11-11] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2014-11-11] (Acronis) S3 UHSfiltv; C:\Windows\system32\drivers\UHSfiltv.sys [23552 2012-09-12] (Creative Technology Ltd.) [File not signed] S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S3 AthBTPort; \SystemRoot\system32\DRIVERS\btath_flt.sys [X] S3 BTATH_A2DP; \SystemRoot\system32\drivers\btath_a2dp.sys [X] S3 btath_avdt; \SystemRoot\system32\drivers\btath_avdt.sys [X] S3 BTATH_BUS; \SystemRoot\System32\drivers\btath_bus.sys [X] S3 BTATH_HCRP; \SystemRoot\System32\drivers\btath_hcrp.sys [X] S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X] S3 BTATH_RCP; \SystemRoot\System32\drivers\btath_rcp.sys [X] S3 cpuz138; \??\C:\WINDOWS\TEMP\cpuz138\cpuz138_x64.sys [X] S3 GPUZ; \??\C:\WINDOWS\TEMP\GPUZ.sys [X] S3 hitmanpro37; \??\C:\WINDOWS\system32\drivers\hitmanpro37.sys [X] U3 pxldapoc; \??\C:\Users\Admin\AppData\Local\Temp\pxldapoc.sys [X] S3 VMSMP; \SystemRoot\system32\DRIVERS\vmswitch.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-18 10:11 - 2015-01-18 10:11 - 00000000 ____D () C:\Users\Admin\Downloads\FRST-OlderVersion 2015-01-18 09:40 - 2015-01-18 09:40 - 00002251 _____ () C:\Users\Admin\Desktop\JRT.txt 2015-01-18 09:34 - 2015-01-18 09:34 - 01707939 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe 2015-01-18 09:34 - 2015-01-18 09:34 - 00000000 ____D () C:\WINDOWS\ERUNT 2015-01-18 09:31 - 2015-01-18 09:31 - 02186752 _____ () C:\Users\Admin\Downloads\AdwCleaner_4.108(1).exe 2015-01-18 09:18 - 2015-01-18 09:39 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-01-18 09:18 - 2015-01-18 09:18 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-18 09:18 - 2015-01-18 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-18 09:18 - 2015-01-18 09:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-18 09:18 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-01-18 09:18 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-01-18 09:18 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-01-18 09:10 - 2015-01-18 09:11 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028(1).exe 2015-01-18 09:00 - 2015-01-18 09:00 - 00000000 ____D () C:\WINDOWS\LastGood 2015-01-18 08:52 - 2014-08-22 09:00 - 03905536 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athwbx.sys 2015-01-18 08:34 - 2015-01-18 08:34 - 00000000 ____D () C:\Dell 2015-01-18 07:30 - 2015-01-18 07:30 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp 2015-01-18 07:26 - 2015-01-18 07:26 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Synaptics 2015-01-18 07:21 - 2015-01-18 08:23 - 00029758 _____ () C:\WINDOWS\DPINST.LOG 2015-01-18 07:21 - 2015-01-18 07:21 - 00001342 _____ () C:\WINDOWS\Synaptics.log 2015-01-18 07:21 - 2015-01-18 07:21 - 00000000 ____D () C:\Program Files\Synaptics 2015-01-18 07:10 - 2015-01-18 07:10 - 00003707 _____ () C:\Users\Admin\Desktop\AdwCleaner[S0].txt 2015-01-18 07:04 - 2015-01-18 07:04 - 00001220 _____ () C:\Users\Admin\Desktop\Malwarebytes Anti-Malware180120150700.txt 2015-01-18 06:50 - 2015-01-18 09:02 - 00001280 _____ () C:\Users\Admin\Desktop\Revo Uninstaller.lnk 2015-01-18 06:50 - 2015-01-18 09:02 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-01-18 06:50 - 2015-01-18 06:50 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Admin\Downloads\revosetup95.exe 2015-01-17 13:14 - 2015-01-18 09:32 - 00000000 ____D () C:\AdwCleaner 2015-01-17 13:14 - 2015-01-17 13:14 - 02186752 _____ () C:\Users\Admin\Downloads\AdwCleaner_4.108.exe 2015-01-17 13:12 - 2015-01-17 13:12 - 00380416 _____ () C:\Users\Admin\Downloads\dsz5321w.exe 2015-01-17 12:42 - 2015-01-17 13:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-01-17 12:41 - 2015-01-17 13:05 - 00000000 ____D () C:\Users\Admin\Desktop\mbar 2015-01-17 12:40 - 2015-01-17 12:41 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Admin\Downloads\mbar-1.08.2.1001.exe 2015-01-17 12:17 - 2015-01-17 12:17 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-01-17 12:16 - 2015-01-17 12:16 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu(2).exe 2015-01-17 12:08 - 2015-01-17 12:08 - 00013401 _____ () C:\Users\Admin\Downloads\gmerversion2018444.log 2015-01-17 09:48 - 2015-01-18 09:53 - 00002176 _____ () C:\WINDOWS\PFRO.log 2015-01-17 09:47 - 2015-01-17 09:47 - 00009952 _____ () C:\Users\Admin\Desktop\malwarebytestestversion2041028.txt 2015-01-17 09:45 - 2015-01-17 09:45 - 00365568 _____ () C:\Users\Admin\Downloads\gmer-2.0.18444.exe 2015-01-17 09:38 - 2015-01-17 09:38 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-17 09:32 - 2015-01-17 09:32 - 00085001 _____ () C:\Users\Admin\Desktop\Resultminitoolbox.txt 2015-01-17 09:31 - 2015-01-17 09:32 - 00084965 _____ () C:\Users\Admin\Downloads\Result.txt 2015-01-17 09:31 - 2015-01-17 09:31 - 00401920 _____ (Farbar) C:\Users\Admin\Downloads\MiniToolBox.exe 2015-01-17 09:23 - 2015-01-17 09:23 - 00126319 _____ () C:\Users\Admin\Downloads\Shortcut.txt 2015-01-17 09:21 - 2015-01-17 09:21 - 00049295 _____ () C:\Users\Admin\Desktop\FRST.txt 2015-01-17 08:49 - 2015-01-17 08:49 - 00380416 _____ () C:\Users\Admin\Downloads\Gmer-19357.exe 2015-01-17 08:44 - 2015-01-18 10:11 - 00026308 _____ () C:\Users\Admin\Downloads\FRST.txt 2015-01-17 08:44 - 2015-01-18 10:11 - 00000000 ____D () C:\FRST 2015-01-17 08:44 - 2015-01-17 09:23 - 00060300 _____ () C:\Users\Admin\Downloads\Addition.txt 2015-01-17 08:43 - 2015-01-18 10:11 - 02126336 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe 2015-01-17 08:43 - 2015-01-18 10:09 - 00000472 _____ () C:\Users\Admin\Downloads\defogger_disable.log 2015-01-17 08:43 - 2015-01-17 08:43 - 00050477 _____ () C:\Users\Admin\Downloads\Defogger.exe 2015-01-17 08:43 - 2015-01-17 08:43 - 00000000 _____ () C:\Users\Admin\defogger_reenable 2015-01-16 17:10 - 2015-01-16 17:10 - 00000000 ____D () C:\Users\Admin\Downloads\TcpView-3.05 2015-01-16 17:09 - 2015-01-16 17:09 - 01179936 _____ () C:\Users\Admin\Downloads\TCPView - CHIP-Installer.exe 2015-01-16 17:09 - 2015-01-16 17:09 - 00291606 _____ () C:\Users\Admin\Downloads\TcpView-3.05.zip 2015-01-16 14:41 - 2015-01-16 14:41 - 00003657 _____ () C:\Users\Admin\Desktop\virenverdachtdatei.txt 2015-01-16 08:41 - 2015-01-16 08:41 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu(1).exe 2015-01-15 06:14 - 2015-01-18 10:01 - 00000000 ____D () C:\WINDOWS\CryptoGuard 2015-01-15 06:14 - 2015-01-17 08:12 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert 2015-01-15 06:14 - 2015-01-15 06:37 - 00548424 _____ (SurfRight) C:\WINDOWS\system32\hmpalert.dll 2015-01-15 06:14 - 2015-01-15 06:37 - 00477008 _____ (SurfRight) C:\WINDOWS\SysWOW64\hmpalert.dll 2015-01-15 06:14 - 2015-01-15 06:37 - 00093144 _____ () C:\WINDOWS\system32\Drivers\hmpalert.sys 2015-01-15 06:14 - 2015-01-15 06:14 - 01889616 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\hmpalert.exe 2015-01-15 06:14 - 2015-01-15 06:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert 2015-01-15 06:14 - 2015-01-15 06:14 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert 2015-01-15 06:09 - 2015-01-15 06:09 - 00319536 _____ () C:\WINDOWS\Minidump\011515-10203-01.dmp 2015-01-15 06:08 - 2015-01-15 06:08 - 1604350282 _____ () C:\WINDOWS\MEMORY.DMP 2015-01-15 05:52 - 2015-01-15 05:52 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe 2015-01-15 05:52 - 2015-01-15 05:52 - 00000856 _____ () C:\WINDOWS\system32\.crusader 2015-01-15 05:52 - 2015-01-15 05:52 - 00000142 _____ () C:\WINDOWS\system32\bootdelete.lst 2015-01-14 20:20 - 2015-01-14 20:22 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.6 2015-01-14 20:20 - 2015-01-14 20:20 - 00059392 ____R () C:\WINDOWS\SysWOW64\streamhlp.dll 2015-01-14 20:20 - 2015-01-14 20:20 - 00001097 _____ () C:\Users\Admin\Desktop\TrojanHunter.lnk 2015-01-14 20:20 - 2015-01-14 20:20 - 00000000 ____D () C:\ProgramData\TrojanHunter 2015-01-14 20:20 - 2015-01-14 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter 2015-01-14 20:16 - 2015-01-14 20:16 - 00000949 _____ () C:\Users\Mcx1-ONEPC\Desktop\PeerGuardian.lnk 2015-01-14 20:16 - 2015-01-14 20:16 - 00000949 _____ () C:\Users\Admin\Desktop\PeerGuardian.lnk 2015-01-14 20:16 - 2015-01-14 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerGuardian 2 2015-01-14 20:16 - 2015-01-14 20:16 - 00000000 ____D () C:\Program Files (x86)\PeerGuardian2 2015-01-14 19:44 - 2015-01-14 19:45 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu.exe 2015-01-14 19:44 - 2015-01-14 19:44 - 02209056 _____ () C:\Users\Admin\Downloads\avira-eu-cleaner_de.exe 2015-01-14 19:44 - 2015-01-14 19:44 - 00002072 _____ () C:\Users\Admin\Desktop\Entfernen des Avira EU-Cleaners.lnk 2015-01-14 19:44 - 2015-01-14 19:44 - 00002016 _____ () C:\Users\Admin\Desktop\Avira EU-Cleaner.lnk 2015-01-14 19:35 - 2015-01-15 05:52 - 00000000 ____D () C:\ProgramData\HitmanPro 2015-01-14 19:35 - 2015-01-14 19:35 - 11225840 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\hitmanpro_x64.exe 2015-01-14 19:28 - 2015-01-18 09:53 - 00004921 _____ () C:\WINDOWS\setupact.log 2015-01-14 19:28 - 2015-01-14 19:28 - 00000000 _____ () C:\WINDOWS\setuperr.log 2015-01-14 17:25 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll 2015-01-14 17:25 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll 2015-01-14 10:15 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-01-14 10:15 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-01-14 10:15 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-01-14 10:15 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-01-14 10:15 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-01-14 10:15 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-01-14 10:15 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-01-14 10:15 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-01-14 10:15 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-01-14 10:15 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-01-14 10:15 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-01-14 10:15 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-01-14 10:15 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-01-14 10:15 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-01-14 10:15 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-01-13 14:36 - 2015-01-13 14:41 - 00000000 ____D () C:\Users\Admin\Documents\InfiniteCrisis 2015-01-13 14:36 - 2015-01-13 14:36 - 00000000 ____D () C:\Users\Admin\AppData\Local\InfiniteCrisis 2015-01-13 08:17 - 2015-01-13 12:41 - 00000000 ____D () C:\Users\Admin\AppData\Local\Turbine 2015-01-13 08:08 - 2015-01-13 08:08 - 00000000 ____D () C:\ProgramData\Turbine 2015-01-13 07:17 - 2015-01-13 07:19 - 164623600 _____ () C:\Users\Admin\Desktop\InfiniteCrisisInstaller.exe 2015-01-10 12:50 - 2015-01-10 12:50 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf 2015-01-10 12:49 - 2015-01-10 12:50 - 05410368 _____ (Code Laboratories, Inc.) C:\Users\Admin\Downloads\CL-Eye-Driver-5.3.0.0341.exe 2015-01-10 12:42 - 2015-01-10 12:43 - 23535342 _____ () C:\Users\Admin\Downloads\ECam-V2_0_3_0.zip 2015-01-09 17:16 - 2015-01-09 17:50 - 2840363008 _____ () C:\Users\Admin\Downloads\Image_Windows7_32+64.iso 2015-01-05 14:30 - 2015-01-05 14:30 - 01923104 _____ (CTS Games Ltd. ) C:\Users\Admin\Downloads\szone_webinst.exe 2015-01-04 19:49 - 2015-01-18 06:46 - 00067584 ___SH () C:\Users\Admin\Desktop\Thumbs.db 2015-01-04 11:54 - 2015-01-18 09:56 - 00003132 _____ () C:\WINDOWS\System32\Tasks\FRAPS 2015-01-03 16:16 - 2015-01-03 16:16 - 00000876 _____ () C:\Users\Admin\Desktop\X-Motor Racing Launcher.lnk 2015-01-03 16:16 - 2015-01-03 16:16 - 00000831 _____ () C:\Users\Admin\Desktop\X-Motor Racing.lnk 2015-01-03 16:16 - 2015-01-03 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X-Motor Racing Demo 2015-01-03 16:15 - 2015-01-03 16:15 - 00000000 ____D () C:\Games 2015-01-03 16:11 - 2015-01-03 16:14 - 220323599 _____ () C:\Users\Admin\Downloads\x-motor-racing.demo.v1.48.zip 2014-12-30 13:55 - 2014-12-30 13:55 - 00003909 _____ () C:\Users\Admin\Downloads\Transformers.Rise.of.the.Dark.Spark.save100.zip 2014-12-30 13:47 - 2014-12-30 13:47 - 00000000 ____H () C:\Users\Admin\Documents\Default.rdp 2014-12-29 18:53 - 2014-12-29 18:53 - 00000000 ____D () C:\Lohnkonto 2014-12-29 17:46 - 2014-12-29 17:46 - 00002860 _____ () C:\Users\Admin\Desktop\ToppKurierMA2014.csv 2014-12-29 17:42 - 2014-12-29 17:42 - 00004266 _____ () C:\Users\Admin\Desktop\MA2014.txt 2014-12-29 17:35 - 2014-12-29 19:12 - 00000000 ____D () C:\Users\Admin\elan2014 2014-12-29 17:34 - 2014-12-29 17:34 - 00001985 _____ () C:\Users\Admin\Desktop\REHADAT_Elan_2014.lnk 2014-12-29 17:34 - 2014-12-29 17:34 - 00000000 ____D () C:\Users\Admin\elan2014start 2014-12-29 17:34 - 2014-12-29 17:34 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\REHADAT_Elan_2014 2014-12-28 15:26 - 2014-12-28 15:26 - 00000000 ____D () C:\Users\Admin\AppData\Local\Skyrim 2014-12-28 08:06 - 2014-12-28 08:06 - 00000000 ____D () C:\Users\Admin\AppData\Local\techland 2014-12-27 21:21 - 2014-12-27 21:21 - 00000222 _____ () C:\Users\Admin\Desktop\Call of Juarez Gunslinger.url 2014-12-26 08:14 - 2014-12-26 08:14 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2014-12-25 14:03 - 2015-01-08 18:54 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\QuickScan 2014-12-25 09:52 - 2014-12-25 09:52 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2819443126-392552937-1277417864-1001 2014-12-24 20:00 - 2014-12-24 20:00 - 00000222 _____ () C:\Users\Admin\Desktop\Next Car Game Wreckfest.url 2014-12-24 19:03 - 2014-12-24 19:03 - 00000000 ____D () C:\Users\Admin\AppData\Local\next car game technology sneak peek 2014-12-24 19:02 - 2014-12-24 19:02 - 11754447 _____ () C:\Users\Admin\Downloads\ncg_wallpapers.zip 2014-12-24 18:26 - 2014-12-24 19:00 - 00000222 _____ () C:\Users\Admin\Desktop\Next Car Game Sneak Peek 2.0.url 2014-12-24 12:15 - 2014-12-24 12:15 - 00000221 _____ () C:\Users\Admin\Desktop\Cogs.url 2014-12-24 11:39 - 2014-12-24 11:38 - 00000444 _____ () C:\Users\Admin\Desktop\Delivery report.ext 2014-12-22 19:50 - 2015-01-18 10:06 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2819443126-392552937-1277417864-1001 2014-12-22 19:44 - 2014-12-22 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Copa Petrobras de Marcas 2014-12-22 19:41 - 2014-12-22 20:20 - 00000000 ____D () C:\Marcas 2014-12-22 17:33 - 2014-12-22 17:34 - 06177829 _____ () C:\Users\Admin\Downloads\Helmet&Driver.rar 2014-12-22 17:33 - 2014-12-22 17:33 - 00534227 _____ (Reiza Studios Ltda. ) C:\Users\Admin\Downloads\Marcas_v102_Setup.exe 2014-12-22 12:40 - 2015-01-18 09:53 - 01214316 _____ () C:\WINDOWS\WindowsUpdate.log 2014-12-22 12:37 - 2015-01-18 10:07 - 00005124 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ONEPC-Admin OnePC 2014-12-22 12:34 - 2014-12-22 12:34 - 00002772 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2014-12-22 12:34 - 2014-12-22 12:34 - 00000794 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-12-22 12:34 - 2014-12-22 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-12-22 12:34 - 2014-12-22 12:34 - 00000000 ____D () C:\Program Files\CCleaner 2014-12-22 12:30 - 2015-01-05 14:39 - 00000000 ____D () C:\Program Files (x86)\Panda Security 2014-12-22 12:30 - 2015-01-05 14:38 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Panda Security 2014-12-22 12:30 - 2014-12-22 12:31 - 04036200 _____ (Piriform Ltd) C:\Users\Admin\Downloads\ccsetup500_slim.exe 2014-12-22 12:29 - 2015-01-05 14:38 - 00000000 ____D () C:\ProgramData\Panda Security 2014-12-21 11:49 - 2014-12-21 11:49 - 00000222 _____ () C:\Users\Admin\Desktop\The Great War 1918.url 2014-12-21 11:46 - 2014-12-21 11:46 - 00001373 _____ () C:\Users\Admin\Desktop\The Great War 1918.lnk 2014-12-21 09:44 - 2014-12-21 09:44 - 00000222 _____ () C:\Users\Admin\Desktop\Company of Heroes (New Steam Version).url 2014-12-20 11:53 - 2014-12-25 13:17 - 00000022 _____ () C:\WINDOWS\GPU-Z.INI 2014-12-20 11:43 - 2014-12-20 11:43 - 00000000 ____D () C:\Program Files (x86)\Futuremark 2014-12-20 11:40 - 2014-12-20 11:41 - 02674688 _____ () C:\Users\Admin\Downloads\Futuremark_SystemInfo_v433_installer.msi 2014-12-20 11:40 - 2014-12-20 11:40 - 00000000 ____D () C:\Users\Admin\AppData\Local\Futuremark 2014-12-20 11:33 - 2014-12-20 11:33 - 00001176 _____ () C:\Users\Public\Desktop\3DMark.lnk 2014-12-20 11:33 - 2014-12-20 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark 2014-12-20 11:33 - 2014-12-20 11:33 - 00000000 ____D () C:\Program Files\Futuremark 2014-12-20 08:41 - 2014-12-20 08:41 - 00000975 _____ () C:\Users\Admin\Desktop\TechPowerUp GPU-Z.lnk 2014-12-20 08:41 - 2014-12-20 08:41 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z 2014-12-20 08:41 - 2014-12-20 08:41 - 00000000 ____D () C:\Program Files (x86)\GPU-Z 2014-12-20 08:40 - 2014-12-20 08:40 - 01577464 _____ ( ) C:\Users\Admin\Downloads\cpu-z_1.71.1-setup-en.exe 2014-12-20 08:09 - 2014-12-20 08:09 - 00001098 _____ () C:\Users\Admin\Desktop\MSI Afterburner.lnk 2014-12-20 08:08 - 2014-12-20 08:08 - 00000000 ____D () C:\Users\Admin\Downloads\MSIAfterburnerSetup400 2014-12-19 13:00 - 2015-01-03 08:38 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-18 10:10 - 2013-06-04 18:18 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps 2015-01-18 09:59 - 2013-09-30 05:14 - 01780344 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-01-18 09:59 - 2013-09-30 04:58 - 00766800 _____ () C:\WINDOWS\system32\perfh007.dat 2015-01-18 09:59 - 2013-09-30 04:58 - 00160082 _____ () C:\WINDOWS\system32\perfc007.dat 2015-01-18 09:59 - 2013-08-04 19:03 - 00000000 ____D () C:\ProgramData\Origin 2015-01-18 09:57 - 2014-09-28 09:25 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Raptr 2015-01-18 09:56 - 2013-11-03 10:49 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-18 09:56 - 2013-11-03 07:37 - 00000000 ____D () C:\Fraps 2015-01-18 09:56 - 2013-06-04 07:27 - 00000000 __RDO () C:\Users\Admin\SkyDrive 2015-01-18 09:53 - 2014-11-28 10:25 - 32799773 _____ () C:\Simraceway.log 2015-01-18 09:53 - 2013-11-03 10:49 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-18 09:53 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-01-18 09:52 - 2013-08-22 14:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI 2015-01-18 09:24 - 2013-11-03 16:46 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-01-18 09:03 - 2014-08-03 04:32 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\StormFall 2015-01-18 08:47 - 2013-10-23 15:32 - 00000000 ____D () C:\Users\Admin 2015-01-18 08:45 - 2014-11-26 09:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\RHEng 2015-01-18 08:45 - 2014-10-21 11:59 - 00000000 ____D () C:\ProgramData\Netzmanager 2015-01-18 08:45 - 2014-10-20 16:39 - 00000000 ____D () C:\Users\Mcx1-ONEPC 2015-01-18 08:45 - 2014-10-11 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield 2015-01-18 08:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration 2015-01-18 08:45 - 2013-06-03 18:27 - 00000000 ____D () C:\WINDOWS\tmpdrv 2015-01-18 08:38 - 2014-04-13 13:41 - 00000132 _____ () C:\Users\Admin\AppData\Local\killertool.log 2015-01-18 07:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-01-18 07:19 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2015-01-17 09:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\IME 2015-01-17 09:20 - 2014-08-26 16:37 - 00000000 ____D () C:\Users\Admin\Desktop\Neues Verzeichnis 2015-01-17 09:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-01-17 08:39 - 2013-06-20 18:11 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TeamViewer 2015-01-16 08:53 - 2013-12-28 10:24 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2015-01-15 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-01-15 06:09 - 2014-01-17 15:30 - 00000000 ____D () C:\WINDOWS\Minidump 2015-01-14 19:27 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-01-14 19:23 - 2013-06-27 19:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TS3Client 2015-01-14 10:34 - 2013-07-12 17:28 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-01-14 10:31 - 2013-06-03 19:18 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-01-13 21:46 - 2013-06-04 07:07 - 00000000 ____D () C:\ProgramData\Lexware 2015-01-13 19:24 - 2013-11-03 16:46 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-01-13 18:25 - 2014-02-11 16:50 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\apsec 2015-01-13 08:17 - 2014-08-19 15:45 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe 2015-01-13 07:07 - 2014-12-02 10:55 - 00000000 ____D () C:\Users\Admin\Documents\The Crew 2015-01-13 07:07 - 2014-03-01 12:42 - 00000000 ____D () C:\Users\Admin\Documents\DayZ 2015-01-13 07:07 - 2013-09-26 18:04 - 00000000 ____D () C:\Users\Admin\Documents\Arma 3 2015-01-12 20:56 - 2013-06-03 18:14 - 00000000 ____D () C:\Users\Admin\AppData\Local\Packages 2015-01-10 16:31 - 2013-06-27 08:14 - 00000000 ____D () C:\Users\Admin\Documents\Outlook-Dateien 2015-01-07 08:35 - 2014-06-03 10:45 - 01291280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll 2015-01-07 08:35 - 2014-04-08 20:01 - 02210224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll 2015-01-07 08:34 - 2014-06-03 10:45 - 01715408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll 2015-01-07 08:34 - 2014-04-08 20:01 - 02824504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll 2015-01-06 01:08 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-01-06 01:08 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-05 14:39 - 2014-12-17 22:00 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV 2015-01-05 14:39 - 2014-12-17 22:00 - 00000000 ____D () C:\WINDOWS\system32\NV 2015-01-05 14:39 - 2013-08-22 15:44 - 00500104 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-01-05 14:34 - 2013-08-04 19:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Origin 2015-01-04 19:49 - 2014-07-29 13:47 - 00000000 ____D () C:\Users\Admin\Desktop\Alte Firefox-Daten 2015-01-03 08:22 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries 2014-12-31 12:14 - 2013-06-03 19:24 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2014-12-31 11:31 - 2013-11-30 13:20 - 00000000 ____D () C:\Users\Admin\Documents\SimCity 2014-12-28 11:52 - 2013-06-04 16:16 - 00000000 ____D () C:\Users\Admin\Documents\my games 2014-12-28 09:27 - 2013-08-26 18:03 - 00000000 ____D () C:\Users\Admin\Documents\4A Games 2014-12-27 21:21 - 2013-06-05 20:49 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-12-25 10:02 - 2014-10-05 11:21 - 00007602 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg 2014-12-25 09:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\schemas 2014-12-25 07:33 - 2013-07-07 18:47 - 00000000 ____D () C:\Users\Admin\AppData\Local\4A Games 2014-12-23 20:23 - 2014-04-21 10:25 - 00000000 ____D () C:\Users\Admin\Downloads\recuva 8gb stick 2014-12-23 06:55 - 2013-09-12 07:56 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-12-22 12:49 - 2014-11-12 10:36 - 27590656 _____ () C:\WINDOWS\system32\vmguest.iso 2014-12-22 12:18 - 2013-11-17 08:59 - 00015512 _____ () C:\Users\Admin\Downloads\hijackthis.log 2014-12-22 12:15 - 2013-11-17 09:04 - 00000000 ____D () C:\Users\Admin\Downloads\backups 2014-12-21 08:24 - 2013-06-22 13:07 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\.rFactor 2014-12-21 08:03 - 2013-06-20 18:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rFactor 2 2014-12-20 19:56 - 2014-12-02 10:55 - 00000000 ____D () C:\Users\Admin\Documents\ProfileCache 2014-12-20 18:31 - 2014-08-26 16:52 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server 2014-12-20 11:57 - 2013-08-25 15:25 - 00000000 ____D () C:\Users\Admin\Documents\3DMark 2014-12-20 11:33 - 2013-10-04 13:33 - 00000000 ____D () C:\ProgramData\Package Cache 2014-12-20 08:40 - 2014-07-15 15:20 - 00000845 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk 2014-12-20 08:09 - 2013-11-03 07:59 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx 2014-12-20 08:09 - 2013-11-03 07:59 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner 2014-12-20 08:09 - 2013-11-03 07:59 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner 2014-12-20 06:40 - 2014-12-15 22:52 - 00000000 ____D () C:\Users\Admin\Documents\Assetto Corsa 2014-12-19 18:04 - 2014-10-05 09:33 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Simraceway 2014-12-19 13:00 - 2014-07-14 06:12 - 00001082 _____ () C:\Users\Public\Desktop\VLC media player.lnk ==================== Files in the root of some directories ======= 2014-07-05 19:34 - 2014-07-06 05:11 - 0000154 _____ () C:\Users\Admin\AppData\Roaming\Rim.Desktop.Exception.log 2014-07-05 19:34 - 2014-11-28 10:20 - 0001937 _____ () C:\Users\Admin\AppData\Roaming\Rim.Desktop.HttpServerSetup.log 2014-07-05 19:34 - 2014-07-06 05:11 - 0000154 _____ () C:\Users\Admin\AppData\Roaming\Rim.DesktopHelper.Exception.log 2014-04-13 13:44 - 2014-10-23 09:10 - 0000000 _____ () C:\Users\Admin\AppData\Local\BluetoothPresent.flag 2014-04-13 13:44 - 2014-10-23 09:10 - 0000000 _____ () C:\Users\Admin\AppData\Local\Driver_Jupiter_01Present.flag 2014-04-13 13:44 - 2014-10-23 09:10 - 0000000 _____ () C:\Users\Admin\AppData\Local\Driver_LOM_8161Present.flag 2014-11-09 07:59 - 2014-11-09 08:00 - 0318088 _____ () C:\Users\Admin\AppData\Local\HDGraph.log 2014-04-13 13:41 - 2015-01-18 08:38 - 0000132 _____ () C:\Users\Admin\AppData\Local\killertool.log 2014-01-04 17:12 - 2014-11-10 16:33 - 0000600 _____ () C:\Users\Admin\AppData\Local\PUTTY.RND 2014-10-05 11:21 - 2014-12-25 10:02 - 0007602 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg 2013-09-09 14:29 - 2013-09-09 14:29 - 0000057 _____ () C:\ProgramData\Ament.ini ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-18 10:06 ==================== End Of Log ============================ --- --- --- Geändert von andto (18.01.2015 um 09:49 Uhr) Grund: auf der Suche nach dem Störer ;) |
18.01.2015, 15:06 | #8 |
/// the machine /// TB-Ausbilder | nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v Ich habs mal dem Entwickler gemeldet. ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
18.01.2015, 17:03 | #9 |
| nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v der hotspotroutingtreiber hssdrv6.sys muss bleiben da sonst das Internet nicht mehr funktioniert oder ersetzt werden. Kenn aber den Hintergrund nicht. Treiber sind alle da aber es verbindet sich dann eben nicht... aktuell ist er drauf aber den taphss6.sys hab ich umbenannt und belassen, könnt ihn ohne Problem auch löschen. Code:
ATTFilter Results of screen317's Security Check version 0.99.93 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` iSpy Call of Duty: Ghosts - Multiplayer Java 7 Update 67 Java 8 Update 25 Java version 32-bit out of Date! Adobe Flash Player 16.0.0.257 Adobe Reader XI Mozilla Firefox (34.0.5) Mozilla Thunderbird 17.0.6 Thunderbird out of Date! ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015 Ran by Admin (administrator) on ONEPC on 18-01-2015 17:01:38 Running from C:\Users\Admin\Downloads Loaded Profiles: Admin (Available profiles: Admin & Mcx1-ONEPC) Platform: Windows 8.1 Pro with Media Center (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe () C:\Program Files (x86)\Common Files\Nokia\ADUService\ADUService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (iRacing.com Motorsport Simulations, LLC Bedford, MA 01730) D:\Program Files (x86)\iRacing\iRacingService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe (Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe () C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Beepa P/L) C:\Fraps\fraps.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Internettransfer\LxTrans.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe (Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe (Geek Software GmbH) D:\Program Files (x86)\PDF24\pdf24.exe (Mischel Internet Security) C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe (Beepa P/L) C:\Fraps\fraps64.dat (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe (Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe () C:\Users\Admin\Downloads\SecurityCheck.exe () C:\Users\Admin\Desktop\SecurityCheck.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531984 2015-01-07] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [TransferManager] => C:\Program Files (x86)\Common Files\Lexware\Internettransfer\LxTrans.exe [444928 2014-06-29] (Haufe-Lexware GmbH & Co. KG) HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2014-06-03] (Haufe-Lexware GmbH & Co. KG) HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc) HKLM-x32\...\Run: [PDFPrint] => d:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH) HKLM-x32\...\Run: [THGuard] => C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe [1081808 2014-07-30] (Mischel Internet Security) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [SkyDrive] => C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-09] (Microsoft Corporation) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [EADM] => d:\Program Files (x86)\Origin\Origin.exe [3618648 2014-12-19] (Electronic Arts) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [Prime95] => C:\Users\Admin\Downloads\p95v285.win64\prime95.exe [36363264 2014-05-30] () HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [PeerGuardian] => C:\Program Files (x86)\PeerGuardian2\pg2.exe [1421824 2005-09-18] (Methlabs) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\MountPoints2: {0d48a496-850f-11e3-becb-a417319ede24} - "G:\setup_vmc_lite.exe" /checkApplicationPresence HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\MountPoints2: {78f8706e-00e8-11e4-bf2b-a417319ede24} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\start.exe HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "D:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation) AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation) AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation) Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG) Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk ShortcutTarget: Tintenwarnungen überwachen - .lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{2D7BDE37-83EC-438A-9E1F-A610594DD358}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRW Download Manager.lnk ShortcutTarget: SRW Download Manager.lnk -> C:\IgniteGT\Simraceway\SRWAgent.exe (IgniteGT) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {3746422E-4692-4429-9698-E3EB34FE07BC} hxxp://192.168.1.9:88/FSIPCam.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {960DC750-7447-4CDE-BF1C-FB33F9129654} hxxp://192.168.1.9:5000/webman/3rdparty/SurveillanceStation/object/SSObject3.cab?6.1-2909 DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://192.168.1.117/codebase/DVM_IPCam2.ocx DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815 FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll () FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll () FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: synology.com/SurveillanceHelper -> C:\Program Files (x86)\Synology\SurveillanceHelper\1.0.0.3\npSurveillanceHelper.dll (Synology) FF Plugin-x32: synology.com/SurveillancePlugin -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.423\npSurveillancePlugin.dll (Synology) FF Plugin HKU\S-1-5-21-2819443126-392552937-1277417864-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-2819443126-392552937-1277417864-1001: hp.com/HPDetect -> C:\Users\Admin\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP) FF Plugin HKU\S-1-5-21-2819443126-392552937-1277417864-1001: synology.com/SSWebPlugin -> C:\Users\Admin\AppData\Roaming\Synology\SSWebPlugin\1.0.0.39\npSSWebPlugin.dll (Synology) FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\searchplugins\google-images.xml FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\searchplugins\google-maps.xml FF Extension: npIpcam - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\Extensions\npapi@n.com [2014-08-23] FF Extension: Bitdefender QuickScan - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-12-25] FF Extension: {4bca6f1e-1ab9-44ff-9461-67bd2fbe7039} - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\Extensions\{4bca6f1e-1ab9-44ff-9461-67bd2fbe7039}.xpi [2014-11-09] FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-21] FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2015-01-18] FF HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\extensions\cliqz@cliqz.com Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Admin\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-11-08] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ADUServiceNSRT; C:\Program Files (x86)\Common Files\Nokia\ADUService\ADUService.exe [100984 2014-06-26] () [File not signed] S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-12-03] () S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-12-10] (Futuremark) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-07] (NVIDIA Corporation) R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2015-01-15] (SurfRight B.V.) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-10-03] (Intel Corporation) R2 iRacingService; D:\Program Files (x86)\iRacing\iRacingService.exe [798840 2015-01-13] (iRacing.com Motorsport Simulations, LLC Bedford, MA 01730) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-09-17] (Intel Corporation) R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [62504 2014-06-26] (Haufe-Lexware GmbH & Co. KG) R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2015-01-07] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19822736 2015-01-07] (NVIDIA Corporation) S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts) R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-06-13] () R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [387584 2014-09-19] (Qualcomm Atheros) [File not signed] R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3275728 2014-06-24] (Paramount Software UK Ltd) R2 Simraceway Update Service; C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe [1630720 2013-07-11] () [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) S2 Micro Star SCM; C:\WINDOWS\SysWOW64\MSIService.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3905536 2014-08-22] (Qualcomm Atheros Communications, Inc.) R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [97968 2014-09-11] (Qualcomm Atheros, Inc.) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2015-01-15] () R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.) R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.) R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.) S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [11776 2009-04-09] (ZTE Incorporated) [File not signed] S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-18] (Malwarebytes Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4263936 2013-06-03] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-07] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] () S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited) S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-06-23] (Research in Motion Limited) S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd) S3 SjtWinIo; C:\Windows\System32\drivers\SjtWinIo.sys [9216 2014-08-26] (SpeedJet Technology INC.) R3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) S3 UHSfiltv; C:\Windows\system32\drivers\UHSfiltv.sys [23552 2012-09-12] (Creative Technology Ltd.) [File not signed] S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S3 AthBTPort; \SystemRoot\system32\DRIVERS\btath_flt.sys [X] S3 BTATH_A2DP; \SystemRoot\system32\drivers\btath_a2dp.sys [X] S3 btath_avdt; \SystemRoot\system32\drivers\btath_avdt.sys [X] S3 BTATH_BUS; \SystemRoot\System32\drivers\btath_bus.sys [X] S3 BTATH_HCRP; \SystemRoot\System32\drivers\btath_hcrp.sys [X] S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X] S3 BTATH_RCP; \SystemRoot\System32\drivers\btath_rcp.sys [X] S3 cpuz138; \??\C:\WINDOWS\TEMP\cpuz138\cpuz138_x64.sys [X] S3 GPUZ; \??\C:\WINDOWS\TEMP\GPUZ.sys [X] S3 hitmanpro37; \??\C:\WINDOWS\system32\drivers\hitmanpro37.sys [X] S3 pxldapoc; \??\C:\Users\Admin\AppData\Local\Temp\pxldapoc.sys [X] S3 taphss6; \SystemRoot\system32\DRIVERS\taphss6.sys [X] S3 VMSMP; \SystemRoot\system32\DRIVERS\vmswitch.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-18 16:42 - 2015-01-18 16:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-18 16:27 - 2015-01-18 16:14 - 00852504 _____ () C:\Users\Admin\Desktop\SecurityCheck.exe 2015-01-18 16:14 - 2015-01-18 16:14 - 00852504 _____ () C:\Users\Admin\Downloads\SecurityCheck.exe 2015-01-18 16:09 - 2015-01-18 16:09 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu(3).exe 2015-01-18 10:11 - 2015-01-18 10:11 - 00000000 ____D () C:\Users\Admin\Downloads\FRST-OlderVersion 2015-01-18 09:40 - 2015-01-18 09:40 - 00002251 _____ () C:\Users\Admin\Desktop\JRT.txt 2015-01-18 09:34 - 2015-01-18 09:34 - 01707939 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe 2015-01-18 09:34 - 2015-01-18 09:34 - 00000000 ____D () C:\WINDOWS\ERUNT 2015-01-18 09:31 - 2015-01-18 09:31 - 02186752 _____ () C:\Users\Admin\Downloads\AdwCleaner_4.108(1).exe 2015-01-18 09:18 - 2015-01-18 09:39 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-01-18 09:18 - 2015-01-18 09:18 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-18 09:18 - 2015-01-18 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-18 09:18 - 2015-01-18 09:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-18 09:18 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-01-18 09:18 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-01-18 09:18 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-01-18 09:10 - 2015-01-18 09:11 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028(1).exe 2015-01-18 09:00 - 2015-01-18 09:00 - 00000000 ____D () C:\WINDOWS\LastGood 2015-01-18 08:52 - 2014-08-22 09:00 - 03905536 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athwbx.sys 2015-01-18 08:34 - 2015-01-18 08:34 - 00000000 ____D () C:\Dell 2015-01-18 07:30 - 2015-01-18 07:30 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp 2015-01-18 07:26 - 2015-01-18 07:26 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Synaptics 2015-01-18 07:21 - 2015-01-18 08:23 - 00029758 _____ () C:\WINDOWS\DPINST.LOG 2015-01-18 07:21 - 2015-01-18 07:21 - 00001342 _____ () C:\WINDOWS\Synaptics.log 2015-01-18 07:21 - 2015-01-18 07:21 - 00000000 ____D () C:\Program Files\Synaptics 2015-01-18 07:10 - 2015-01-18 07:10 - 00003707 _____ () C:\Users\Admin\Desktop\AdwCleaner[S0].txt 2015-01-18 07:04 - 2015-01-18 07:04 - 00001220 _____ () C:\Users\Admin\Desktop\Malwarebytes Anti-Malware180120150700.txt 2015-01-18 06:50 - 2015-01-18 09:02 - 00001280 _____ () C:\Users\Admin\Desktop\Revo Uninstaller.lnk 2015-01-18 06:50 - 2015-01-18 09:02 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-01-18 06:50 - 2015-01-18 06:50 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Admin\Downloads\revosetup95.exe 2015-01-17 13:14 - 2015-01-18 14:53 - 00000000 ____D () C:\AdwCleaner 2015-01-17 13:14 - 2015-01-17 13:14 - 02186752 _____ () C:\Users\Admin\Downloads\AdwCleaner_4.108.exe 2015-01-17 13:12 - 2015-01-17 13:12 - 00380416 _____ () C:\Users\Admin\Downloads\dsz5321w.exe 2015-01-17 12:42 - 2015-01-17 13:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-01-17 12:41 - 2015-01-17 13:05 - 00000000 ____D () C:\Users\Admin\Desktop\mbar 2015-01-17 12:40 - 2015-01-17 12:41 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Admin\Downloads\mbar-1.08.2.1001.exe 2015-01-17 12:17 - 2015-01-17 12:17 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-01-17 12:16 - 2015-01-17 12:16 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu(2).exe 2015-01-17 12:08 - 2015-01-17 12:08 - 00013401 _____ () C:\Users\Admin\Downloads\gmerversion2018444.log 2015-01-17 09:48 - 2015-01-18 12:41 - 00004036 _____ () C:\WINDOWS\PFRO.log 2015-01-17 09:47 - 2015-01-17 09:47 - 00009952 _____ () C:\Users\Admin\Desktop\malwarebytestestversion2041028.txt 2015-01-17 09:45 - 2015-01-17 09:45 - 00365568 _____ () C:\Users\Admin\Downloads\gmer-2.0.18444.exe 2015-01-17 09:38 - 2015-01-17 09:38 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-17 09:32 - 2015-01-17 09:32 - 00085001 _____ () C:\Users\Admin\Desktop\Resultminitoolbox.txt 2015-01-17 09:31 - 2015-01-17 09:32 - 00084965 _____ () C:\Users\Admin\Downloads\Result.txt 2015-01-17 09:31 - 2015-01-17 09:31 - 00401920 _____ (Farbar) C:\Users\Admin\Downloads\MiniToolBox.exe 2015-01-17 09:23 - 2015-01-17 09:23 - 00126319 _____ () C:\Users\Admin\Downloads\Shortcut.txt 2015-01-17 09:21 - 2015-01-17 09:21 - 00049295 _____ () C:\Users\Admin\Desktop\FRST.txt 2015-01-17 08:49 - 2015-01-17 08:49 - 00380416 _____ () C:\Users\Admin\Downloads\Gmer-19357.exe 2015-01-17 08:44 - 2015-01-18 17:01 - 00024861 _____ () C:\Users\Admin\Downloads\FRST.txt 2015-01-17 08:44 - 2015-01-18 17:01 - 00000000 ____D () C:\FRST 2015-01-17 08:44 - 2015-01-17 09:23 - 00060300 _____ () C:\Users\Admin\Downloads\Addition.txt 2015-01-17 08:43 - 2015-01-18 10:11 - 02126336 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe 2015-01-17 08:43 - 2015-01-18 10:09 - 00000472 _____ () C:\Users\Admin\Downloads\defogger_disable.log 2015-01-17 08:43 - 2015-01-17 08:43 - 00050477 _____ () C:\Users\Admin\Downloads\Defogger.exe 2015-01-17 08:43 - 2015-01-17 08:43 - 00000000 _____ () C:\Users\Admin\defogger_reenable 2015-01-16 17:10 - 2015-01-16 17:10 - 00000000 ____D () C:\Users\Admin\Downloads\TcpView-3.05 2015-01-16 17:09 - 2015-01-16 17:09 - 01179936 _____ () C:\Users\Admin\Downloads\TCPView - CHIP-Installer.exe 2015-01-16 17:09 - 2015-01-16 17:09 - 00291606 _____ () C:\Users\Admin\Downloads\TcpView-3.05.zip 2015-01-16 14:41 - 2015-01-16 14:41 - 00003657 _____ () C:\Users\Admin\Desktop\virenverdachtdatei.txt 2015-01-16 08:41 - 2015-01-16 08:41 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu(1).exe 2015-01-15 06:14 - 2015-01-18 15:44 - 00000000 ____D () C:\WINDOWS\CryptoGuard 2015-01-15 06:14 - 2015-01-17 08:12 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert 2015-01-15 06:14 - 2015-01-15 06:37 - 00548424 _____ (SurfRight) C:\WINDOWS\system32\hmpalert.dll 2015-01-15 06:14 - 2015-01-15 06:37 - 00477008 _____ (SurfRight) C:\WINDOWS\SysWOW64\hmpalert.dll 2015-01-15 06:14 - 2015-01-15 06:37 - 00093144 _____ () C:\WINDOWS\system32\Drivers\hmpalert.sys 2015-01-15 06:14 - 2015-01-15 06:14 - 01889616 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\hmpalert.exe 2015-01-15 06:14 - 2015-01-15 06:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert 2015-01-15 06:14 - 2015-01-15 06:14 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert 2015-01-15 06:09 - 2015-01-15 06:09 - 00319536 _____ () C:\WINDOWS\Minidump\011515-10203-01.dmp 2015-01-15 06:08 - 2015-01-15 06:08 - 1604350282 _____ () C:\WINDOWS\MEMORY.DMP 2015-01-15 05:52 - 2015-01-15 05:52 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe 2015-01-15 05:52 - 2015-01-15 05:52 - 00000856 _____ () C:\WINDOWS\system32\.crusader 2015-01-15 05:52 - 2015-01-15 05:52 - 00000142 _____ () C:\WINDOWS\system32\bootdelete.lst 2015-01-14 20:20 - 2015-01-14 20:22 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.6 2015-01-14 20:20 - 2015-01-14 20:20 - 00059392 ____R () C:\WINDOWS\SysWOW64\streamhlp.dll 2015-01-14 20:20 - 2015-01-14 20:20 - 00001097 _____ () C:\Users\Admin\Desktop\TrojanHunter.lnk 2015-01-14 20:20 - 2015-01-14 20:20 - 00000000 ____D () C:\ProgramData\TrojanHunter 2015-01-14 20:20 - 2015-01-14 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter 2015-01-14 20:16 - 2015-01-14 20:16 - 00000949 _____ () C:\Users\Mcx1-ONEPC\Desktop\PeerGuardian.lnk 2015-01-14 20:16 - 2015-01-14 20:16 - 00000949 _____ () C:\Users\Admin\Desktop\PeerGuardian.lnk 2015-01-14 20:16 - 2015-01-14 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerGuardian 2 2015-01-14 20:16 - 2015-01-14 20:16 - 00000000 ____D () C:\Program Files (x86)\PeerGuardian2 2015-01-14 19:44 - 2015-01-14 19:45 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu.exe 2015-01-14 19:44 - 2015-01-14 19:44 - 02209056 _____ () C:\Users\Admin\Downloads\avira-eu-cleaner_de.exe 2015-01-14 19:44 - 2015-01-14 19:44 - 00002072 _____ () C:\Users\Admin\Desktop\Entfernen des Avira EU-Cleaners.lnk 2015-01-14 19:44 - 2015-01-14 19:44 - 00002016 _____ () C:\Users\Admin\Desktop\Avira EU-Cleaner.lnk 2015-01-14 19:35 - 2015-01-15 05:52 - 00000000 ____D () C:\ProgramData\HitmanPro 2015-01-14 19:35 - 2015-01-14 19:35 - 11225840 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\hitmanpro_x64.exe 2015-01-14 19:28 - 2015-01-18 15:11 - 00006769 _____ () C:\WINDOWS\setupact.log 2015-01-14 19:28 - 2015-01-14 19:28 - 00000000 _____ () C:\WINDOWS\setuperr.log 2015-01-14 17:25 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll 2015-01-14 17:25 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll 2015-01-14 10:15 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-01-14 10:15 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-01-14 10:15 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-01-14 10:15 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-01-14 10:15 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-01-14 10:15 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-01-14 10:15 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-01-14 10:15 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-01-14 10:15 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-01-14 10:15 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-01-14 10:15 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-01-14 10:15 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-01-14 10:15 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-01-14 10:15 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-01-14 10:15 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-01-13 14:36 - 2015-01-13 14:41 - 00000000 ____D () C:\Users\Admin\Documents\InfiniteCrisis 2015-01-13 14:36 - 2015-01-13 14:36 - 00000000 ____D () C:\Users\Admin\AppData\Local\InfiniteCrisis 2015-01-13 08:17 - 2015-01-13 12:41 - 00000000 ____D () C:\Users\Admin\AppData\Local\Turbine 2015-01-13 08:08 - 2015-01-13 08:08 - 00000000 ____D () C:\ProgramData\Turbine 2015-01-13 07:17 - 2015-01-13 07:19 - 164623600 _____ () C:\Users\Admin\Desktop\InfiniteCrisisInstaller.exe 2015-01-10 12:50 - 2015-01-10 12:50 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf 2015-01-10 12:49 - 2015-01-10 12:50 - 05410368 _____ (Code Laboratories, Inc.) C:\Users\Admin\Downloads\CL-Eye-Driver-5.3.0.0341.exe 2015-01-10 12:42 - 2015-01-10 12:43 - 23535342 _____ () C:\Users\Admin\Downloads\ECam-V2_0_3_0.zip 2015-01-09 17:16 - 2015-01-09 17:50 - 2840363008 _____ () C:\Users\Admin\Downloads\Image_Windows7_32+64.iso 2015-01-05 14:30 - 2015-01-05 14:30 - 01923104 _____ (CTS Games Ltd. ) C:\Users\Admin\Downloads\szone_webinst.exe 2015-01-04 19:49 - 2015-01-18 14:23 - 00070144 ___SH () C:\Users\Admin\Desktop\Thumbs.db 2015-01-04 11:54 - 2015-01-18 15:36 - 00003132 _____ () C:\WINDOWS\System32\Tasks\FRAPS 2015-01-03 16:16 - 2015-01-03 16:16 - 00000876 _____ () C:\Users\Admin\Desktop\X-Motor Racing Launcher.lnk 2015-01-03 16:16 - 2015-01-03 16:16 - 00000831 _____ () C:\Users\Admin\Desktop\X-Motor Racing.lnk 2015-01-03 16:16 - 2015-01-03 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X-Motor Racing Demo 2015-01-03 16:15 - 2015-01-03 16:15 - 00000000 ____D () C:\Games 2015-01-03 16:11 - 2015-01-03 16:14 - 220323599 _____ () C:\Users\Admin\Downloads\x-motor-racing.demo.v1.48.zip 2014-12-30 13:55 - 2014-12-30 13:55 - 00003909 _____ () C:\Users\Admin\Downloads\Transformers.Rise.of.the.Dark.Spark.save100.zip 2014-12-30 13:47 - 2014-12-30 13:47 - 00000000 ____H () C:\Users\Admin\Documents\Default.rdp 2014-12-29 18:53 - 2014-12-29 18:53 - 00000000 ____D () C:\Lohnkonto 2014-12-29 17:46 - 2014-12-29 17:46 - 00002860 _____ () C:\Users\Admin\Desktop\ToppKurierMA2014.csv 2014-12-29 17:42 - 2014-12-29 17:42 - 00004266 _____ () C:\Users\Admin\Desktop\MA2014.txt 2014-12-29 17:35 - 2014-12-29 19:12 - 00000000 ____D () C:\Users\Admin\elan2014 2014-12-29 17:34 - 2014-12-29 17:34 - 00001985 _____ () C:\Users\Admin\Desktop\REHADAT_Elan_2014.lnk 2014-12-29 17:34 - 2014-12-29 17:34 - 00000000 ____D () C:\Users\Admin\elan2014start 2014-12-29 17:34 - 2014-12-29 17:34 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\REHADAT_Elan_2014 2014-12-28 15:26 - 2014-12-28 15:26 - 00000000 ____D () C:\Users\Admin\AppData\Local\Skyrim 2014-12-28 08:06 - 2014-12-28 08:06 - 00000000 ____D () C:\Users\Admin\AppData\Local\techland 2014-12-27 21:21 - 2014-12-27 21:21 - 00000222 _____ () C:\Users\Admin\Desktop\Call of Juarez Gunslinger.url 2014-12-26 08:14 - 2014-12-26 08:14 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2014-12-25 14:03 - 2015-01-08 18:54 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\QuickScan 2014-12-25 09:52 - 2014-12-25 09:52 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2819443126-392552937-1277417864-1001 2014-12-24 20:00 - 2014-12-24 20:00 - 00000222 _____ () C:\Users\Admin\Desktop\Next Car Game Wreckfest.url 2014-12-24 19:03 - 2014-12-24 19:03 - 00000000 ____D () C:\Users\Admin\AppData\Local\next car game technology sneak peek 2014-12-24 19:02 - 2014-12-24 19:02 - 11754447 _____ () C:\Users\Admin\Downloads\ncg_wallpapers.zip 2014-12-24 18:26 - 2014-12-24 19:00 - 00000222 _____ () C:\Users\Admin\Desktop\Next Car Game Sneak Peek 2.0.url 2014-12-24 12:15 - 2014-12-24 12:15 - 00000221 _____ () C:\Users\Admin\Desktop\Cogs.url 2014-12-24 11:39 - 2014-12-24 11:38 - 00000444 _____ () C:\Users\Admin\Desktop\Delivery report.ext 2014-12-22 19:50 - 2015-01-18 12:56 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2819443126-392552937-1277417864-1001 2014-12-22 17:33 - 2014-12-22 17:34 - 06177829 _____ () C:\Users\Admin\Downloads\Helmet&Driver.rar 2014-12-22 17:33 - 2014-12-22 17:33 - 00534227 _____ (Reiza Studios Ltda. ) C:\Users\Admin\Downloads\Marcas_v102_Setup.exe 2014-12-22 12:40 - 2015-01-18 15:21 - 01514677 _____ () C:\WINDOWS\WindowsUpdate.log 2014-12-22 12:37 - 2015-01-18 16:56 - 00005124 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ONEPC-Admin OnePC 2014-12-22 12:34 - 2014-12-22 12:34 - 00002772 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2014-12-22 12:34 - 2014-12-22 12:34 - 00000794 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-12-22 12:34 - 2014-12-22 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-12-22 12:34 - 2014-12-22 12:34 - 00000000 ____D () C:\Program Files\CCleaner 2014-12-22 12:30 - 2015-01-05 14:39 - 00000000 ____D () C:\Program Files (x86)\Panda Security 2014-12-22 12:30 - 2015-01-05 14:38 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Panda Security 2014-12-22 12:30 - 2014-12-22 12:31 - 04036200 _____ (Piriform Ltd) C:\Users\Admin\Downloads\ccsetup500_slim.exe 2014-12-22 12:29 - 2015-01-05 14:38 - 00000000 ____D () C:\ProgramData\Panda Security 2014-12-21 11:49 - 2014-12-21 11:49 - 00000222 _____ () C:\Users\Admin\Desktop\The Great War 1918.url 2014-12-21 11:46 - 2014-12-21 11:46 - 00001373 _____ () C:\Users\Admin\Desktop\The Great War 1918.lnk 2014-12-21 09:44 - 2014-12-21 09:44 - 00000222 _____ () C:\Users\Admin\Desktop\Company of Heroes (New Steam Version).url 2014-12-20 11:53 - 2014-12-25 13:17 - 00000022 _____ () C:\WINDOWS\GPU-Z.INI 2014-12-20 11:43 - 2014-12-20 11:43 - 00000000 ____D () C:\Program Files (x86)\Futuremark 2014-12-20 11:40 - 2014-12-20 11:41 - 02674688 _____ () C:\Users\Admin\Downloads\Futuremark_SystemInfo_v433_installer.msi 2014-12-20 11:40 - 2014-12-20 11:40 - 00000000 ____D () C:\Users\Admin\AppData\Local\Futuremark 2014-12-20 11:33 - 2014-12-20 11:33 - 00001176 _____ () C:\Users\Public\Desktop\3DMark.lnk 2014-12-20 11:33 - 2014-12-20 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark 2014-12-20 11:33 - 2014-12-20 11:33 - 00000000 ____D () C:\Program Files\Futuremark 2014-12-20 08:41 - 2014-12-20 08:41 - 00000975 _____ () C:\Users\Admin\Desktop\TechPowerUp GPU-Z.lnk 2014-12-20 08:41 - 2014-12-20 08:41 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z 2014-12-20 08:41 - 2014-12-20 08:41 - 00000000 ____D () C:\Program Files (x86)\GPU-Z 2014-12-20 08:40 - 2014-12-20 08:40 - 01577464 _____ ( ) C:\Users\Admin\Downloads\cpu-z_1.71.1-setup-en.exe 2014-12-20 08:09 - 2014-12-20 08:09 - 00001098 _____ () C:\Users\Admin\Desktop\MSI Afterburner.lnk 2014-12-20 08:08 - 2014-12-20 08:08 - 00000000 ____D () C:\Users\Admin\Downloads\MSIAfterburnerSetup400 2014-12-19 13:00 - 2015-01-03 08:38 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-18 17:00 - 2014-07-29 06:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-18 16:34 - 2013-08-04 19:03 - 00000000 ____D () C:\ProgramData\Origin 2015-01-18 16:29 - 2013-11-03 10:49 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-18 16:24 - 2013-11-03 16:46 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-01-18 15:37 - 2014-09-28 09:25 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Raptr 2015-01-18 15:36 - 2013-11-03 10:49 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-18 15:36 - 2013-11-03 07:37 - 00000000 ____D () C:\Fraps 2015-01-18 15:36 - 2013-06-04 07:27 - 00000000 ___DO () C:\Users\Admin\SkyDrive 2015-01-18 15:18 - 2013-09-30 05:14 - 01780344 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-01-18 15:18 - 2013-09-30 04:58 - 00766800 _____ () C:\WINDOWS\system32\perfh007.dat 2015-01-18 15:18 - 2013-09-30 04:58 - 00160082 _____ () C:\WINDOWS\system32\perfc007.dat 2015-01-18 15:11 - 2014-11-28 10:25 - 32800283 _____ () C:\Simraceway.log 2015-01-18 15:11 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-01-18 15:10 - 2013-08-22 14:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI 2015-01-18 11:25 - 2013-06-04 18:18 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps 2015-01-18 11:16 - 2014-04-13 18:20 - 00000000 ____D () C:\Users\Admin\Documents\Garmin 2015-01-18 11:16 - 2014-04-13 18:19 - 00000000 ____D () C:\Program Files (x86)\Garmin 2015-01-18 11:16 - 2014-04-13 18:16 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Garmin 2015-01-18 11:16 - 2014-04-13 18:16 - 00000000 ____D () C:\Users\Admin\AppData\Local\Garmin 2015-01-18 11:16 - 2014-04-13 18:16 - 00000000 ____D () C:\ProgramData\Garmin 2015-01-18 11:16 - 2013-10-04 13:33 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-18 11:06 - 2014-11-15 10:45 - 00000000 ____D () C:\ProgramData\eMule 2015-01-18 10:56 - 2013-06-03 18:28 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-18 10:46 - 2013-10-23 15:32 - 00000000 ____D () C:\Users\Admin 2015-01-18 10:33 - 2014-10-21 11:59 - 00000000 ____D () C:\ProgramData\Netzmanager 2015-01-18 10:33 - 2014-10-20 16:39 - 00000000 ____D () C:\Users\Mcx1-ONEPC 2015-01-18 10:32 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration 2015-01-18 09:03 - 2014-08-03 04:32 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\StormFall 2015-01-18 08:45 - 2013-06-03 18:27 - 00000000 ____D () C:\WINDOWS\tmpdrv 2015-01-18 08:38 - 2014-04-13 13:41 - 00000132 _____ () C:\Users\Admin\AppData\Local\killertool.log 2015-01-18 07:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-01-18 07:19 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2015-01-17 09:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\IME 2015-01-17 09:20 - 2014-08-26 16:37 - 00000000 ____D () C:\Users\Admin\Desktop\Neues Verzeichnis 2015-01-17 09:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-01-17 08:39 - 2013-06-20 18:11 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TeamViewer 2015-01-16 08:53 - 2013-12-28 10:24 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2015-01-15 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-01-15 06:09 - 2014-01-17 15:30 - 00000000 ____D () C:\WINDOWS\Minidump 2015-01-14 19:27 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-01-14 19:23 - 2013-06-27 19:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TS3Client 2015-01-14 10:34 - 2013-07-12 17:28 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-01-14 10:31 - 2013-06-03 19:18 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-01-13 21:46 - 2013-06-04 07:07 - 00000000 ____D () C:\ProgramData\Lexware 2015-01-13 19:24 - 2013-11-03 16:46 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-01-13 18:25 - 2014-02-11 16:50 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\apsec 2015-01-13 08:17 - 2014-08-19 15:45 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe 2015-01-13 07:07 - 2014-12-02 10:55 - 00000000 ____D () C:\Users\Admin\Documents\The Crew 2015-01-13 07:07 - 2014-03-01 12:42 - 00000000 ____D () C:\Users\Admin\Documents\DayZ 2015-01-13 07:07 - 2013-09-26 18:04 - 00000000 ____D () C:\Users\Admin\Documents\Arma 3 2015-01-12 20:56 - 2013-06-03 18:14 - 00000000 ____D () C:\Users\Admin\AppData\Local\Packages 2015-01-10 16:31 - 2013-06-27 08:14 - 00000000 ____D () C:\Users\Admin\Documents\Outlook-Dateien 2015-01-07 08:35 - 2014-06-03 10:45 - 01291280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll 2015-01-07 08:35 - 2014-04-08 20:01 - 02210224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll 2015-01-07 08:34 - 2014-06-03 10:45 - 01715408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll 2015-01-07 08:34 - 2014-04-08 20:01 - 02824504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll 2015-01-06 01:08 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-01-06 01:08 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-05 14:39 - 2014-12-17 22:00 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV 2015-01-05 14:39 - 2014-12-17 22:00 - 00000000 ____D () C:\WINDOWS\system32\NV 2015-01-05 14:39 - 2013-08-22 15:44 - 00500104 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-01-05 14:34 - 2013-08-04 19:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Origin 2015-01-04 19:49 - 2014-07-29 13:47 - 00000000 ____D () C:\Users\Admin\Desktop\Alte Firefox-Daten 2015-01-03 08:22 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries 2014-12-31 12:14 - 2013-06-03 19:24 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2014-12-31 11:31 - 2013-11-30 13:20 - 00000000 ____D () C:\Users\Admin\Documents\SimCity 2014-12-28 11:52 - 2013-06-04 16:16 - 00000000 ____D () C:\Users\Admin\Documents\my games 2014-12-28 09:27 - 2013-08-26 18:03 - 00000000 ____D () C:\Users\Admin\Documents\4A Games 2014-12-27 21:21 - 2013-06-05 20:49 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-12-25 10:02 - 2014-10-05 11:21 - 00007602 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg 2014-12-25 09:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\schemas 2014-12-25 07:33 - 2013-07-07 18:47 - 00000000 ____D () C:\Users\Admin\AppData\Local\4A Games 2014-12-23 20:23 - 2014-04-21 10:25 - 00000000 ____D () C:\Users\Admin\Downloads\recuva 8gb stick 2014-12-23 06:55 - 2013-09-12 07:56 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-12-22 12:49 - 2014-11-12 10:36 - 27590656 _____ () C:\WINDOWS\system32\vmguest.iso 2014-12-22 12:18 - 2013-11-17 08:59 - 00015512 _____ () C:\Users\Admin\Downloads\hijackthis.log 2014-12-22 12:15 - 2013-11-17 09:04 - 00000000 ____D () C:\Users\Admin\Downloads\backups 2014-12-21 08:24 - 2013-06-22 13:07 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\.rFactor 2014-12-21 08:03 - 2013-06-20 18:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rFactor 2 2014-12-20 19:56 - 2014-12-02 10:55 - 00000000 ____D () C:\Users\Admin\Documents\ProfileCache 2014-12-20 18:31 - 2014-08-26 16:52 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server 2014-12-20 11:57 - 2013-08-25 15:25 - 00000000 ____D () C:\Users\Admin\Documents\3DMark 2014-12-20 08:40 - 2014-07-15 15:20 - 00000845 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk 2014-12-20 08:09 - 2013-11-03 07:59 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx 2014-12-20 08:09 - 2013-11-03 07:59 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner 2014-12-20 08:09 - 2013-11-03 07:59 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner 2014-12-20 06:40 - 2014-12-15 22:52 - 00000000 ____D () C:\Users\Admin\Documents\Assetto Corsa 2014-12-19 18:04 - 2014-10-05 09:33 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Simraceway 2014-12-19 13:00 - 2014-07-14 06:12 - 00001082 _____ () C:\Users\Public\Desktop\VLC media player.lnk ==================== Files in the root of some directories ======= 2014-07-05 19:34 - 2014-07-06 05:11 - 0000154 _____ () C:\Users\Admin\AppData\Roaming\Rim.Desktop.Exception.log 2014-07-05 19:34 - 2014-11-28 10:20 - 0001937 _____ () C:\Users\Admin\AppData\Roaming\Rim.Desktop.HttpServerSetup.log 2014-07-05 19:34 - 2014-07-06 05:11 - 0000154 _____ () C:\Users\Admin\AppData\Roaming\Rim.DesktopHelper.Exception.log 2014-04-13 13:44 - 2014-10-23 09:10 - 0000000 _____ () C:\Users\Admin\AppData\Local\BluetoothPresent.flag 2014-04-13 13:44 - 2014-10-23 09:10 - 0000000 _____ () C:\Users\Admin\AppData\Local\Driver_Jupiter_01Present.flag 2014-04-13 13:44 - 2014-10-23 09:10 - 0000000 _____ () C:\Users\Admin\AppData\Local\Driver_LOM_8161Present.flag 2014-11-09 07:59 - 2014-11-09 08:00 - 0318088 _____ () C:\Users\Admin\AppData\Local\HDGraph.log 2014-04-13 13:41 - 2015-01-18 08:38 - 0000132 _____ () C:\Users\Admin\AppData\Local\killertool.log 2014-01-04 17:12 - 2014-11-10 16:33 - 0000600 _____ () C:\Users\Admin\AppData\Local\PUTTY.RND 2014-10-05 11:21 - 2014-12-25 10:02 - 0007602 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg 2013-09-09 14:29 - 2013-09-09 14:29 - 0000057 _____ () C:\ProgramData\Ament.ini Some content of TEMP: ==================== C:\Users\Admin\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-18 15:22 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2015 Ran by Admin at 2015-01-18 17:02:00 Running from C:\Users\Admin\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) CAT 3 - West - v4.0 (HKLM-x32\...\{D3D02004-0977-4BB1-8FE8-8BC4230DCEEC}}_is1) (Version: - Eutechnyx, Ltd) 3DMark (HKLM-x32\...\{7330098c-3669-4f39-9e82-4221d489db39}) (Version: 1.4.828.0 - Futuremark) 3DMark (Version: 1.4.828.0 - Futuremark) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.) Adobe Connect 9 Add-in (HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Adobe Connect 9 Add-in) (Version: 11,9,959,0 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden Alan Wake (HKLM-x32\...\Steam App 108710) (Version: - Remedy Entertainment) Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive) Assetto Corsa - Technology Preview Version 0.9.9 (HKLM-x32\...\{29826B4C-ADEF-4729-90D7-5011FD1C2B5E}_is1) (Version: 0.9.9 - Kunos Simulazioni) Assetto Corsa (HKLM-x32\...\Steam App 244210) (Version: - Kunos Simulazioni) Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB) Call of Duty: Advanced Warfare (HKLM-x32\...\Steam App 209650) (Version: - Sledgehammer Games) Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version: - ) Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version: - Treyarch) Call of Duty: Ghosts - Multiplayer (HKLM-x32\...\Steam App 209170) (Version: - ) Call of Juarez Gunslinger (HKLM-x32\...\Steam App 204450) (Version: - Techland) CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform) Cogs (HKLM-x32\...\Steam App 26500) (Version: - Lazy 8 Studios) Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version: - Relic Entertainment) CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts) dakota.ag (HKLM-x32\...\dakota.ag) (Version: 6.0.30 - ITSG GmbH) dakota.ag (x32 Version: 6.0.30 - ITSG GmbH) Hidden DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive) DGS-1500-28 (HKLM-x32\...\{A0EBA397-F8F2-43A8-BF90-BFB06720EFB4}) (Version: 1.0.0.7 - D-Link) D-Link SmartConsole Utility (HKLM-x32\...\InstallShield_{4FCE40BB-5BD6-43C9-8DAD-5B0551D8DF0C}) (Version: 3.00.10 - D-Link) D-Link SmartConsole Utility (x32 Version: 3.00.10 - D-Link) Hidden Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) Emergency Download Driver (HKLM-x32\...\{9ED72246-E35D-4B03-8369-605E82465A29}) (Version: 1.1.5.1416 - Nokia) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.04 - Ubisoft) Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version: - Ubisoft) FileViewPro (HKLM\...\{29938C06-6962-4C27-A94C-25E4F424A665}_is1) (Version: 1.5 - Solvusoft Corporation) FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse) FOSCAM Client (HKLM-x32\...\{9F9CDA0B-2291-4061-85C4-441A75BE6713}) (Version: 1.4.13 - FOSCAM) Fraps (HKLM-x32\...\Fraps) (Version: - ) Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.) Free YouTube Download version 3.2.49.1122 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1122 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.39.604 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.39.604 - DVDVideoSoft Ltd.) FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version: Preview - Marek Jasinski) Fuse Drivers x64 (HKLM-x32\...\{06904B2B-5000-4C58-9471-256BA1A303BE}) (Version: 11.34.1 - Nokia) Futuremark SystemInfo (HKLM-x32\...\{2FE4C157-30AD-47F3-9D93-D9A2AFF25D3F}) (Version: 4.33.485.0 - Futuremark) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden GRID Autosport (HKLM-x32\...\Steam App 255220) (Version: - Codemasters Racing) Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve) HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.) HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP) HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard) HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation) Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel) IPCamSetup (HKLM-x32\...\{02C39DE9-B03A-4FE7-89F9-61E224FE65CC}) (Version: 1.00.0000 - FOSCAM) IPCWebComponents 3.1.0.5 (HKLM-x32\...\{4740E1B2-51CF-4083-8976-D6B3B5A5064F}_is1) (Version: 3.1.0.5 - ) iRacing.com Race Simulation (HKLM-x32\...\{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}) (Version: 1.01.0485 - iRacing.com Motorsport Simulations) iSpy (HKLM-x32\...\{067B0B45-5718-4AF1-AAAB-A8D0894183A0}) (Version: 5.6.8 - iSpy) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) Lexware Elster (HKLM-x32\...\{CEF3D480-E4A5-4962-BCF5-D72F355B4E98}) (Version: 14.02.00.0015 - Haufe-Lexware GmbH & Co.KG) Lexware financial office 2014 (x32 Version: 18.51.00.0199 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware financial office plus 2014 (HKLM-x32\...\{cceb5f5e-fa2f-4632-aa50-1dffce083c79}) (Version: 18.0.0.98 - Haufe-Lexware GmbH & Co.KG) Lexware Info Service (HKLM-x32\...\{C5F9841A-CE4B-4D57-AB97-D7A82910E1F6}) (Version: 4.51.00.0091 - Haufe-Lexware GmbH & Co.KG) Lexware Installations Dienst (HKLM-x32\...\{1071B240-540B-420C-A40F-EF0AF5CD4892}) (Version: 3.51.00.0022 - Haufe-Lexware GmbH & Co.KG) Lexware online banking (HKLM-x32\...\{7F603892-89C9-4EC4-9236-7AD4A798EA41}) (Version: 21.00.00.0039 - Haufe-Lexware GmbH & Co.KG) Lexware PDF-Export 5 (x32 Version: 5.00.00.0005 - Haufe-Lexware GmbH & Co.KG) Hidden LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere) Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.) Macrium Reflect Free Edition (Version: 5.3.7086 - Paramount Software (UK) Ltd.) Hidden Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Metro 2033 Redux (HKLM-x32\...\Steam App 286690) (Version: - 4A GAMES) Metro: Last Light Redux (HKLM-x32\...\Steam App 287390) (Version: - 4A Games) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0407-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla) Mozilla Thunderbird 17.0.6 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 17.0.6 (x86 de)) (Version: 17.0.6 - Mozilla) Mozilla Thunderbird 24.0.1 (x86 de) (HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Mozilla Thunderbird 24.0.1 (x86 de)) (Version: 24.0.1 - Mozilla) MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD) MSI Kombustor 2.5.0 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version: - MSI Co., LTD) Need for Speed™ Rivals (HKLM-x32\...\{E0A32336-AA27-4053-99B2-C3380B7B95AC}) (Version: 1.4.0.0 - Electronic Arts) Nero 9 Lite (HKLM-x32\...\{f50f5bef-c397-4ef8-a24c-4d151e4c22ec}) (Version: - Nero AG) Nero Burning ROM 2014 (HKLM-x32\...\{A4DC74AA-F4DF-48B9-AA4B-C30CA0DBCA33}) (Version: 15.0.04600 - Nero AG) Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG) Netzmanager (HKLM-x32\...\Netzmanager) (Version: 1.081 - Deutsche Telekom AG) Netzmanager (Version: 1.081 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden Next Car Game Sneak Peek 2.0 (HKLM-x32\...\Steam App 272860) (Version: - Bugbear) Next Car Game: Wreckfest (HKLM-x32\...\Steam App 228380) (Version: - Bugbear) Nokia Software Recovery Tool (HKLM-x32\...\{637CB9CC-5F9E-40C1-ACF2-979733241E3E}) (Version: 1.4.3 - Nokia) NVIDIA GeForce Experience 2.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.1 - NVIDIA Corporation) NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.) PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PeerGuardian 2.0 (HKLM-x32\...\PeerGuardian_is1) (Version: 2.0.6.4 - Methlabs Productions) Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden Puddle (HKLM-x32\...\Steam App 222140) (Version: - Neko Entertainment) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.47.1374 - Qualcomm Atheros) Hidden Qualcomm Atheros Killer E220x Drivers (Version: 1.1.47.1374 - Qualcomm Atheros) Hidden Qualcomm Atheros Killer Performance Suite (HKLM-x32\...\{D675B346-8CDB-4C8E-804E-17FC9F62CEA5}) (Version: 1.1.47.1374 - Qualcomm Atheros) Qualcomm Atheros Killer Wireless-N Drivers (Version: 1.1.47.1374 - Qualcomm Atheros) Hidden Qualcomm Atheros Network Manager (Version: 1.1.47.1374 - Qualcomm Atheros) Hidden RACE 07 (HKLM-x32\...\Steam App 8600) (Version: - SimBin) Race Injection (HKLM-x32\...\Steam App 44680) (Version: - SimBin Studios AB) RaceRoom Racing Experience (HKLM-x32\...\Steam App 211500) (Version: - SimBin Studios AB) RaceRoom Racing Experience Launcher (HKLM-x32\...\{1FD9F07F-7BBF-4C91-B3F0-A23714A3A913}_is1) (Version: 1.0 - SimBin) Raptr (HKLM-x32\...\Raptr) (Version: - ) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) rFactor2 (HKLM-x32\...\rFactor2) (Version: - ) RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder) Roadkil's Unstoppable Copier Version 5.2 (HKLM-x32\...\{A306FD29-7D3A-4287-91AC-9A0180931395}_is1) (Version: - Roadkil.Net) SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.18.14 - NVIDIA Corporation) Hidden SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts) SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts) Simraceway 28.92 (HKLM-x32\...\Simraceway) (Version: 28.92 - Simraceway) SSWebPlugin (HKLM-x32\...\{8E545090-944A-4AAE-8B20-23DF1786F17D}) (Version: 1.0.0.39 - Synology) Starbound (HKLM-x32\...\Steam App 211820) (Version: - ) Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{B9824225-2055-4700-BCD4-64B25EC88264}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) SurveillanceHelper (HKLM-x32\...\{E8236305-76A1-4AE2-A35C-2498D6876912}) (Version: 1.0.0.3 - Synology) SurveillancePlugin (HKLM-x32\...\{B4637DBD-7E8E-46D4-BC9C-EC1C9F1DC561}) (Version: 1.0.0.423 - Synology) sv.net (HKLM-x32\...\sv.net) (Version: 14.1 - ITSG GmbH) System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer) TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp) The Bureau: XCOM Declassified (HKLM-x32\...\Steam App 65930) (Version: - 2K Marin) The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version: - Ubisoft) The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios) The Evil Within Demo (HKLM-x32\...\Steam App 329960) (Version: - Tango Gameworks) The Great War 1918 (HKLM-x32\...\Steam App 314420) (Version: - Relic Entertainment) Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH) Transformers: Fall of Cybertron (HKLM-x32\...\Steam App 213120) (Version: - Mercenary Technologies) TRANSFORMERS: Rise of the Dark Spark (HKLM-x32\...\Steam App 245760) (Version: - Edge of Reality) TreeSize Free V3.2.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.2.1 - JAM Software) TrojanHunter 5.6 (HKLM-x32\...\TrojanHunter_is1) (Version: 5.6 - Bytelayer AB) UltraISO Premium V9.6 (HKLM-x32\...\UltraISO_is1) (Version: - ) Unity Web Player (HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Uplay (HKLM-x32\...\Uplay) (Version: 4.5 - Ubisoft) USB Serial Port Driver (HKLM-x32\...\{281A7FBF-9E98-4639-AC73-D205BBF979AA}) (Version: 1.1.4.1416 - Nokia) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) War Thunder (HKLM-x32\...\Steam App 236390) (Version: - Gaijin Entertainment) Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version: - Ubisoft) Windows Phone app for desktop (HKLM-x32\...\{19773614-FC22-4ACC-AAA3-E6BDA81ACF92}) (Version: 1.1.2726.0 - Microsoft Corporation) Windows Phone app for desktop (HKLM-x32\...\{9C4D79B6-238E-49D8-AEBC-26384EBDE6B3}) (Version: 1.0.1720.1 - Microsoft Corporation) Windows-Treiberpaket - Lexmark International Printer (07/06/2012 2.1.5.0) (HKLM\...\BF11496524DAA0EE0B3DE7C870A7D17BC97C0B14) (Version: 07/06/2012 2.1.5.0 - Lexmark International) WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) WinToUSB version 1.4 (HKLM-x32\...\WinToUSB_is1) (Version: 1.4 - The EasyUEFI Development Team.) WinUsb CoInstallers (HKLM-x32\...\{B7D4B08A-9D89-4369-B51C-92CF8C03D2F8}) (Version: 1.1.8.1406 - Nokia) WinUSB Compatible ID Drivers (HKLM-x32\...\{C97989C1-551F-4F41-A069-2A49567FD36B}) (Version: 1.1.6.1416 - Nokia) WinUSB Drivers ext (HKLM-x32\...\{0ED6AC75-474D-4511-B198-05B8C99F6B8B}) (Version: 1.1.7.1416 - Nokia) Wolfenstein: The New Order German Edition (HKLM-x32\...\Steam App 288570) (Version: - MachineGames) WRC 4 FIA WORLD RALLY CHAMPIONSHIP (HKLM-x32\...\Steam App 256330) (Version: - Milestone S.r.l.) X-Motor Racing Demo (HKLM-x32\...\X-Motor Racing Demo_is1) (Version: - Exotypos) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2819443126-392552937-1277417864-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-2819443126-392552937-1277417864-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 12-01-2015 18:14:24 Geplanter Prüfpunkt 15-01-2015 05:51:28 Prüfpunkt von HitmanPro 18-01-2015 06:52:26 Revo Uninstaller's restore point - StormFall 18-01-2015 08:43:29 Wiederherstellungsvorgang 18-01-2015 10:16:34 18012015 vor adware benutzung 18-01-2015 10:31:28 Wiederherstellungsvorgang 18-01-2015 11:50:21 voradwareanchorundhotspot ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0AA1F179-FA10-46AF-9EAF-C6933A770D59} - \Seagate_Install_Launch No Task File <==== ATTENTION Task: {1887A53C-F03A-4C3F-8FEC-01CA1DB6EA08} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ONEPC-Admin OnePC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation) Task: {19395FDD-F5F0-447C-A834-FC9D8D1674EE} - \HPCustParticipation HP Officejet Pro 8600 No Task File <==== ATTENTION Task: {203982B8-C446-4F4F-8EF0-0BF4BC3A8952} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation) Task: {287F3197-7998-470F-B04D-6E2A296FABCB} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION Task: {3036B396-15F3-4430-98A9-337AB8481398} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION Task: {338EF201-1E25-40B3-98AE-3CFE691E881A} - \Microsoft_MKC_Logon_Task_itype.exe No Task File <==== ATTENTION Task: {3AA151C0-7079-4BD8-89B0-609D22DCA726} - \Microsoft_Hardware_Launch_mousekeyboardcenter_exe No Task File <==== ATTENTION Task: {41EED3EA-2A03-4192-87D2-5C3782189C28} - \User_Feed_Synchronization-{DF772C42-9DA6-4A07-A576-E2DAD94F2096} No Task File <==== ATTENTION Task: {51474427-D684-45F5-8DB5-C0732E75E7CA} - \{26CC40C6-7AF6-4A6A-B384-369B1AFDBE66} No Task File <==== ATTENTION Task: {57F7813B-623C-48B4-A6C2-525117AC3F7C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {619D129F-4304-4C73-A121-6730E9FA3027} - \CreateChoiceProcessTask No Task File <==== ATTENTION Task: {67D83E09-F3E9-4E45-9914-2AD631C2A390} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation) Task: {7015B8D7-DDB2-4A32-8E32-10F221DF0882} - \Microsoft_Hardware_Launch_itype_exe No Task File <==== ATTENTION Task: {796504CA-79C5-458A-9541-3173FACB30C1} - \Core Temp Autostart Admin No Task File <==== ATTENTION Task: {7B229291-634C-4B5B-8CA2-0FF9C5D4E72C} - \Microsoft_Hardware_Launch_ipoint_exe No Task File <==== ATTENTION Task: {88FA4920-C21E-4BB0-ACB3-1E00E1C234E1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation) Task: {A669484B-2B77-435D-A374-7A47988CF89F} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2819443126-392552937-1277417864-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe Task: {B86FCF37-6A96-4790-8328-5F8CC3E35BAB} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG) Task: {BA578D76-4613-45AB-8355-C0E4E3AA2CBC} - \MSIAfterburner No Task File <==== ATTENTION Task: {C323255A-0539-4900-8D63-355881C27817} - System32\Tasks\FRAPS => C:\Fraps\fraps.exe [2013-02-26] (Beepa P/L) Task: {C5050D0C-D39A-4B60-92FD-B5AA00AE652F} - \Microsoft_MKC_Logon_Task_ipoint.exe No Task File <==== ATTENTION Task: {E30E0525-FD4D-468D-B8B6-3BD9F61056C3} - \HP AR Program Upload - c8ac4278ca3949a487036fae545744fe5052aa724f0240da89d05ea85040bf29 No Task File <==== ATTENTION Task: {E551B41C-005D-431F-9533-76BFA25BCAC2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd) Task: {F8BAAB94-6F81-4DEF-BE85-6B3592734D8B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated) Task: {FA3CDBEE-0CC7-4B6A-9DA9-4D2154F03A36} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-ONEPC => C:\Windows\ehome\McxTask.exe [2013-09-30] (Microsoft Corporation) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-04-08 20:01 - 2014-12-13 09:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-06-20 18:09 - 2014-12-15 11:45 - 00020240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll 2014-06-26 14:04 - 2014-06-26 14:04 - 00100984 _____ () C:\Program Files (x86)\Common Files\Nokia\ADUService\ADUService.exe 2014-03-22 09:08 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2010-10-19 08:31 - 2010-10-19 08:31 - 00205312 _____ () C:\Program Files\Netzmanager\NMInfraIS2\driver64\SoftplugLib.DLL 2013-08-10 21:00 - 2014-06-13 14:17 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe 2013-07-11 22:04 - 2013-07-11 22:04 - 01630720 _____ () C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe 2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2014-11-25 08:19 - 2014-11-25 08:19 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll 2014-09-19 14:48 - 2014-09-19 14:48 - 00330240 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe 2014-11-22 01:03 - 2014-11-22 01:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2015-01-18 16:14 - 2015-01-18 16:14 - 00852504 _____ () C:\Users\Admin\Downloads\SecurityCheck.exe 2015-01-18 16:27 - 2015-01-18 16:14 - 00852504 _____ () C:\Users\Admin\Desktop\SecurityCheck.exe 2015-01-17 12:17 - 2014-06-26 07:44 - 00358144 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe 2013-07-11 22:03 - 2013-07-11 22:03 - 00252832 _____ () C:\Program Files (x86)\SimracewayUpdater\PATCHW32.dll 2015-01-15 15:06 - 2015-01-15 15:06 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\c89a3da49bf7bd161745f4228277ea00\PSIClient.ni.dll 2013-06-03 18:28 - 2012-07-18 04:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2013-09-26 11:20 - 2013-09-26 11:20 - 00176168 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll 2013-09-26 11:20 - 2013-09-26 11:20 - 00043048 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll 2010-11-22 23:56 - 2010-11-22 23:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd 2014-05-14 00:26 - 2014-05-14 00:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd 2014-05-14 00:26 - 2014-05-14 00:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd 2014-05-14 00:26 - 2014-05-14 00:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd 2014-05-14 00:26 - 2014-05-14 00:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd 2010-11-22 23:57 - 2010-11-22 23:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll 2010-11-22 23:56 - 2010-11-22 23:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd 2010-11-22 23:57 - 2010-11-22 23:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd 2010-11-22 23:57 - 2010-11-22 23:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd 2011-02-15 19:17 - 2011-02-15 19:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll 2010-11-22 23:57 - 2010-11-22 23:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd 2014-05-14 00:26 - 2014-05-14 00:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll 2010-11-22 23:57 - 2010-11-22 23:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd 2014-08-14 01:37 - 2014-08-14 01:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll 2014-08-14 01:37 - 2014-08-14 01:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll 2010-11-22 23:56 - 2010-11-22 23:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd 2011-11-21 03:20 - 2011-11-21 03:20 - 01949696 _____ () C:\Program Files (x86)\Raptr\libtorrent.pyd 2010-11-22 23:57 - 2010-11-22 23:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd 2013-11-21 01:05 - 2013-11-21 01:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll 2010-11-22 23:57 - 2010-11-22 23:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd 2014-06-18 01:56 - 2014-06-18 01:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd 2011-02-15 19:17 - 2011-02-15 19:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll 2010-11-23 00:06 - 2010-11-23 00:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll 2013-05-10 00:52 - 2013-05-10 00:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll 2013-05-10 00:52 - 2013-05-10 00:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll 2013-05-10 00:52 - 2013-05-10 00:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll 2013-05-03 19:56 - 2013-05-03 19:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll 2013-05-03 19:56 - 2013-05-03 19:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll 2013-05-03 19:56 - 2013-05-03 19:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll 2014-11-21 05:49 - 2014-11-21 05:49 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll 2014-10-16 10:15 - 2014-10-16 10:15 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll 2014-05-24 17:41 - 2014-05-24 17:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll 2014-05-24 17:41 - 2014-05-24 17:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll 2014-11-21 05:47 - 2014-11-21 05:47 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll 2015-01-18 16:42 - 2015-01-18 16:42 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Admin\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "SRW Download Manager.lnk" HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service" HKLM\...\StartupApproved\Run32: => "IAStorIcon" HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor" HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe" HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray" HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\StartupFolder: => "Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk" HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk" HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\StartupFolder: => "Tintenwarnungen überwachen - .lnk" HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\Run: => "GarminExpressTrayApp" HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\Run: => "Uploader" HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\Run: => "Prime95" ========================= Accounts: ========================== Admin (S-1-5-21-2819443126-392552937-1277417864-1001 - Administrator - Enabled) => C:\Users\Admin Administrator (S-1-5-21-2819443126-392552937-1277417864-500 - Administrator - Disabled) fbwuser2B82 (S-1-5-21-2819443126-392552937-1277417864-1007 - Limited - Enabled) fbwuser6E92 (S-1-5-21-2819443126-392552937-1277417864-1008 - Limited - Enabled) fbwuserADE8 (S-1-5-21-2819443126-392552937-1277417864-1005 - Limited - Enabled) fbwuserB171 (S-1-5-21-2819443126-392552937-1277417864-1006 - Limited - Enabled) fbwuserB705 (S-1-5-21-2819443126-392552937-1277417864-1010 - Limited - Enabled) fbwuserF7BE (S-1-5-21-2819443126-392552937-1277417864-1009 - Limited - Enabled) Gast (S-1-5-21-2819443126-392552937-1277417864-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2819443126-392552937-1277417864-1012 - Limited - Enabled) Mcx1-ONEPC (S-1-5-21-2819443126-392552937-1277417864-1004 - Limited - Enabled) => C:\Users\Mcx1-ONEPC ==================== Faulty Device Manager Devices ============= Name: Microsoft Bluetooth-Auflistung Description: Microsoft Bluetooth-Auflistung Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Microsoft Service: BthEnum Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (01/18/2015 04:32:52 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest. Error: (01/18/2015 04:32:51 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest. Error: (01/18/2015 04:32:49 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest. Error: (01/18/2015 04:27:46 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest. Error: (01/18/2015 02:52:57 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest. Error: (01/18/2015 02:52:57 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest. Error: (01/18/2015 02:52:56 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest. Error: (01/18/2015 11:56:20 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest. Error: (01/18/2015 11:26:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ONEPC) Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927151. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (01/18/2015 11:26:28 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ONEPC) Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927151. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. System errors: ============= Error: (01/18/2015 03:11:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Micro Star SCM" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (01/18/2015 03:05:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Micro Star SCM" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (01/18/2015 02:35:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Micro Star SCM" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (01/18/2015 00:41:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Micro Star SCM" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (01/18/2015 00:40:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (01/18/2015 00:40:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (01/18/2015 00:40:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Nero Update" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (01/18/2015 00:40:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Intel(R) Rapid Storage-Technologie" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (01/18/2015 00:40:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (01/18/2015 00:40:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Microsoft Office Sessions: ========================= Error: (01/18/2015 04:32:52 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Admin\Downloads\esetsmartinstaller_deu(3).exe Error: (01/18/2015 04:32:51 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Admin\Downloads\esetsmartinstaller_deu(3).exe Error: (01/18/2015 04:32:49 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Admin\Downloads\esetsmartinstaller_deu(3).exe Error: (01/18/2015 04:27:46 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Admin\Downloads\esetsmartinstaller_deu(3).exe Error: (01/18/2015 02:52:57 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Admin\Downloads\esetsmartinstaller_deu(1).exe Error: (01/18/2015 02:52:57 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Admin\Downloads\esetsmartinstaller_deu.exe Error: (01/18/2015 02:52:56 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Admin\Downloads\esetsmartinstaller_deu(2).exe Error: (01/18/2015 11:56:20 AM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (01/18/2015 11:26:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ONEPC) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927151 Error: (01/18/2015 11:26:28 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ONEPC) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927151 CodeIntegrity Errors: =================================== Date: 2015-01-18 16:46:31.004 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements. Date: 2015-01-18 16:19:03.859 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements. Date: 2015-01-18 15:56:22.960 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements. Date: 2015-01-18 15:36:44.510 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. Date: 2015-01-18 15:22:13.269 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements. Date: 2015-01-18 15:22:12.112 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Microsoft signing level requirements. Date: 2015-01-18 15:22:11.972 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Microsoft signing level requirements. Date: 2015-01-18 15:22:11.815 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Microsoft signing level requirements. Date: 2015-01-18 15:22:11.644 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\SysWOW64\hmpalert.dll that did not meet the Microsoft signing level requirements. Date: 2015-01-18 15:13:23.999 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz Percentage of memory in use: 18% Total physical RAM: 16276.89 MB Available physical RAM: 13274.06 MB Total Pagefile: 32660.89 MB Available Pagefile: 29112.84 MB Total Virtual: 131072 MB Available Virtual: 131071.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:446.79 GB) (Free:147.13 GB) NTFS Drive d: (Volume) (Fixed) (Total:931.39 GB) (Free:217.55 GB) NTFS Drive g: () (Removable) (Total:3.63 GB) (Free:1.94 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 447.1 GB) (Disk ID: 003DE352) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=446.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: 000ABBCC) Partition: GPT Partition Type. ======================================================== Disk: 2 (Size: 3.6 GB) (Disk ID: 1CB9B741) Partition 1: (Not Active) - (Size=3.6 GB) - (Type=0B) ==================== End Of Log ============================ |
18.01.2015, 19:40 | #10 |
/// the machine /// TB-Ausbilder | nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v Hotspotshield einfach deinstallieren?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
19.01.2015, 06:29 | #11 |
| nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v Guten Morgen, schon längst runter nur noch dieser besagte Treiber der auch im Zusammenhang mit der Netzwerkfähigkeit steht. ich check mal einen anderen Rechner ob der diese Dateien auch besitzt auf dem nie dieses Programm installiert war hier nun noch der fehlende Scan von eset Code:
ATTFilter C:\Users\Admin\AppData\Local\Temp\DMR\dmr_72.exe Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung C:\Users\Admin\Downloads\TCPView - CHIP-Installer.exe Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung neueste info: anderer rechner hat keine tap und hss sysen und laufen auch.... wenn ich meine aber umbenenne oder lösche geht mein Rechner nicht ins internet. insbesondere der hss von hotspotshield... ist das internet darüber verbunden worden und muss das nun entknotet werden.... würg.... Geändert von andto (19.01.2015 um 06:51 Uhr) |
19.01.2015, 15:21 | #12 |
/// the machine /// TB-Ausbilder | nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v Du hast also einen zweiten Rechner? Dann bitte auf diesem AdwCleaner löschen lassen. Wenn Internet nicht geht, bitte einen Scan mit FRST machen und das Log über den andern PC hier posten.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
19.01.2015, 16:05 | #13 |
| nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921vFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015 Ran by Admin (administrator) on ONEPC on 19-01-2015 15:57:23 Running from C:\Users\Admin\Downloads Loaded Profiles: Admin (Available profiles: Admin & Mcx1-ONEPC) Platform: Windows 8.1 Pro with Media Center (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe () C:\Program Files (x86)\Common Files\Nokia\ADUService\ADUService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (iRacing.com Motorsport Simulations, LLC Bedford, MA 01730) D:\Program Files (x86)\iRacing\iRacingService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe (Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe () C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Users\Admin\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Electronic Arts) D:\Program Files (x86)\Origin\Origin.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Internettransfer\LxTrans.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe (Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe (Geek Software GmbH) D:\Program Files (x86)\PDF24\pdf24.exe (Mischel Internet Security) C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe (Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531984 2015-01-07] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [TransferManager] => C:\Program Files (x86)\Common Files\Lexware\Internettransfer\LxTrans.exe [444928 2014-06-29] (Haufe-Lexware GmbH & Co. KG) HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2014-06-03] (Haufe-Lexware GmbH & Co. KG) HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc) HKLM-x32\...\Run: [PDFPrint] => d:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH) HKLM-x32\...\Run: [THGuard] => C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe [1081808 2014-07-30] (Mischel Internet Security) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [SkyDrive] => C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-09] (Microsoft Corporation) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [EADM] => d:\Program Files (x86)\Origin\Origin.exe [3618648 2014-12-19] (Electronic Arts) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [Prime95] => C:\Users\Admin\Downloads\p95v285.win64\prime95.exe [36363264 2014-05-30] () HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [PeerGuardian] => C:\Program Files (x86)\PeerGuardian2\pg2.exe [1421824 2005-09-18] (Methlabs) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\MountPoints2: {0d48a496-850f-11e3-becb-a417319ede24} - "G:\setup_vmc_lite.exe" /checkApplicationPresence HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\MountPoints2: {78f8706e-00e8-11e4-bf2b-a417319ede24} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\start.exe HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "D:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation) AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation) AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation) Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG) Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk ShortcutTarget: Tintenwarnungen überwachen - .lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{2D7BDE37-83EC-438A-9E1F-A610594DD358}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRW Download Manager.lnk ShortcutTarget: SRW Download Manager.lnk -> C:\IgniteGT\Simraceway\SRWAgent.exe (IgniteGT) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {3746422E-4692-4429-9698-E3EB34FE07BC} hxxp://192.168.1.9:88/FSIPCam.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {960DC750-7447-4CDE-BF1C-FB33F9129654} hxxp://192.168.1.9:5000/webman/3rdparty/SurveillanceStation/object/SSObject3.cab?6.1-2909 DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://192.168.1.117/codebase/DVM_IPCam2.ocx DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b1nx067f.default-1421664205499 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll () FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll () FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: synology.com/SurveillanceHelper -> C:\Program Files (x86)\Synology\SurveillanceHelper\1.0.0.3\npSurveillanceHelper.dll (Synology) FF Plugin-x32: synology.com/SurveillancePlugin -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.423\npSurveillancePlugin.dll (Synology) FF Plugin HKU\S-1-5-21-2819443126-392552937-1277417864-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-2819443126-392552937-1277417864-1001: hp.com/HPDetect -> C:\Users\Admin\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP) FF Plugin HKU\S-1-5-21-2819443126-392552937-1277417864-1001: synology.com/SSWebPlugin -> C:\Users\Admin\AppData\Roaming\Synology\SSWebPlugin\1.0.0.39\npSSWebPlugin.dll (Synology) FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2015-01-18] FF HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\extensions\cliqz@cliqz.com Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Admin\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-11-08] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ADUServiceNSRT; C:\Program Files (x86)\Common Files\Nokia\ADUService\ADUService.exe [100984 2014-06-26] () [File not signed] S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-12-03] () S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-12-10] (Futuremark) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-07] (NVIDIA Corporation) R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2015-01-15] (SurfRight B.V.) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-10-03] (Intel Corporation) R2 iRacingService; D:\Program Files (x86)\iRacing\iRacingService.exe [798840 2015-01-13] (iRacing.com Motorsport Simulations, LLC Bedford, MA 01730) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-09-17] (Intel Corporation) R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [62504 2014-06-26] (Haufe-Lexware GmbH & Co. KG) R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2015-01-07] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19822736 2015-01-07] (NVIDIA Corporation) S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts) R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-06-13] () R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [387584 2014-09-19] (Qualcomm Atheros) [File not signed] R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3275728 2014-06-24] (Paramount Software UK Ltd) R2 Simraceway Update Service; C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe [1630720 2013-07-11] () [File not signed] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) S2 Micro Star SCM; C:\WINDOWS\SysWOW64\MSIService.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3905536 2014-08-22] (Qualcomm Atheros Communications, Inc.) R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [97968 2014-09-11] (Qualcomm Atheros, Inc.) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2015-01-15] () R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.) R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.) S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [11776 2009-04-09] (ZTE Incorporated) [File not signed] S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-18] (Malwarebytes Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4263936 2013-06-03] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-07] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] () S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited) S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-06-23] (Research in Motion Limited) S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd) S3 SjtWinIo; C:\Windows\System32\drivers\SjtWinIo.sys [9216 2014-08-26] (SpeedJet Technology INC.) R3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) S3 UHSfiltv; C:\Windows\system32\drivers\UHSfiltv.sys [23552 2012-09-12] (Creative Technology Ltd.) [File not signed] S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S3 AthBTPort; \SystemRoot\system32\DRIVERS\btath_flt.sys [X] S3 BTATH_A2DP; \SystemRoot\system32\drivers\btath_a2dp.sys [X] S3 btath_avdt; \SystemRoot\system32\drivers\btath_avdt.sys [X] S3 BTATH_BUS; \SystemRoot\System32\drivers\btath_bus.sys [X] S3 BTATH_HCRP; \SystemRoot\System32\drivers\btath_hcrp.sys [X] S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X] S3 BTATH_RCP; \SystemRoot\System32\drivers\btath_rcp.sys [X] S3 cpuz138; \??\C:\WINDOWS\TEMP\cpuz138\cpuz138_x64.sys [X] S3 GPUZ; \??\C:\WINDOWS\TEMP\GPUZ.sys [X] S3 hitmanpro37; \??\C:\WINDOWS\system32\drivers\hitmanpro37.sys [X] S1 HssDRV6; \SystemRoot\system32\DRIVERS\hssdrv6.sys [X] S3 pxldapoc; \??\C:\Users\Admin\AppData\Local\Temp\pxldapoc.sys [X] S3 taphss6; \SystemRoot\system32\DRIVERS\taphss6.sys [X] S3 VMSMP; \SystemRoot\system32\DRIVERS\vmswitch.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-19 15:12 - 2015-01-19 15:12 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-01-19 15:12 - 2015-01-19 15:12 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-01-19 15:12 - 2015-01-19 15:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-19 15:10 - 2015-01-19 15:10 - 00243728 _____ () C:\Users\Admin\Downloads\Firefox Setup Stub 35_0.exe 2015-01-19 15:09 - 2015-01-19 15:09 - 00001410 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-19 07:02 - 2015-01-19 07:02 - 00000636 _____ () C:\Users\Admin\Desktop\JRT.txt 2015-01-19 06:57 - 2015-01-19 06:57 - 01707939 _____ (Thisisu) C:\Users\Admin\Downloads\JRT(1).exe 2015-01-18 16:42 - 2015-01-19 15:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-18 16:27 - 2015-01-18 16:14 - 00852504 _____ () C:\Users\Admin\Desktop\SecurityCheck.exe 2015-01-18 16:14 - 2015-01-18 16:14 - 00852504 _____ () C:\Users\Admin\Downloads\SecurityCheck.exe 2015-01-18 16:09 - 2015-01-18 16:09 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu(3).exe 2015-01-18 10:11 - 2015-01-18 10:11 - 00000000 ____D () C:\Users\Admin\Downloads\FRST-OlderVersion 2015-01-18 09:34 - 2015-01-18 09:34 - 01707939 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe 2015-01-18 09:34 - 2015-01-18 09:34 - 00000000 ____D () C:\WINDOWS\ERUNT 2015-01-18 09:31 - 2015-01-18 09:31 - 02186752 _____ () C:\Users\Admin\Downloads\AdwCleaner_4.108(1).exe 2015-01-18 09:18 - 2015-01-18 09:39 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-01-18 09:18 - 2015-01-18 09:18 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-18 09:18 - 2015-01-18 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-18 09:18 - 2015-01-18 09:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-18 09:18 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-01-18 09:18 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-01-18 09:18 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-01-18 09:10 - 2015-01-18 09:11 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028(1).exe 2015-01-18 08:52 - 2014-08-22 09:00 - 03905536 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athwbx.sys 2015-01-18 08:34 - 2015-01-18 08:34 - 00000000 ____D () C:\Dell 2015-01-18 07:26 - 2015-01-18 07:26 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Synaptics 2015-01-18 07:21 - 2015-01-18 08:23 - 00029758 _____ () C:\WINDOWS\DPINST.LOG 2015-01-18 07:21 - 2015-01-18 07:21 - 00001342 _____ () C:\WINDOWS\Synaptics.log 2015-01-18 07:21 - 2015-01-18 07:21 - 00000000 ____D () C:\Program Files\Synaptics 2015-01-18 07:10 - 2015-01-18 07:10 - 00003707 _____ () C:\Users\Admin\Desktop\AdwCleaner[S0].txt 2015-01-18 07:04 - 2015-01-18 07:04 - 00001220 _____ () C:\Users\Admin\Desktop\Malwarebytes Anti-Malware180120150700.txt 2015-01-18 06:50 - 2015-01-19 14:29 - 00001280 _____ () C:\Users\Admin\Desktop\Revo Uninstaller.lnk 2015-01-18 06:50 - 2015-01-19 14:29 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-01-18 06:50 - 2015-01-18 06:50 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Admin\Downloads\revosetup95.exe 2015-01-17 13:14 - 2015-01-19 15:54 - 00000000 ____D () C:\AdwCleaner 2015-01-17 13:14 - 2015-01-17 13:14 - 02186752 _____ () C:\Users\Admin\Downloads\AdwCleaner_4.108.exe 2015-01-17 13:12 - 2015-01-17 13:12 - 00380416 _____ () C:\Users\Admin\Downloads\dsz5321w.exe 2015-01-17 12:42 - 2015-01-17 13:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-01-17 12:41 - 2015-01-17 13:05 - 00000000 ____D () C:\Users\Admin\Desktop\mbar 2015-01-17 12:40 - 2015-01-17 12:41 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Admin\Downloads\mbar-1.08.2.1001.exe 2015-01-17 12:16 - 2015-01-17 12:16 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu(2).exe 2015-01-17 12:08 - 2015-01-17 12:08 - 00013401 _____ () C:\Users\Admin\Downloads\gmerversion2018444.log 2015-01-17 09:48 - 2015-01-19 15:54 - 00004924 _____ () C:\WINDOWS\PFRO.log 2015-01-17 09:47 - 2015-01-17 09:47 - 00009952 _____ () C:\Users\Admin\Desktop\malwarebytestestversion2041028.txt 2015-01-17 09:45 - 2015-01-17 09:45 - 00365568 _____ () C:\Users\Admin\Downloads\gmer-2.0.18444.exe 2015-01-17 09:38 - 2015-01-17 09:38 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-17 09:32 - 2015-01-17 09:32 - 00085001 _____ () C:\Users\Admin\Desktop\Resultminitoolbox.txt 2015-01-17 09:31 - 2015-01-17 09:32 - 00084965 _____ () C:\Users\Admin\Downloads\Result.txt 2015-01-17 09:31 - 2015-01-17 09:31 - 00401920 _____ (Farbar) C:\Users\Admin\Downloads\MiniToolBox.exe 2015-01-17 09:23 - 2015-01-17 09:23 - 00126319 _____ () C:\Users\Admin\Downloads\Shortcut.txt 2015-01-17 09:21 - 2015-01-17 09:21 - 00049295 _____ () C:\Users\Admin\Desktop\FRST.txt 2015-01-17 08:49 - 2015-01-17 08:49 - 00380416 _____ () C:\Users\Admin\Downloads\Gmer-19357.exe 2015-01-17 08:44 - 2015-01-19 15:57 - 00023106 _____ () C:\Users\Admin\Downloads\FRST.txt 2015-01-17 08:44 - 2015-01-19 15:57 - 00000000 ____D () C:\FRST 2015-01-17 08:44 - 2015-01-18 17:02 - 00057121 _____ () C:\Users\Admin\Downloads\Addition.txt 2015-01-17 08:43 - 2015-01-18 10:11 - 02126336 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe 2015-01-17 08:43 - 2015-01-18 10:09 - 00000472 _____ () C:\Users\Admin\Downloads\defogger_disable.log 2015-01-17 08:43 - 2015-01-17 08:43 - 00050477 _____ () C:\Users\Admin\Downloads\Defogger.exe 2015-01-17 08:43 - 2015-01-17 08:43 - 00000000 _____ () C:\Users\Admin\defogger_reenable 2015-01-16 17:10 - 2015-01-16 17:10 - 00000000 ____D () C:\Users\Admin\Downloads\TcpView-3.05 2015-01-16 17:09 - 2015-01-16 17:09 - 01179936 _____ () C:\Users\Admin\Downloads\TCPView - CHIP-Installer.exe 2015-01-16 17:09 - 2015-01-16 17:09 - 00291606 _____ () C:\Users\Admin\Downloads\TcpView-3.05.zip 2015-01-16 14:41 - 2015-01-16 14:41 - 00003657 _____ () C:\Users\Admin\Desktop\virenverdachtdatei.txt 2015-01-16 08:41 - 2015-01-16 08:41 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu(1).exe 2015-01-15 06:14 - 2015-01-19 15:54 - 00000000 ____D () C:\WINDOWS\CryptoGuard 2015-01-15 06:14 - 2015-01-17 08:12 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert 2015-01-15 06:14 - 2015-01-15 06:37 - 00548424 _____ (SurfRight) C:\WINDOWS\system32\hmpalert.dll 2015-01-15 06:14 - 2015-01-15 06:37 - 00477008 _____ (SurfRight) C:\WINDOWS\SysWOW64\hmpalert.dll 2015-01-15 06:14 - 2015-01-15 06:37 - 00093144 _____ () C:\WINDOWS\system32\Drivers\hmpalert.sys 2015-01-15 06:14 - 2015-01-15 06:14 - 01889616 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\hmpalert.exe 2015-01-15 06:14 - 2015-01-15 06:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert 2015-01-15 06:14 - 2015-01-15 06:14 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert 2015-01-15 06:09 - 2015-01-15 06:09 - 00319536 _____ () C:\WINDOWS\Minidump\011515-10203-01.dmp 2015-01-15 06:08 - 2015-01-15 06:08 - 1604350282 _____ () C:\WINDOWS\MEMORY.DMP 2015-01-15 05:52 - 2015-01-15 05:52 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe 2015-01-15 05:52 - 2015-01-15 05:52 - 00000856 _____ () C:\WINDOWS\system32\.crusader 2015-01-15 05:52 - 2015-01-15 05:52 - 00000142 _____ () C:\WINDOWS\system32\bootdelete.lst 2015-01-14 20:20 - 2015-01-14 20:22 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.6 2015-01-14 20:20 - 2015-01-14 20:20 - 00059392 ____R () C:\WINDOWS\SysWOW64\streamhlp.dll 2015-01-14 20:20 - 2015-01-14 20:20 - 00001097 _____ () C:\Users\Admin\Desktop\TrojanHunter.lnk 2015-01-14 20:20 - 2015-01-14 20:20 - 00000000 ____D () C:\ProgramData\TrojanHunter 2015-01-14 20:20 - 2015-01-14 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter 2015-01-14 20:16 - 2015-01-14 20:16 - 00000949 _____ () C:\Users\Mcx1-ONEPC\Desktop\PeerGuardian.lnk 2015-01-14 20:16 - 2015-01-14 20:16 - 00000949 _____ () C:\Users\Admin\Desktop\PeerGuardian.lnk 2015-01-14 20:16 - 2015-01-14 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerGuardian 2 2015-01-14 20:16 - 2015-01-14 20:16 - 00000000 ____D () C:\Program Files (x86)\PeerGuardian2 2015-01-14 19:44 - 2015-01-14 19:45 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu.exe 2015-01-14 19:44 - 2015-01-14 19:44 - 02209056 _____ () C:\Users\Admin\Downloads\avira-eu-cleaner_de.exe 2015-01-14 19:44 - 2015-01-14 19:44 - 00002072 _____ () C:\Users\Admin\Desktop\Entfernen des Avira EU-Cleaners.lnk 2015-01-14 19:44 - 2015-01-14 19:44 - 00002016 _____ () C:\Users\Admin\Desktop\Avira EU-Cleaner.lnk 2015-01-14 19:35 - 2015-01-15 05:52 - 00000000 ____D () C:\ProgramData\HitmanPro 2015-01-14 19:35 - 2015-01-14 19:35 - 11225840 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\hitmanpro_x64.exe 2015-01-14 19:28 - 2015-01-19 15:54 - 00008155 _____ () C:\WINDOWS\setupact.log 2015-01-14 19:28 - 2015-01-14 19:28 - 00000000 _____ () C:\WINDOWS\setuperr.log 2015-01-14 17:25 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll 2015-01-14 17:25 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll 2015-01-14 10:15 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-01-14 10:15 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-01-14 10:15 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-01-14 10:15 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-01-14 10:15 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-01-14 10:15 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-01-14 10:15 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-01-14 10:15 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-01-14 10:15 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-01-14 10:15 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-01-14 10:15 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-01-14 10:15 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-01-14 10:15 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-01-14 10:15 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-01-14 10:15 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-01-13 14:36 - 2015-01-13 14:41 - 00000000 ____D () C:\Users\Admin\Documents\InfiniteCrisis 2015-01-13 14:36 - 2015-01-13 14:36 - 00000000 ____D () C:\Users\Admin\AppData\Local\InfiniteCrisis 2015-01-13 08:17 - 2015-01-13 12:41 - 00000000 ____D () C:\Users\Admin\AppData\Local\Turbine 2015-01-13 08:08 - 2015-01-13 08:08 - 00000000 ____D () C:\ProgramData\Turbine 2015-01-13 07:17 - 2015-01-13 07:19 - 164623600 _____ () C:\Users\Admin\Desktop\InfiniteCrisisInstaller.exe 2015-01-10 12:50 - 2015-01-10 12:50 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf 2015-01-10 12:49 - 2015-01-10 12:50 - 05410368 _____ (Code Laboratories, Inc.) C:\Users\Admin\Downloads\CL-Eye-Driver-5.3.0.0341.exe 2015-01-10 12:42 - 2015-01-10 12:43 - 23535342 _____ () C:\Users\Admin\Downloads\ECam-V2_0_3_0.zip 2015-01-09 17:16 - 2015-01-09 17:50 - 2840363008 _____ () C:\Users\Admin\Downloads\Image_Windows7_32+64.iso 2015-01-05 14:30 - 2015-01-05 14:30 - 01923104 _____ (CTS Games Ltd. ) C:\Users\Admin\Downloads\szone_webinst.exe 2015-01-04 19:49 - 2015-01-18 14:23 - 00070144 ___SH () C:\Users\Admin\Desktop\Thumbs.db 2015-01-03 16:16 - 2015-01-03 16:16 - 00000876 _____ () C:\Users\Admin\Desktop\X-Motor Racing Launcher.lnk 2015-01-03 16:16 - 2015-01-03 16:16 - 00000831 _____ () C:\Users\Admin\Desktop\X-Motor Racing.lnk 2015-01-03 16:16 - 2015-01-03 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X-Motor Racing Demo 2015-01-03 16:15 - 2015-01-03 16:15 - 00000000 ____D () C:\Games 2015-01-03 16:11 - 2015-01-03 16:14 - 220323599 _____ () C:\Users\Admin\Downloads\x-motor-racing.demo.v1.48.zip 2014-12-30 13:55 - 2014-12-30 13:55 - 00003909 _____ () C:\Users\Admin\Downloads\Transformers.Rise.of.the.Dark.Spark.save100.zip 2014-12-30 13:47 - 2014-12-30 13:47 - 00000000 ____H () C:\Users\Admin\Documents\Default.rdp 2014-12-29 18:53 - 2014-12-29 18:53 - 00000000 ____D () C:\Lohnkonto 2014-12-29 17:46 - 2014-12-29 17:46 - 00002860 _____ () C:\Users\Admin\Desktop\ToppKurierMA2014.csv 2014-12-29 17:42 - 2014-12-29 17:42 - 00004266 _____ () C:\Users\Admin\Desktop\MA2014.txt 2014-12-29 17:35 - 2014-12-29 19:12 - 00000000 ____D () C:\Users\Admin\elan2014 2014-12-29 17:34 - 2014-12-29 17:34 - 00001985 _____ () C:\Users\Admin\Desktop\REHADAT_Elan_2014.lnk 2014-12-29 17:34 - 2014-12-29 17:34 - 00000000 ____D () C:\Users\Admin\elan2014start 2014-12-29 17:34 - 2014-12-29 17:34 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\REHADAT_Elan_2014 2014-12-28 15:26 - 2014-12-28 15:26 - 00000000 ____D () C:\Users\Admin\AppData\Local\Skyrim 2014-12-28 08:06 - 2014-12-28 08:06 - 00000000 ____D () C:\Users\Admin\AppData\Local\techland 2014-12-27 21:21 - 2014-12-27 21:21 - 00000222 _____ () C:\Users\Admin\Desktop\Call of Juarez Gunslinger.url 2014-12-26 08:14 - 2014-12-26 08:14 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2014-12-25 14:03 - 2015-01-19 11:40 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\QuickScan 2014-12-25 09:52 - 2014-12-25 09:52 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2819443126-392552937-1277417864-1001 2014-12-24 20:00 - 2014-12-24 20:00 - 00000222 _____ () C:\Users\Admin\Desktop\Next Car Game Wreckfest.url 2014-12-24 19:03 - 2014-12-24 19:03 - 00000000 ____D () C:\Users\Admin\AppData\Local\next car game technology sneak peek 2014-12-24 19:02 - 2014-12-24 19:02 - 11754447 _____ () C:\Users\Admin\Downloads\ncg_wallpapers.zip 2014-12-24 18:26 - 2014-12-24 19:00 - 00000222 _____ () C:\Users\Admin\Desktop\Next Car Game Sneak Peek 2.0.url 2014-12-24 12:15 - 2014-12-24 12:15 - 00000221 _____ () C:\Users\Admin\Desktop\Cogs.url 2014-12-24 11:39 - 2014-12-24 11:38 - 00000444 _____ () C:\Users\Admin\Desktop\Delivery report.ext 2014-12-22 19:50 - 2015-01-19 15:24 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2819443126-392552937-1277417864-1001 2014-12-22 17:33 - 2014-12-22 17:34 - 06177829 _____ () C:\Users\Admin\Downloads\Helmet&Driver.rar 2014-12-22 17:33 - 2014-12-22 17:33 - 00534227 _____ (Reiza Studios Ltda. ) C:\Users\Admin\Downloads\Marcas_v102_Setup.exe 2014-12-22 12:40 - 2015-01-19 15:55 - 01741671 _____ () C:\WINDOWS\WindowsUpdate.log 2014-12-22 12:37 - 2015-01-19 15:20 - 00005124 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ONEPC-Admin OnePC 2014-12-22 12:34 - 2014-12-22 12:34 - 00002772 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2014-12-22 12:34 - 2014-12-22 12:34 - 00000794 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-12-22 12:34 - 2014-12-22 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-12-22 12:34 - 2014-12-22 12:34 - 00000000 ____D () C:\Program Files\CCleaner 2014-12-22 12:30 - 2015-01-05 14:39 - 00000000 ____D () C:\Program Files (x86)\Panda Security 2014-12-22 12:30 - 2015-01-05 14:38 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Panda Security 2014-12-22 12:30 - 2014-12-22 12:31 - 04036200 _____ (Piriform Ltd) C:\Users\Admin\Downloads\ccsetup500_slim.exe 2014-12-22 12:29 - 2015-01-05 14:38 - 00000000 ____D () C:\ProgramData\Panda Security 2014-12-21 11:49 - 2014-12-21 11:49 - 00000222 _____ () C:\Users\Admin\Desktop\The Great War 1918.url 2014-12-21 11:46 - 2014-12-21 11:46 - 00001373 _____ () C:\Users\Admin\Desktop\The Great War 1918.lnk 2014-12-21 09:44 - 2014-12-21 09:44 - 00000222 _____ () C:\Users\Admin\Desktop\Company of Heroes (New Steam Version).url 2014-12-20 11:53 - 2014-12-25 13:17 - 00000022 _____ () C:\WINDOWS\GPU-Z.INI 2014-12-20 11:43 - 2014-12-20 11:43 - 00000000 ____D () C:\Program Files (x86)\Futuremark 2014-12-20 11:40 - 2014-12-20 11:41 - 02674688 _____ () C:\Users\Admin\Downloads\Futuremark_SystemInfo_v433_installer.msi 2014-12-20 11:40 - 2014-12-20 11:40 - 00000000 ____D () C:\Users\Admin\AppData\Local\Futuremark 2014-12-20 11:33 - 2014-12-20 11:33 - 00001176 _____ () C:\Users\Public\Desktop\3DMark.lnk 2014-12-20 11:33 - 2014-12-20 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark 2014-12-20 11:33 - 2014-12-20 11:33 - 00000000 ____D () C:\Program Files\Futuremark 2014-12-20 08:41 - 2014-12-20 08:41 - 00000975 _____ () C:\Users\Admin\Desktop\TechPowerUp GPU-Z.lnk 2014-12-20 08:41 - 2014-12-20 08:41 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z 2014-12-20 08:41 - 2014-12-20 08:41 - 00000000 ____D () C:\Program Files (x86)\GPU-Z 2014-12-20 08:40 - 2014-12-20 08:40 - 01577464 _____ ( ) C:\Users\Admin\Downloads\cpu-z_1.71.1-setup-en.exe 2014-12-20 08:09 - 2014-12-20 08:09 - 00001098 _____ () C:\Users\Admin\Desktop\MSI Afterburner.lnk 2014-12-20 08:08 - 2014-12-20 08:08 - 00000000 ____D () C:\Users\Admin\Downloads\MSIAfterburnerSetup400 ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-19 15:55 - 2013-11-03 10:49 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-19 15:55 - 2013-06-04 07:27 - 00000000 __RDO () C:\Users\Admin\SkyDrive 2015-01-19 15:54 - 2014-11-28 10:25 - 32800589 _____ () C:\Simraceway.log 2015-01-19 15:54 - 2013-11-03 10:49 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-19 15:54 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-01-19 15:54 - 2013-08-22 14:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI 2015-01-19 15:24 - 2013-11-03 16:46 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-01-19 15:09 - 2014-09-28 09:25 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Raptr 2015-01-19 15:09 - 2013-11-03 07:37 - 00000000 ____D () C:\Fraps 2015-01-19 15:09 - 2013-08-04 19:03 - 00000000 ____D () C:\ProgramData\Origin 2015-01-19 14:52 - 2013-09-30 05:14 - 01780344 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-01-19 14:52 - 2013-09-30 04:58 - 00766800 _____ () C:\WINDOWS\system32\perfh007.dat 2015-01-19 14:52 - 2013-09-30 04:58 - 00160082 _____ () C:\WINDOWS\system32\perfc007.dat 2015-01-19 14:44 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-01-19 09:46 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-01-19 06:58 - 2013-06-04 18:18 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps 2015-01-19 06:18 - 2013-12-28 10:24 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2015-01-18 11:16 - 2014-04-13 18:20 - 00000000 ____D () C:\Users\Admin\Documents\Garmin 2015-01-18 11:16 - 2014-04-13 18:19 - 00000000 ____D () C:\Program Files (x86)\Garmin 2015-01-18 11:16 - 2014-04-13 18:16 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Garmin 2015-01-18 11:16 - 2014-04-13 18:16 - 00000000 ____D () C:\Users\Admin\AppData\Local\Garmin 2015-01-18 11:16 - 2014-04-13 18:16 - 00000000 ____D () C:\ProgramData\Garmin 2015-01-18 11:16 - 2013-10-04 13:33 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-18 11:06 - 2014-11-15 10:45 - 00000000 ____D () C:\ProgramData\eMule 2015-01-18 10:56 - 2013-06-03 18:28 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-18 10:46 - 2013-10-23 15:32 - 00000000 ____D () C:\Users\Admin 2015-01-18 10:33 - 2014-10-21 11:59 - 00000000 ____D () C:\ProgramData\Netzmanager 2015-01-18 10:33 - 2014-10-20 16:39 - 00000000 ____D () C:\Users\Mcx1-ONEPC 2015-01-18 10:32 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration 2015-01-18 09:03 - 2014-08-03 04:32 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\StormFall 2015-01-18 08:45 - 2013-06-03 18:27 - 00000000 ____D () C:\WINDOWS\tmpdrv 2015-01-18 08:38 - 2014-04-13 13:41 - 00000132 _____ () C:\Users\Admin\AppData\Local\killertool.log 2015-01-18 07:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-01-18 07:19 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2015-01-17 09:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\IME 2015-01-17 09:20 - 2014-08-26 16:37 - 00000000 ____D () C:\Users\Admin\Desktop\Neues Verzeichnis 2015-01-17 08:39 - 2013-06-20 18:11 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TeamViewer 2015-01-15 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-01-15 06:09 - 2014-01-17 15:30 - 00000000 ____D () C:\WINDOWS\Minidump 2015-01-14 19:23 - 2013-06-27 19:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TS3Client 2015-01-14 10:34 - 2013-07-12 17:28 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-01-14 10:31 - 2013-06-03 19:18 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-01-13 21:46 - 2013-06-04 07:07 - 00000000 ____D () C:\ProgramData\Lexware 2015-01-13 19:24 - 2013-11-03 16:46 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-01-13 18:25 - 2014-02-11 16:50 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\apsec 2015-01-13 08:17 - 2014-08-19 15:45 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe 2015-01-13 07:07 - 2014-12-02 10:55 - 00000000 ____D () C:\Users\Admin\Documents\The Crew 2015-01-13 07:07 - 2014-03-01 12:42 - 00000000 ____D () C:\Users\Admin\Documents\DayZ 2015-01-13 07:07 - 2013-09-26 18:04 - 00000000 ____D () C:\Users\Admin\Documents\Arma 3 2015-01-12 20:56 - 2013-06-03 18:14 - 00000000 ____D () C:\Users\Admin\AppData\Local\Packages 2015-01-10 16:31 - 2013-06-27 08:14 - 00000000 ____D () C:\Users\Admin\Documents\Outlook-Dateien 2015-01-07 08:35 - 2014-06-03 10:45 - 01291280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll 2015-01-07 08:35 - 2014-04-08 20:01 - 02210224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll 2015-01-07 08:34 - 2014-06-03 10:45 - 01715408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll 2015-01-07 08:34 - 2014-04-08 20:01 - 02824504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll 2015-01-06 01:08 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-01-06 01:08 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-05 14:39 - 2014-12-17 22:00 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV 2015-01-05 14:39 - 2014-12-17 22:00 - 00000000 ____D () C:\WINDOWS\system32\NV 2015-01-05 14:39 - 2013-08-22 15:44 - 00500104 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-01-05 14:34 - 2013-08-04 19:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Origin 2015-01-03 08:38 - 2014-12-19 13:00 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc 2015-01-03 08:22 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries 2014-12-31 12:14 - 2013-06-03 19:24 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2014-12-31 11:31 - 2013-11-30 13:20 - 00000000 ____D () C:\Users\Admin\Documents\SimCity 2014-12-28 11:52 - 2013-06-04 16:16 - 00000000 ____D () C:\Users\Admin\Documents\my games 2014-12-28 09:27 - 2013-08-26 18:03 - 00000000 ____D () C:\Users\Admin\Documents\4A Games 2014-12-27 21:21 - 2013-06-05 20:49 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-12-25 10:02 - 2014-10-05 11:21 - 00007602 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg 2014-12-25 09:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\schemas 2014-12-25 07:33 - 2013-07-07 18:47 - 00000000 ____D () C:\Users\Admin\AppData\Local\4A Games 2014-12-23 20:23 - 2014-04-21 10:25 - 00000000 ____D () C:\Users\Admin\Downloads\recuva 8gb stick 2014-12-23 06:55 - 2013-09-12 07:56 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-12-22 12:49 - 2014-11-12 10:36 - 27590656 _____ () C:\WINDOWS\system32\vmguest.iso 2014-12-22 12:18 - 2013-11-17 08:59 - 00015512 _____ () C:\Users\Admin\Downloads\hijackthis.log 2014-12-22 12:15 - 2013-11-17 09:04 - 00000000 ____D () C:\Users\Admin\Downloads\backups 2014-12-21 08:24 - 2013-06-22 13:07 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\.rFactor 2014-12-21 08:03 - 2013-06-20 18:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rFactor 2 2014-12-20 19:56 - 2014-12-02 10:55 - 00000000 ____D () C:\Users\Admin\Documents\ProfileCache 2014-12-20 18:31 - 2014-08-26 16:52 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server 2014-12-20 11:57 - 2013-08-25 15:25 - 00000000 ____D () C:\Users\Admin\Documents\3DMark 2014-12-20 08:40 - 2014-07-15 15:20 - 00000845 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk 2014-12-20 08:09 - 2013-11-03 07:59 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx 2014-12-20 08:09 - 2013-11-03 07:59 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner 2014-12-20 08:09 - 2013-11-03 07:59 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner 2014-12-20 06:40 - 2014-12-15 22:52 - 00000000 ____D () C:\Users\Admin\Documents\Assetto Corsa ==================== Files in the root of some directories ======= 2014-07-05 19:34 - 2014-07-06 05:11 - 0000154 _____ () C:\Users\Admin\AppData\Roaming\Rim.Desktop.Exception.log 2014-07-05 19:34 - 2014-11-28 10:20 - 0001937 _____ () C:\Users\Admin\AppData\Roaming\Rim.Desktop.HttpServerSetup.log 2014-07-05 19:34 - 2014-07-06 05:11 - 0000154 _____ () C:\Users\Admin\AppData\Roaming\Rim.DesktopHelper.Exception.log 2014-04-13 13:44 - 2014-10-23 09:10 - 0000000 _____ () C:\Users\Admin\AppData\Local\BluetoothPresent.flag 2014-04-13 13:44 - 2014-10-23 09:10 - 0000000 _____ () C:\Users\Admin\AppData\Local\Driver_Jupiter_01Present.flag 2014-04-13 13:44 - 2014-10-23 09:10 - 0000000 _____ () C:\Users\Admin\AppData\Local\Driver_LOM_8161Present.flag 2014-11-09 07:59 - 2014-11-09 08:00 - 0318088 _____ () C:\Users\Admin\AppData\Local\HDGraph.log 2014-04-13 13:41 - 2015-01-18 08:38 - 0000132 _____ () C:\Users\Admin\AppData\Local\killertool.log 2014-01-04 17:12 - 2014-11-10 16:33 - 0000600 _____ () C:\Users\Admin\AppData\Local\PUTTY.RND 2014-10-05 11:21 - 2014-12-25 10:02 - 0007602 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg 2013-09-09 14:29 - 2013-09-09 14:29 - 0000057 _____ () C:\ProgramData\Ament.ini Some content of TEMP: ==================== C:\Users\Admin\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe C:\Users\Admin\AppData\Local\Temp\Quarantine.exe C:\Users\Admin\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-18 15:22 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2015 Ran by Admin at 2015-01-19 15:57:57 Running from C:\Users\Admin\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) CAT 3 - West - v4.0 (HKLM-x32\...\{D3D02004-0977-4BB1-8FE8-8BC4230DCEEC}}_is1) (Version: - Eutechnyx, Ltd) 3DMark (HKLM-x32\...\{7330098c-3669-4f39-9e82-4221d489db39}) (Version: 1.4.828.0 - Futuremark) 3DMark (Version: 1.4.828.0 - Futuremark) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.) Adobe Connect 9 Add-in (HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Adobe Connect 9 Add-in) (Version: 11,9,959,0 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden Alan Wake (HKLM-x32\...\Steam App 108710) (Version: - Remedy Entertainment) Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive) Assetto Corsa - Technology Preview Version 0.9.9 (HKLM-x32\...\{29826B4C-ADEF-4729-90D7-5011FD1C2B5E}_is1) (Version: 0.9.9 - Kunos Simulazioni) Assetto Corsa (HKLM-x32\...\Steam App 244210) (Version: - Kunos Simulazioni) Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB) Call of Duty: Advanced Warfare (HKLM-x32\...\Steam App 209650) (Version: - Sledgehammer Games) Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version: - ) Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version: - Treyarch) Call of Duty: Ghosts - Multiplayer (HKLM-x32\...\Steam App 209170) (Version: - ) Call of Juarez Gunslinger (HKLM-x32\...\Steam App 204450) (Version: - Techland) CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform) Cogs (HKLM-x32\...\Steam App 26500) (Version: - Lazy 8 Studios) Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version: - Relic Entertainment) CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts) dakota.ag (HKLM-x32\...\dakota.ag) (Version: 6.0.30 - ITSG GmbH) dakota.ag (x32 Version: 6.0.30 - ITSG GmbH) Hidden DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive) DGS-1500-28 (HKLM-x32\...\{A0EBA397-F8F2-43A8-BF90-BFB06720EFB4}) (Version: 1.0.0.7 - D-Link) D-Link SmartConsole Utility (HKLM-x32\...\InstallShield_{4FCE40BB-5BD6-43C9-8DAD-5B0551D8DF0C}) (Version: 3.00.10 - D-Link) D-Link SmartConsole Utility (x32 Version: 3.00.10 - D-Link) Hidden Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) Emergency Download Driver (HKLM-x32\...\{9ED72246-E35D-4B03-8369-605E82465A29}) (Version: 1.1.5.1416 - Nokia) Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.04 - Ubisoft) Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version: - Ubisoft) FileViewPro (HKLM\...\{29938C06-6962-4C27-A94C-25E4F424A665}_is1) (Version: 1.5 - Solvusoft Corporation) FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse) FOSCAM Client (HKLM-x32\...\{9F9CDA0B-2291-4061-85C4-441A75BE6713}) (Version: 1.4.13 - FOSCAM) Fraps (HKLM-x32\...\Fraps) (Version: - ) Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.) Free YouTube Download version 3.2.49.1122 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1122 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.39.604 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.39.604 - DVDVideoSoft Ltd.) FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version: Preview - Marek Jasinski) Fuse Drivers x64 (HKLM-x32\...\{06904B2B-5000-4C58-9471-256BA1A303BE}) (Version: 11.34.1 - Nokia) Futuremark SystemInfo (HKLM-x32\...\{2FE4C157-30AD-47F3-9D93-D9A2AFF25D3F}) (Version: 4.33.485.0 - Futuremark) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden GRID Autosport (HKLM-x32\...\Steam App 255220) (Version: - Codemasters Racing) Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve) HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.) HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP) HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard) HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation) Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel) IPCamSetup (HKLM-x32\...\{02C39DE9-B03A-4FE7-89F9-61E224FE65CC}) (Version: 1.00.0000 - FOSCAM) IPCWebComponents 3.1.0.5 (HKLM-x32\...\{4740E1B2-51CF-4083-8976-D6B3B5A5064F}_is1) (Version: 3.1.0.5 - ) iRacing.com Race Simulation (HKLM-x32\...\{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}) (Version: 1.01.0485 - iRacing.com Motorsport Simulations) iSpy (HKLM-x32\...\{067B0B45-5718-4AF1-AAAB-A8D0894183A0}) (Version: 5.6.8 - iSpy) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) Lexware Elster (HKLM-x32\...\{CEF3D480-E4A5-4962-BCF5-D72F355B4E98}) (Version: 14.02.00.0015 - Haufe-Lexware GmbH & Co.KG) Lexware financial office 2014 (x32 Version: 18.51.00.0199 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware financial office plus 2014 (HKLM-x32\...\{cceb5f5e-fa2f-4632-aa50-1dffce083c79}) (Version: 18.0.0.98 - Haufe-Lexware GmbH & Co.KG) Lexware Info Service (HKLM-x32\...\{C5F9841A-CE4B-4D57-AB97-D7A82910E1F6}) (Version: 4.51.00.0091 - Haufe-Lexware GmbH & Co.KG) Lexware Installations Dienst (HKLM-x32\...\{1071B240-540B-420C-A40F-EF0AF5CD4892}) (Version: 3.51.00.0022 - Haufe-Lexware GmbH & Co.KG) Lexware online banking (HKLM-x32\...\{7F603892-89C9-4EC4-9236-7AD4A798EA41}) (Version: 21.00.00.0039 - Haufe-Lexware GmbH & Co.KG) Lexware PDF-Export 5 (x32 Version: 5.00.00.0005 - Haufe-Lexware GmbH & Co.KG) Hidden LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere) Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.) Macrium Reflect Free Edition (Version: 5.3.7086 - Paramount Software (UK) Ltd.) Hidden Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Metro 2033 Redux (HKLM-x32\...\Steam App 286690) (Version: - 4A GAMES) Metro: Last Light Redux (HKLM-x32\...\Steam App 287390) (Version: - 4A Games) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0407-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla) Mozilla Thunderbird 17.0.6 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 17.0.6 (x86 de)) (Version: 17.0.6 - Mozilla) Mozilla Thunderbird 24.0.1 (x86 de) (HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Mozilla Thunderbird 24.0.1 (x86 de)) (Version: 24.0.1 - Mozilla) MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD) MSI Kombustor 2.5.0 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version: - MSI Co., LTD) Need for Speed™ Rivals (HKLM-x32\...\{E0A32336-AA27-4053-99B2-C3380B7B95AC}) (Version: 1.4.0.0 - Electronic Arts) Nero 9 Lite (HKLM-x32\...\{f50f5bef-c397-4ef8-a24c-4d151e4c22ec}) (Version: - Nero AG) Nero Burning ROM 2014 (HKLM-x32\...\{A4DC74AA-F4DF-48B9-AA4B-C30CA0DBCA33}) (Version: 15.0.04600 - Nero AG) Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG) Netzmanager (HKLM-x32\...\Netzmanager) (Version: 1.081 - Deutsche Telekom AG) Netzmanager (Version: 1.081 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden Next Car Game Sneak Peek 2.0 (HKLM-x32\...\Steam App 272860) (Version: - Bugbear) Next Car Game: Wreckfest (HKLM-x32\...\Steam App 228380) (Version: - Bugbear) Nokia Software Recovery Tool (HKLM-x32\...\{637CB9CC-5F9E-40C1-ACF2-979733241E3E}) (Version: 1.4.3 - Nokia) NVIDIA GeForce Experience 2.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.1 - NVIDIA Corporation) NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.) PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PeerGuardian 2.0 (HKLM-x32\...\PeerGuardian_is1) (Version: 2.0.6.4 - Methlabs Productions) Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden Puddle (HKLM-x32\...\Steam App 222140) (Version: - Neko Entertainment) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.47.1374 - Qualcomm Atheros) Hidden Qualcomm Atheros Killer E220x Drivers (Version: 1.1.47.1374 - Qualcomm Atheros) Hidden Qualcomm Atheros Killer Performance Suite (HKLM-x32\...\{D675B346-8CDB-4C8E-804E-17FC9F62CEA5}) (Version: 1.1.47.1374 - Qualcomm Atheros) Qualcomm Atheros Killer Wireless-N Drivers (Version: 1.1.47.1374 - Qualcomm Atheros) Hidden Qualcomm Atheros Network Manager (Version: 1.1.47.1374 - Qualcomm Atheros) Hidden RACE 07 (HKLM-x32\...\Steam App 8600) (Version: - SimBin) Race Injection (HKLM-x32\...\Steam App 44680) (Version: - SimBin Studios AB) RaceRoom Racing Experience (HKLM-x32\...\Steam App 211500) (Version: - SimBin Studios AB) RaceRoom Racing Experience Launcher (HKLM-x32\...\{1FD9F07F-7BBF-4C91-B3F0-A23714A3A913}_is1) (Version: 1.0 - SimBin) Raptr (HKLM-x32\...\Raptr) (Version: - ) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) rFactor2 (HKLM-x32\...\rFactor2) (Version: - ) RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder) Roadkil's Unstoppable Copier Version 5.2 (HKLM-x32\...\{A306FD29-7D3A-4287-91AC-9A0180931395}_is1) (Version: - Roadkil.Net) SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.18.14 - NVIDIA Corporation) Hidden SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts) SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts) Simraceway 28.92 (HKLM-x32\...\Simraceway) (Version: 28.92 - Simraceway) SSWebPlugin (HKLM-x32\...\{8E545090-944A-4AAE-8B20-23DF1786F17D}) (Version: 1.0.0.39 - Synology) Starbound (HKLM-x32\...\Steam App 211820) (Version: - ) Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{B9824225-2055-4700-BCD4-64B25EC88264}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) SurveillanceHelper (HKLM-x32\...\{E8236305-76A1-4AE2-A35C-2498D6876912}) (Version: 1.0.0.3 - Synology) SurveillancePlugin (HKLM-x32\...\{B4637DBD-7E8E-46D4-BC9C-EC1C9F1DC561}) (Version: 1.0.0.423 - Synology) sv.net (HKLM-x32\...\sv.net) (Version: 14.1 - ITSG GmbH) System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer) TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp) The Bureau: XCOM Declassified (HKLM-x32\...\Steam App 65930) (Version: - 2K Marin) The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version: - Ubisoft) The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios) The Evil Within Demo (HKLM-x32\...\Steam App 329960) (Version: - Tango Gameworks) The Great War 1918 (HKLM-x32\...\Steam App 314420) (Version: - Relic Entertainment) Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH) Transformers: Fall of Cybertron (HKLM-x32\...\Steam App 213120) (Version: - Mercenary Technologies) TRANSFORMERS: Rise of the Dark Spark (HKLM-x32\...\Steam App 245760) (Version: - Edge of Reality) TreeSize Free V3.2.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.2.1 - JAM Software) TrojanHunter 5.6 (HKLM-x32\...\TrojanHunter_is1) (Version: 5.6 - Bytelayer AB) UltraISO Premium V9.6 (HKLM-x32\...\UltraISO_is1) (Version: - ) Unity Web Player (HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Uplay (HKLM-x32\...\Uplay) (Version: 4.5 - Ubisoft) USB Serial Port Driver (HKLM-x32\...\{281A7FBF-9E98-4639-AC73-D205BBF979AA}) (Version: 1.1.4.1416 - Nokia) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) War Thunder (HKLM-x32\...\Steam App 236390) (Version: - Gaijin Entertainment) Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version: - Ubisoft) Windows Phone app for desktop (HKLM-x32\...\{19773614-FC22-4ACC-AAA3-E6BDA81ACF92}) (Version: 1.1.2726.0 - Microsoft Corporation) Windows Phone app for desktop (HKLM-x32\...\{9C4D79B6-238E-49D8-AEBC-26384EBDE6B3}) (Version: 1.0.1720.1 - Microsoft Corporation) Windows-Treiberpaket - Lexmark International Printer (07/06/2012 2.1.5.0) (HKLM\...\BF11496524DAA0EE0B3DE7C870A7D17BC97C0B14) (Version: 07/06/2012 2.1.5.0 - Lexmark International) WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) WinToUSB version 1.4 (HKLM-x32\...\WinToUSB_is1) (Version: 1.4 - The EasyUEFI Development Team.) WinUsb CoInstallers (HKLM-x32\...\{B7D4B08A-9D89-4369-B51C-92CF8C03D2F8}) (Version: 1.1.8.1406 - Nokia) WinUSB Compatible ID Drivers (HKLM-x32\...\{C97989C1-551F-4F41-A069-2A49567FD36B}) (Version: 1.1.6.1416 - Nokia) WinUSB Drivers ext (HKLM-x32\...\{0ED6AC75-474D-4511-B198-05B8C99F6B8B}) (Version: 1.1.7.1416 - Nokia) Wolfenstein: The New Order German Edition (HKLM-x32\...\Steam App 288570) (Version: - MachineGames) WRC 4 FIA WORLD RALLY CHAMPIONSHIP (HKLM-x32\...\Steam App 256330) (Version: - Milestone S.r.l.) X-Motor Racing Demo (HKLM-x32\...\X-Motor Racing Demo_is1) (Version: - Exotypos) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2819443126-392552937-1277417864-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-2819443126-392552937-1277417864-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 12-01-2015 18:14:24 Geplanter Prüfpunkt 15-01-2015 05:51:28 Prüfpunkt von HitmanPro 18-01-2015 06:52:26 Revo Uninstaller's restore point - StormFall 18-01-2015 08:43:29 Wiederherstellungsvorgang 18-01-2015 10:16:34 18012015 vor adware benutzung 18-01-2015 10:31:28 Wiederherstellungsvorgang 18-01-2015 11:50:21 voradwareanchorundhotspot 19-01-2015 14:37:35 Windows Modules Installer ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0AA1F179-FA10-46AF-9EAF-C6933A770D59} - \Seagate_Install_Launch No Task File <==== ATTENTION Task: {1887A53C-F03A-4C3F-8FEC-01CA1DB6EA08} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ONEPC-Admin OnePC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation) Task: {19395FDD-F5F0-447C-A834-FC9D8D1674EE} - \HPCustParticipation HP Officejet Pro 8600 No Task File <==== ATTENTION Task: {203982B8-C446-4F4F-8EF0-0BF4BC3A8952} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation) Task: {287F3197-7998-470F-B04D-6E2A296FABCB} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION Task: {3036B396-15F3-4430-98A9-337AB8481398} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION Task: {338EF201-1E25-40B3-98AE-3CFE691E881A} - \Microsoft_MKC_Logon_Task_itype.exe No Task File <==== ATTENTION Task: {3AA151C0-7079-4BD8-89B0-609D22DCA726} - \Microsoft_Hardware_Launch_mousekeyboardcenter_exe No Task File <==== ATTENTION Task: {41EED3EA-2A03-4192-87D2-5C3782189C28} - \User_Feed_Synchronization-{DF772C42-9DA6-4A07-A576-E2DAD94F2096} No Task File <==== ATTENTION Task: {51474427-D684-45F5-8DB5-C0732E75E7CA} - \{26CC40C6-7AF6-4A6A-B384-369B1AFDBE66} No Task File <==== ATTENTION Task: {57F7813B-623C-48B4-A6C2-525117AC3F7C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {619D129F-4304-4C73-A121-6730E9FA3027} - \CreateChoiceProcessTask No Task File <==== ATTENTION Task: {7015B8D7-DDB2-4A32-8E32-10F221DF0882} - \Microsoft_Hardware_Launch_itype_exe No Task File <==== ATTENTION Task: {796504CA-79C5-458A-9541-3173FACB30C1} - \Core Temp Autostart Admin No Task File <==== ATTENTION Task: {7B229291-634C-4B5B-8CA2-0FF9C5D4E72C} - \Microsoft_Hardware_Launch_ipoint_exe No Task File <==== ATTENTION Task: {88FA4920-C21E-4BB0-ACB3-1E00E1C234E1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation) Task: {A669484B-2B77-435D-A374-7A47988CF89F} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2819443126-392552937-1277417864-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe Task: {B86FCF37-6A96-4790-8328-5F8CC3E35BAB} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG) Task: {BA578D76-4613-45AB-8355-C0E4E3AA2CBC} - \MSIAfterburner No Task File <==== ATTENTION Task: {C5050D0C-D39A-4B60-92FD-B5AA00AE652F} - \Microsoft_MKC_Logon_Task_ipoint.exe No Task File <==== ATTENTION Task: {DC360E21-3D9B-4D74-95B7-03FF62E69138} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation) Task: {E30E0525-FD4D-468D-B8B6-3BD9F61056C3} - \HP AR Program Upload - c8ac4278ca3949a487036fae545744fe5052aa724f0240da89d05ea85040bf29 No Task File <==== ATTENTION Task: {E551B41C-005D-431F-9533-76BFA25BCAC2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd) Task: {F8BAAB94-6F81-4DEF-BE85-6B3592734D8B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated) Task: {FA3CDBEE-0CC7-4B6A-9DA9-4D2154F03A36} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-ONEPC => C:\Windows\ehome\McxTask.exe [2013-09-30] (Microsoft Corporation) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-04-08 20:01 - 2014-12-13 09:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-06-20 18:09 - 2014-12-15 11:45 - 00020240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll 2014-06-26 14:04 - 2014-06-26 14:04 - 00100984 _____ () C:\Program Files (x86)\Common Files\Nokia\ADUService\ADUService.exe 2014-03-22 09:08 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2010-10-19 08:31 - 2010-10-19 08:31 - 00205312 _____ () C:\Program Files\Netzmanager\NMInfraIS2\driver64\SoftplugLib.DLL 2013-08-10 21:00 - 2014-06-13 14:17 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe 2013-07-11 22:04 - 2013-07-11 22:04 - 01630720 _____ () C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe 2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2014-09-19 14:48 - 2014-09-19 14:48 - 00330240 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe 2014-11-22 01:03 - 2014-11-22 01:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2013-07-11 22:03 - 2013-07-11 22:03 - 00252832 _____ () C:\Program Files (x86)\SimracewayUpdater\PATCHW32.dll 2014-12-19 09:41 - 2014-12-19 09:41 - 01007104 _____ () D:\Program Files (x86)\Origin\platforms\qwindows.dll 2014-12-19 09:40 - 2014-12-19 09:40 - 00023552 _____ () D:\Program Files (x86)\Origin\imageformats\qgif.dll 2014-12-19 09:40 - 2014-12-19 09:40 - 00024576 _____ () D:\Program Files (x86)\Origin\imageformats\qico.dll 2014-12-19 09:40 - 2014-12-19 09:40 - 00216576 _____ () D:\Program Files (x86)\Origin\imageformats\qjpeg.dll 2014-12-19 09:40 - 2014-12-19 09:40 - 00261120 _____ () D:\Program Files (x86)\Origin\imageformats\qmng.dll 2014-12-19 09:40 - 2014-12-19 09:40 - 00019456 _____ () D:\Program Files (x86)\Origin\imageformats\qtga.dll 2014-12-19 09:40 - 2014-12-19 09:40 - 00337408 _____ () D:\Program Files (x86)\Origin\imageformats\qtiff.dll 2014-12-19 09:40 - 2014-12-19 09:40 - 00018944 _____ () D:\Program Files (x86)\Origin\imageformats\qwbmp.dll 2013-09-26 11:20 - 2013-09-26 11:20 - 00176168 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll 2013-09-26 11:20 - 2013-09-26 11:20 - 00043048 _____ () C:\Program Files (x86)\Lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll 2010-11-22 23:56 - 2010-11-22 23:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd 2014-05-14 00:26 - 2014-05-14 00:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd 2014-05-14 00:26 - 2014-05-14 00:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd 2014-05-14 00:26 - 2014-05-14 00:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd 2014-05-14 00:26 - 2014-05-14 00:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd 2010-11-22 23:57 - 2010-11-22 23:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll 2010-11-22 23:56 - 2010-11-22 23:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd 2010-11-22 23:57 - 2010-11-22 23:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd 2010-11-22 23:57 - 2010-11-22 23:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd 2011-02-15 19:17 - 2011-02-15 19:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll 2010-11-22 23:57 - 2010-11-22 23:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd 2014-05-14 00:26 - 2014-05-14 00:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd 2010-11-22 23:56 - 2010-11-22 23:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll 2010-11-22 23:57 - 2010-11-22 23:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd 2014-08-14 01:37 - 2014-08-14 01:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll 2014-08-14 01:37 - 2014-08-14 01:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll 2010-11-22 23:56 - 2010-11-22 23:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd 2010-11-22 23:57 - 2010-11-22 23:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd 2014-06-18 01:56 - 2014-06-18 01:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd 2011-02-15 19:17 - 2011-02-15 19:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll 2010-11-23 00:06 - 2010-11-23 00:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll 2013-05-10 00:52 - 2013-05-10 00:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll 2013-05-10 00:52 - 2013-05-10 00:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll 2013-05-10 00:52 - 2013-05-10 00:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll 2013-05-03 19:56 - 2013-05-03 19:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll 2013-05-03 19:56 - 2013-05-03 19:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll 2013-05-03 19:56 - 2013-05-03 19:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll 2013-05-03 19:57 - 2013-05-03 19:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll 2015-01-15 15:06 - 2015-01-15 15:06 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\c89a3da49bf7bd161745f4228277ea00\PSIClient.ni.dll 2013-06-03 18:28 - 2012-07-18 04:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Admin\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "SRW Download Manager.lnk" HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service" HKLM\...\StartupApproved\Run32: => "IAStorIcon" HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor" HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe" HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray" HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\StartupFolder: => "Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk" HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk" HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\StartupFolder: => "Tintenwarnungen überwachen - .lnk" HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\Run: => "GarminExpressTrayApp" HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\Run: => "Uploader" HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\StartupApproved\Run: => "Prime95" ========================= Accounts: ========================== Admin (S-1-5-21-2819443126-392552937-1277417864-1001 - Administrator - Enabled) => C:\Users\Admin Administrator (S-1-5-21-2819443126-392552937-1277417864-500 - Administrator - Disabled) fbwuser2B82 (S-1-5-21-2819443126-392552937-1277417864-1007 - Limited - Enabled) fbwuser6E92 (S-1-5-21-2819443126-392552937-1277417864-1008 - Limited - Enabled) fbwuserADE8 (S-1-5-21-2819443126-392552937-1277417864-1005 - Limited - Enabled) fbwuserB171 (S-1-5-21-2819443126-392552937-1277417864-1006 - Limited - Enabled) fbwuserB705 (S-1-5-21-2819443126-392552937-1277417864-1010 - Limited - Enabled) fbwuserF7BE (S-1-5-21-2819443126-392552937-1277417864-1009 - Limited - Enabled) Gast (S-1-5-21-2819443126-392552937-1277417864-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2819443126-392552937-1277417864-1012 - Limited - Enabled) Mcx1-ONEPC (S-1-5-21-2819443126-392552937-1277417864-1004 - Limited - Enabled) => C:\Users\Mcx1-ONEPC ==================== Faulty Device Manager Devices ============= Name: Microsoft Bluetooth-Auflistung Description: Microsoft Bluetooth-Auflistung Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Microsoft Service: BthEnum Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (01/19/2015 02:29:16 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest. Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest. Error: (01/19/2015 09:45:25 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ONEPC) Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927151. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (01/19/2015 09:45:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ONEPC) Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927151. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. System errors: ============= Error: (01/19/2015 03:54:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Micro Star SCM" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (01/19/2015 02:45:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Micro Star SCM" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (01/19/2015 02:44:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: %%1062 Error: (01/19/2015 02:38:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Micro Star SCM" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (01/19/2015 02:28:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Micro Star SCM" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (01/19/2015 02:21:49 PM) (Source: BTHUSB) (EventID: 17) (User: ) Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error: (01/19/2015 11:45:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Micro Star SCM" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (01/19/2015 11:44:49 AM) (Source: DCOM) (EventID: 10010) (User: ONEPC) Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9} Error: (01/19/2015 11:44:49 AM) (Source: DCOM) (EventID: 10010) (User: ONEPC) Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9} Error: (01/19/2015 11:16:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Micro Star SCM" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Microsoft Office Sessions: ========================= Error: (01/19/2015 02:29:16 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\Users\Admin\Downloads\esetsmartinstaller_deu(3).exe Error: (01/19/2015 09:45:25 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ONEPC) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927151 Error: (01/19/2015 09:45:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ONEPC) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927151 CodeIntegrity Errors: =================================== Date: 2015-01-19 15:57:19.901 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. Date: 2015-01-19 15:57:05.614 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. Date: 2015-01-19 15:55:08.273 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements. Date: 2015-01-19 15:55:07.429 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. Date: 2015-01-19 15:55:04.520 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\NisSrv.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-01-19 15:55:03.442 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-01-19 15:51:38.668 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. Date: 2015-01-19 15:19:19.513 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\hmpalert.dll that did not meet the Windows signing level requirements. Date: 2015-01-19 15:11:12.538 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. Date: 2015-01-19 14:47:36.018 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz Percentage of memory in use: 14% Total physical RAM: 16276.89 MB Available physical RAM: 13948.19 MB Total Pagefile: 32660.89 MB Available Pagefile: 29839.08 MB Total Virtual: 131072 MB Available Virtual: 131071.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:446.79 GB) (Free:146.53 GB) NTFS Drive d: (Volume) (Fixed) (Total:931.39 GB) (Free:217.57 GB) NTFS Drive g: () (Removable) (Total:3.63 GB) (Free:1.94 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 447.1 GB) (Disk ID: 003DE352) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=446.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: 000ABBCC) Partition: GPT Partition Type. ======================================================== Disk: 2 (Size: 3.6 GB) (Disk ID: 1CB9B741) Partition 1: (Not Active) - (Size=3.6 GB) - (Type=0B) ==================== End Of Log ============================ Code:
ATTFilter # AdwCleaner v4.108 - Bericht erstellt am 19/01/2015 um 15:54:25 # Aktualisiert 17/01/2015 von Xplode # Database : 2015-01-18.1 [Live] # Betriebssystem : Windows 8.1 Pro with Media Center (64 bits) # Benutzername : Admin - ONEPC # Gestartet von : C:\Users\Admin\Downloads\AdwCleaner_4.108(1).exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Datei Gelöscht : C:\WINDOWS\System32\drivers\taphss6.sys Datei Gelöscht : C:\WINDOWS\System32\drivers\hssdrv6.sys ***** [ Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Mozilla Firefox v35.0 (x86 de) ************************* AdwCleaner[R0].txt - [3862 octets] - [17/01/2015 13:14:26] AdwCleaner[R1].txt - [7617 octets] - [18/01/2015 07:05:51] AdwCleaner[R2].txt - [2151 octets] - [18/01/2015 10:14:13] AdwCleaner[R3].txt - [2115 octets] - [18/01/2015 11:30:26] AdwCleaner[R4].txt - [1913 octets] - [18/01/2015 12:38:12] AdwCleaner[R5].txt - [1313 octets] - [18/01/2015 14:53:01] AdwCleaner[R6].txt - [1316 octets] - [19/01/2015 15:51:41] AdwCleaner[R7].txt - [1434 octets] - [19/01/2015 15:53:22] AdwCleaner[S0].txt - [7707 octets] - [18/01/2015 07:06:43] AdwCleaner[S1].txt - [1828 octets] - [18/01/2015 12:40:30] AdwCleaner[S2].txt - [1355 octets] - [19/01/2015 15:54:25] ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1415 octets] ########## |
19.01.2015, 19:43 | #14 |
/// the machine /// TB-Ausbilder | nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Task: {0AA1F179-FA10-46AF-9EAF-C6933A770D59} - \Seagate_Install_Launch No Task File <==== ATTENTION Task: {19395FDD-F5F0-447C-A834-FC9D8D1674EE} - \HPCustParticipation HP Officejet Pro 8600 No Task File <==== ATTENTION Task: {287F3197-7998-470F-B04D-6E2A296FABCB} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION Task: {3036B396-15F3-4430-98A9-337AB8481398} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION Task: {338EF201-1E25-40B3-98AE-3CFE691E881A} - \Microsoft_MKC_Logon_Task_itype.exe No Task File <==== ATTENTION Task: {3AA151C0-7079-4BD8-89B0-609D22DCA726} - \Microsoft_Hardware_Launch_mousekeyboardcenter_exe No Task File <==== ATTENTION Task: {41EED3EA-2A03-4192-87D2-5C3782189C28} - \User_Feed_Synchronization-{DF772C42-9DA6-4A07-A576-E2DAD94F2096} No Task File <==== ATTENTION Task: {51474427-D684-45F5-8DB5-C0732E75E7CA} - \{26CC40C6-7AF6-4A6A-B384-369B1AFDBE66} No Task File <==== ATTENTION Task: {619D129F-4304-4C73-A121-6730E9FA3027} - \CreateChoiceProcessTask No Task File <==== ATTENTION Task: {7015B8D7-DDB2-4A32-8E32-10F221DF0882} - \Microsoft_Hardware_Launch_itype_exe No Task File <==== ATTENTION Task: {796504CA-79C5-458A-9541-3173FACB30C1} - \Core Temp Autostart Admin No Task File <==== ATTENTION Task: {7B229291-634C-4B5B-8CA2-0FF9C5D4E72C} - \Microsoft_Hardware_Launch_ipoint_exe No Task File <==== ATTENTION Task: {BA578D76-4613-45AB-8355-C0E4E3AA2CBC} - \MSIAfterburner No Task File <==== ATTENTION Task: {C5050D0C-D39A-4B60-92FD-B5AA00AE652F} - \Microsoft_MKC_Logon_Task_ipoint.exe No Task File <==== ATTENTION Task: {E30E0525-FD4D-468D-B8B6-3BD9F61056C3} - \HP AR Program Upload - c8ac4278ca3949a487036fae545744fe5052aa724f0240da89d05ea85040bf29 No Task File <==== ATTENTION HKU\S-1-5-21-2819443126-392552937-1277417864-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = cmd: ipconfig /flushdns cmd: netsh winsock reset cmd: ipconfig /renew Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
20.01.2015, 16:08 | #15 |
| nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v Internet geht wieder ABER.... nicht nach diesem Lauf sondern ich hab im WLAN Adapter den Client von anchor entfernt also den hotspotshield und dann noch mal alle clients etc raus und alles neu rein und schwupp bin ich wieder online... ich vermute das wir zwar die ganzen leichen entfernen aber der Dienst im Adapter nicht gelöscht und wieder auf normal umgestellt wurde. ich kann das eben nur mit meinen Worten wieder geben aber nun bin ich online ohne hssdrv6.sys und tapas und wir können weiter auf fehlersuche gehen. ich beobachte mal meine Router Log txt. denn die war heute noch voll während der online zeit meines Lappis... FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015 Ran by Admin (administrator) on ONEPC on 19-01-2015 20:11:51 Running from C:\Users\Admin\Downloads Loaded Profiles: Admin (Available profiles: Admin & Mcx1-ONEPC & Classic .NET AppPool & .NET v4.5 & .NET v2.0 & .NET v4.5 Classic & .NET v2.0 Classic) Platform: Windows 8.1 Pro with Media Center (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe () C:\Program Files (x86)\Common Files\Nokia\ADUService\ADUService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (iRacing.com Motorsport Simulations, LLC Bedford, MA 01730) D:\Program Files (x86)\iRacing\iRacingService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe (Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe (Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE () C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe (Microsoft Corporation) C:\Windows\System32\snmp.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\System32\vmms.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) C:\Users\Admin\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Electronic Arts) D:\Program Files (x86)\Origin\Origin.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe (Deutsche Telekom AG) C:\Program Files\Netzmanager\netzmanager.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Internettransfer\LxTrans.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe (Geek Software GmbH) D:\Program Files (x86)\PDF24\pdf24.exe (Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe (Mischel Internet Security) C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe (Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531984 2015-01-07] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [MsmqIntCert] => "C:\WINDOWS\System32\regsvr32.exe" /s "C:\WINDOWS\System32\mqrt.dll" HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [TransferManager] => C:\Program Files (x86)\Common Files\Lexware\Internettransfer\LxTrans.exe [444928 2014-06-29] (Haufe-Lexware GmbH & Co. KG) HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2014-06-03] (Haufe-Lexware GmbH & Co. KG) HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc) HKLM-x32\...\Run: [PDFPrint] => d:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH) HKLM-x32\...\Run: [THGuard] => C:\Program Files (x86)\TrojanHunter 5.6\THGuard.exe [1081808 2014-07-30] (Mischel Internet Security) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [SkyDrive] => C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-09] (Microsoft Corporation) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [EADM] => d:\Program Files (x86)\Origin\Origin.exe [3618648 2014-12-19] (Electronic Arts) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [Prime95] => C:\Users\Admin\Downloads\p95v285.win64\prime95.exe [36363264 2014-05-30] () HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Run: [PeerGuardian] => C:\Program Files (x86)\PeerGuardian2\pg2.exe [1421824 2005-09-18] (Methlabs) HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\MountPoints2: {0d48a496-850f-11e3-becb-a417319ede24} - "G:\setup_vmc_lite.exe" /checkApplicationPresence HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\MountPoints2: {78f8706e-00e8-11e4-bf2b-a417319ede24} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL F:\start.exe HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "D:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation) AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [178632 2014-12-13] (NVIDIA Corporation) AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [165760 2014-12-13] (NVIDIA Corporation) Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk ShortcutTarget: Netzmanager.lnk -> C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG) Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk ShortcutTarget: Tintenwarnungen überwachen - .lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{2D7BDE37-83EC-438A-9E1F-A610594DD358}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRW Download Manager.lnk ShortcutTarget: SRW Download Manager.lnk -> C:\IgniteGT\Simraceway\SRWAgent.exe (IgniteGT) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {3746422E-4692-4429-9698-E3EB34FE07BC} hxxp://192.168.1.9:88/FSIPCam.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {960DC750-7447-4CDE-BF1C-FB33F9129654} hxxp://192.168.1.9:5000/webman/3rdparty/SurveillanceStation/object/SSObject3.cab?6.1-2909 DPF: HKLM-x32 {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://192.168.1.117/codebase/DVM_IPCam2.ocx DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b1nx067f.default-1421664205499 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll () FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @IPCWebComponents -> C:\Program Files (x86)\IPCWebComponents\npIPCReg.dll () FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: synology.com/SurveillanceHelper -> C:\Program Files (x86)\Synology\SurveillanceHelper\1.0.0.3\npSurveillanceHelper.dll (Synology) FF Plugin-x32: synology.com/SurveillancePlugin -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.423\npSurveillancePlugin.dll (Synology) FF Plugin HKU\S-1-5-21-2819443126-392552937-1277417864-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-2819443126-392552937-1277417864-1001: hp.com/HPDetect -> C:\Users\Admin\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP) FF Plugin HKU\S-1-5-21-2819443126-392552937-1277417864-1001: synology.com/SSWebPlugin -> C:\Users\Admin\AppData\Roaming\Synology\SSWebPlugin\1.0.0.39\npSSWebPlugin.dll (Synology) FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2015-01-18] FF HKU\S-1-5-21-2819443126-392552937-1277417864-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mpiofm0i.default-1406638029815\extensions\cliqz@cliqz.com Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Admin\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-11-08] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ADUServiceNSRT; C:\Program Files (x86)\Common Files\Nokia\ADUService\ADUService.exe [100984 2014-06-26] () [File not signed] S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-12-03] () S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation) S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2015-01-19] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) S3 DsRoleSvc; C:\Windows\system32\dsrolesrv.dll [280064 2015-01-19] (Microsoft Corporation) R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [372736 2015-01-19] (Microsoft Corporation) S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-12-10] (Futuremark) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-07] (NVIDIA Corporation) R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2015-01-15] (SurfRight B.V.) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-10-03] (Intel Corporation) R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [16896 2015-01-19] (Microsoft Corporation) U2 iprip; C:\Windows\System32\iprip.dll [34816 2015-01-19] (Microsoft Corporation) R2 iRacingService; D:\Program Files (x86)\iRacing\iRacingService.exe [798840 2015-01-13] (iRacing.com Motorsport Simulations, LLC Bedford, MA 01730) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-09-17] (Intel Corporation) R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [62504 2014-06-26] (Haufe-Lexware GmbH & Co. KG) R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [48128 2015-01-19] (Microsoft Corporation) R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2015-01-19] (Microsoft Corporation) R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [168448 2015-01-19] (Microsoft Corporation) R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2015-01-07] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19822736 2015-01-07] (NVIDIA Corporation) S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts) R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-06-13] () R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [387584 2014-09-19] (Qualcomm Atheros) [File not signed] R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3275728 2014-06-24] (Paramount Software UK Ltd) R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [10240 2014-10-29] (Microsoft Corporation) R2 Simraceway Update Service; C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe [1630720 2013-07-11] () [File not signed] R2 SNMP; C:\Windows\System32\snmp.exe [50688 2015-01-19] (Microsoft Corporation) R2 SNMP; C:\Windows\SysWOW64\snmp.exe [46080 2015-01-19] (Microsoft Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH) S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [146944 2015-01-19] (Microsoft Corporation) R2 vmms; C:\Windows\system32\vmms.exe [13784576 2015-01-19] (Microsoft Corporation) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2015-01-19] (Microsoft Corporation) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2015-01-19] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2015-01-19] (Microsoft Corporation) S2 Micro Star SCM; C:\WINDOWS\SysWOW64\MSIService.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3905536 2014-08-22] (Qualcomm Atheros Communications, Inc.) R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [97968 2014-09-11] (Qualcomm Atheros, Inc.) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2015-01-15] () R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [68960 2015-01-19] (Microsoft Corporation) R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.) R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.) S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [19456 2015-01-19] (Microsoft Corporation) S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [11776 2009-04-09] (ZTE Incorporated) [File not signed] S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-18] (Malwarebytes Corporation) R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2015-01-19] (Microsoft Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4263936 2013-06-03] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-07] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [22016 2015-01-19] (Microsoft Corporation) S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [27136 2015-01-19] (Microsoft Corporation) S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] () S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited) S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-06-23] (Research in Motion Limited) S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd) S3 SjtWinIo; C:\Windows\System32\drivers\SjtWinIo.sys [9216 2014-08-26] (SpeedJet Technology INC.) R3 TelekomNM6; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [45664 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) S3 UHSfiltv; C:\Windows\system32\drivers\UHSfiltv.sys [23552 2012-09-12] (Creative Technology Ltd.) [File not signed] S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation) S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [18944 2015-01-19] (Microsoft Corporation) R3 VMSMP; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2014-10-08] (Microsoft Corporation) S3 VMSP; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2014-10-08] (Microsoft Corporation) S3 VMSVSF; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2014-10-08] (Microsoft Corporation) S3 VMSVSP; C:\Windows\system32\DRIVERS\vmswitch.sys [688640 2014-10-08] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S3 AthBTPort; \SystemRoot\system32\DRIVERS\btath_flt.sys [X] S3 BTATH_A2DP; \SystemRoot\system32\drivers\btath_a2dp.sys [X] S3 btath_avdt; \SystemRoot\system32\drivers\btath_avdt.sys [X] S3 BTATH_BUS; \SystemRoot\System32\drivers\btath_bus.sys [X] S3 BTATH_HCRP; \SystemRoot\System32\drivers\btath_hcrp.sys [X] S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X] S3 BTATH_RCP; \SystemRoot\System32\drivers\btath_rcp.sys [X] S3 cpuz138; \??\C:\WINDOWS\TEMP\cpuz138\cpuz138_x64.sys [X] S3 GPUZ; \??\C:\WINDOWS\TEMP\GPUZ.sys [X] S3 hitmanpro37; \??\C:\WINDOWS\system32\drivers\hitmanpro37.sys [X] S1 HssDRV6; \SystemRoot\system32\DRIVERS\hssdrv6.sys [X] S3 pxldapoc; \??\C:\Users\Admin\AppData\Local\Temp\pxldapoc.sys [X] S3 taphss6; \SystemRoot\system32\DRIVERS\taphss6.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-19 18:40 - 2015-01-19 18:41 - 00094809 _____ () C:\WINDOWS\iis.log 2015-01-19 18:40 - 2015-01-19 18:40 - 00000020 ___SH () C:\Users\Classic .NET AppPool\ntuser.ini 2015-01-19 18:40 - 2015-01-19 18:40 - 00000020 ___SH () C:\Users\.NET v4.5\ntuser.ini 2015-01-19 18:40 - 2015-01-19 18:40 - 00000020 ___SH () C:\Users\.NET v4.5 Classic\ntuser.ini 2015-01-19 18:40 - 2015-01-19 18:40 - 00000020 ___SH () C:\Users\.NET v2.0\ntuser.ini 2015-01-19 18:40 - 2015-01-19 18:40 - 00000020 ___SH () C:\Users\.NET v2.0 Classic\ntuser.ini 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\Classic .NET AppPool\Vorlagen 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\Classic .NET AppPool\Startmenü 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\Classic .NET AppPool\Netzwerkumgebung 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\Classic .NET AppPool\Lokale Einstellungen 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\Classic .NET AppPool\Eigene Dateien 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\Classic .NET AppPool\Druckumgebung 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\Classic .NET AppPool\Documents\Eigene Musik 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\Classic .NET AppPool\Documents\Eigene Bilder 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\Classic .NET AppPool\AppData\Local\Verlauf 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\Classic .NET AppPool\AppData\Local\Anwendungsdaten 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\Classic .NET AppPool\Anwendungsdaten 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5\Vorlagen 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5\Startmenü 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5\Netzwerkumgebung 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5\Lokale Einstellungen 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5\Eigene Dateien 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5\Druckumgebung 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5\Documents\Eigene Musik 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5\Documents\Eigene Bilder 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5\AppData\Local\Verlauf 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5\AppData\Local\Anwendungsdaten 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5\Anwendungsdaten 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5 Classic\Vorlagen 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5 Classic\Startmenü 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5 Classic\Netzwerkumgebung 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5 Classic\Lokale Einstellungen 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5 Classic\Eigene Dateien 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5 Classic\Druckumgebung 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5 Classic\Documents\Eigene Musik 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5 Classic\Documents\Eigene Bilder 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5 Classic\AppData\Local\Verlauf 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5 Classic\AppData\Local\Anwendungsdaten 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v4.5 Classic\Anwendungsdaten 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0\Vorlagen 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0\Startmenü 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0\Netzwerkumgebung 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0\Lokale Einstellungen 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0\Eigene Dateien 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0\Druckumgebung 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0\Documents\Eigene Musik 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0\Documents\Eigene Bilder 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0\AppData\Local\Verlauf 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0\AppData\Local\Anwendungsdaten 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0\Anwendungsdaten 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0 Classic\Vorlagen 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0 Classic\Startmenü 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0 Classic\Netzwerkumgebung 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0 Classic\Lokale Einstellungen 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0 Classic\Eigene Dateien 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0 Classic\Druckumgebung 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0 Classic\Documents\Eigene Musik 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0 Classic\Documents\Eigene Bilder 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0 Classic\AppData\Local\Verlauf 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0 Classic\AppData\Local\Anwendungsdaten 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 _SHDL () C:\Users\.NET v2.0 Classic\Anwendungsdaten 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 ____D () C:\Users\Classic .NET AppPool 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 ____D () C:\Users\.NET v4.5 Classic 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 ____D () C:\Users\.NET v4.5 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 ____D () C:\Users\.NET v2.0 Classic 2015-01-19 18:40 - 2015-01-19 18:40 - 00000000 ____D () C:\Users\.NET v2.0 2015-01-19 18:40 - 2014-11-29 09:23 - 00000000 ___RD () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-01-19 18:40 - 2014-11-29 09:23 - 00000000 ___RD () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-19 18:40 - 2014-11-29 09:23 - 00000000 ___RD () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-01-19 18:40 - 2014-11-29 09:23 - 00000000 ___RD () C:\Users\.NET v4.5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-01-19 18:40 - 2014-11-29 09:23 - 00000000 ___RD () C:\Users\.NET v4.5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-19 18:40 - 2014-11-29 09:23 - 00000000 ___RD () C:\Users\.NET v4.5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-01-19 18:40 - 2014-11-29 09:23 - 00000000 ___RD () C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-01-19 18:40 - 2014-11-29 09:23 - 00000000 ___RD () C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-19 18:40 - 2014-11-29 09:23 - 00000000 ___RD () C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-01-19 18:40 - 2014-11-29 09:23 - 00000000 ___RD () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-01-19 18:40 - 2014-11-29 09:23 - 00000000 ___RD () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-19 18:40 - 2014-11-29 09:23 - 00000000 ___RD () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-01-19 18:40 - 2014-11-29 09:23 - 00000000 ___RD () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-01-19 18:40 - 2014-11-29 09:23 - 00000000 ___RD () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-19 18:40 - 2014-11-29 09:23 - 00000000 ___RD () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-01-19 18:40 - 2014-05-23 15:11 - 00000000 ____D () C:\Users\Classic .NET AppPool\AppData\Roaming\Macromedia 2015-01-19 18:40 - 2014-05-23 15:11 - 00000000 ____D () C:\Users\.NET v4.5\AppData\Roaming\Macromedia 2015-01-19 18:40 - 2014-05-23 15:11 - 00000000 ____D () C:\Users\.NET v4.5 Classic\AppData\Roaming\Macromedia 2015-01-19 18:40 - 2014-05-23 15:11 - 00000000 ____D () C:\Users\.NET v2.0\AppData\Roaming\Macromedia 2015-01-19 18:40 - 2014-05-23 15:11 - 00000000 ____D () C:\Users\.NET v2.0 Classic\AppData\Roaming\Macromedia 2015-01-19 18:40 - 2014-05-07 15:18 - 00000000 ____D () C:\Users\Classic .NET AppPool\AppData\Roaming\Garmin 2015-01-19 18:40 - 2014-05-07 15:18 - 00000000 ____D () C:\Users\.NET v4.5\AppData\Roaming\Garmin 2015-01-19 18:40 - 2014-05-07 15:18 - 00000000 ____D () C:\Users\.NET v4.5 Classic\AppData\Roaming\Garmin 2015-01-19 18:40 - 2014-05-07 15:18 - 00000000 ____D () C:\Users\.NET v2.0\AppData\Roaming\Garmin 2015-01-19 18:40 - 2014-05-07 15:18 - 00000000 ____D () C:\Users\.NET v2.0 Classic\AppData\Roaming\Garmin 2015-01-19 18:40 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-01-19 18:40 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-01-19 18:40 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\.NET v4.5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-01-19 18:40 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\.NET v4.5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-01-19 18:40 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-01-19 18:40 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-01-19 18:40 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-01-19 18:40 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-01-19 18:40 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2015-01-19 18:40 - 2014-02-22 05:37 - 00000369 _____ () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2015-01-19 18:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-01-19 18:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\.NET v4.5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-01-19 18:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-01-19 18:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\.NET v2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-01-19 18:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\.NET v2.0 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-01-19 18:37 - 2015-01-19 18:37 - 00000862 _____ () C:\WINDOWS\system32\termcap 2015-01-19 18:37 - 2015-01-19 18:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS 2015-01-19 18:37 - 2015-01-19 18:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hyper-V Management Tools 2015-01-19 18:37 - 2015-01-19 18:37 - 00000000 ____D () C:\WINDOWS\vmguest 2015-01-19 18:37 - 2015-01-19 18:37 - 00000000 ____D () C:\WINDOWS\SysWOW64\BestPractices 2015-01-19 18:37 - 2015-01-19 18:37 - 00000000 ____D () C:\WINDOWS\system32\msmq 2015-01-19 18:37 - 2015-01-19 18:37 - 00000000 ____D () C:\WINDOWS\system32\BestPractices 2015-01-19 18:37 - 2015-01-19 18:37 - 00000000 ____D () C:\WINDOWS\ADAM 2015-01-19 18:37 - 2015-01-19 18:37 - 00000000 ____D () C:\Program Files\Windows Identity Foundation 2015-01-19 18:37 - 2015-01-19 18:37 - 00000000 ____D () C:\Program Files\Hyper-V 2015-01-19 18:37 - 2015-01-19 18:37 - 00000000 ____D () C:\Program Files\CMAK 2015-01-19 18:37 - 2015-01-19 18:37 - 00000000 ____D () C:\Program Files (x86)\CMAK 2015-01-19 18:37 - 2015-01-19 18:37 - 00000000 ____D () C:\inetpub 2015-01-19 16:58 - 2015-01-15 06:08 - 1604350282 _____ () C:\Users\Admin\Downloads\MEMORY.DMP 2015-01-19 15:12 - 2015-01-19 15:12 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-01-19 15:12 - 2015-01-19 15:12 - 00001159 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-01-19 15:12 - 2015-01-19 15:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-19 15:10 - 2015-01-19 15:10 - 00243728 _____ () C:\Users\Admin\Downloads\Firefox Setup Stub 35_0.exe 2015-01-19 15:09 - 2015-01-19 15:09 - 00001410 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-19 07:02 - 2015-01-19 07:02 - 00000636 _____ () C:\Users\Admin\Desktop\JRT.txt 2015-01-19 06:57 - 2015-01-19 06:57 - 01707939 _____ (Thisisu) C:\Users\Admin\Downloads\JRT(1).exe 2015-01-18 16:42 - 2015-01-19 15:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-18 16:27 - 2015-01-18 16:14 - 00852504 _____ () C:\Users\Admin\Desktop\SecurityCheck.exe 2015-01-18 16:14 - 2015-01-18 16:14 - 00852504 _____ () C:\Users\Admin\Downloads\SecurityCheck.exe 2015-01-18 16:09 - 2015-01-18 16:09 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu(3).exe 2015-01-18 10:11 - 2015-01-18 10:11 - 00000000 ____D () C:\Users\Admin\Downloads\FRST-OlderVersion 2015-01-18 09:34 - 2015-01-18 09:34 - 01707939 _____ (Thisisu) C:\Users\Admin\Downloads\JRT.exe 2015-01-18 09:34 - 2015-01-18 09:34 - 00000000 ____D () C:\WINDOWS\ERUNT 2015-01-18 09:31 - 2015-01-18 09:31 - 02186752 _____ () C:\Users\Admin\Downloads\AdwCleaner_4.108(1).exe 2015-01-18 09:18 - 2015-01-18 09:39 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-01-18 09:18 - 2015-01-18 09:18 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-18 09:18 - 2015-01-18 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-18 09:18 - 2015-01-18 09:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-18 09:18 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-01-18 09:18 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-01-18 09:18 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-01-18 09:10 - 2015-01-18 09:11 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028(1).exe 2015-01-18 08:52 - 2014-08-22 09:00 - 03905536 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athwbx.sys 2015-01-18 08:34 - 2015-01-18 08:34 - 00000000 ____D () C:\Dell 2015-01-18 07:26 - 2015-01-18 07:26 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Synaptics 2015-01-18 07:21 - 2015-01-18 08:23 - 00029758 _____ () C:\WINDOWS\DPINST.LOG 2015-01-18 07:21 - 2015-01-18 07:21 - 00001342 _____ () C:\WINDOWS\Synaptics.log 2015-01-18 07:21 - 2015-01-18 07:21 - 00000000 ____D () C:\Program Files\Synaptics 2015-01-18 07:10 - 2015-01-18 07:10 - 00003707 _____ () C:\Users\Admin\Desktop\AdwCleaner[S0].txt 2015-01-18 07:04 - 2015-01-18 07:04 - 00001220 _____ () C:\Users\Admin\Desktop\Malwarebytes Anti-Malware180120150700.txt 2015-01-18 06:50 - 2015-01-19 14:29 - 00001280 _____ () C:\Users\Admin\Desktop\Revo Uninstaller.lnk 2015-01-18 06:50 - 2015-01-19 14:29 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-01-18 06:50 - 2015-01-18 06:50 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Admin\Downloads\revosetup95.exe 2015-01-17 13:14 - 2015-01-19 15:54 - 00000000 ____D () C:\AdwCleaner 2015-01-17 13:14 - 2015-01-17 13:14 - 02186752 _____ () C:\Users\Admin\Downloads\AdwCleaner_4.108.exe 2015-01-17 13:12 - 2015-01-17 13:12 - 00380416 _____ () C:\Users\Admin\Downloads\dsz5321w.exe 2015-01-17 12:42 - 2015-01-17 13:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-01-17 12:41 - 2015-01-17 13:05 - 00000000 ____D () C:\Users\Admin\Desktop\mbar 2015-01-17 12:40 - 2015-01-17 12:41 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Admin\Downloads\mbar-1.08.2.1001.exe 2015-01-17 12:16 - 2015-01-17 12:16 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu(2).exe 2015-01-17 12:08 - 2015-01-17 12:08 - 00013401 _____ () C:\Users\Admin\Downloads\gmerversion2018444.log 2015-01-17 09:48 - 2015-01-19 20:08 - 00005584 _____ () C:\WINDOWS\PFRO.log 2015-01-17 09:47 - 2015-01-17 09:47 - 00009952 _____ () C:\Users\Admin\Desktop\malwarebytestestversion2041028.txt 2015-01-17 09:45 - 2015-01-17 09:45 - 00365568 _____ () C:\Users\Admin\Downloads\gmer-2.0.18444.exe 2015-01-17 09:38 - 2015-01-17 09:38 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-17 09:32 - 2015-01-17 09:32 - 00085001 _____ () C:\Users\Admin\Desktop\Resultminitoolbox.txt 2015-01-17 09:31 - 2015-01-17 09:32 - 00084965 _____ () C:\Users\Admin\Downloads\Result.txt 2015-01-17 09:31 - 2015-01-17 09:31 - 00401920 _____ (Farbar) C:\Users\Admin\Downloads\MiniToolBox.exe 2015-01-17 09:23 - 2015-01-17 09:23 - 00126319 _____ () C:\Users\Admin\Downloads\Shortcut.txt 2015-01-17 09:21 - 2015-01-17 09:21 - 00049295 _____ () C:\Users\Admin\Desktop\FRST.txt 2015-01-17 08:49 - 2015-01-17 08:49 - 00380416 _____ () C:\Users\Admin\Downloads\Gmer-19357.exe 2015-01-17 08:44 - 2015-01-19 20:11 - 00025659 _____ () C:\Users\Admin\Downloads\FRST.txt 2015-01-17 08:44 - 2015-01-19 20:11 - 00000000 ____D () C:\FRST 2015-01-17 08:44 - 2015-01-19 15:58 - 00045186 _____ () C:\Users\Admin\Downloads\Addition.txt 2015-01-17 08:43 - 2015-01-18 10:11 - 02126336 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe 2015-01-17 08:43 - 2015-01-18 10:09 - 00000472 _____ () C:\Users\Admin\Downloads\defogger_disable.log 2015-01-17 08:43 - 2015-01-17 08:43 - 00050477 _____ () C:\Users\Admin\Downloads\Defogger.exe 2015-01-17 08:43 - 2015-01-17 08:43 - 00000000 _____ () C:\Users\Admin\defogger_reenable 2015-01-16 17:10 - 2015-01-16 17:10 - 00000000 ____D () C:\Users\Admin\Downloads\TcpView-3.05 2015-01-16 17:09 - 2015-01-16 17:09 - 01179936 _____ () C:\Users\Admin\Downloads\TCPView - CHIP-Installer.exe 2015-01-16 17:09 - 2015-01-16 17:09 - 00291606 _____ () C:\Users\Admin\Downloads\TcpView-3.05.zip 2015-01-16 14:41 - 2015-01-16 14:41 - 00003657 _____ () C:\Users\Admin\Desktop\virenverdachtdatei.txt 2015-01-16 08:41 - 2015-01-16 08:41 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu(1).exe 2015-01-15 06:14 - 2015-01-19 20:05 - 00000000 ____D () C:\WINDOWS\CryptoGuard 2015-01-15 06:14 - 2015-01-17 08:12 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert 2015-01-15 06:14 - 2015-01-15 06:37 - 00548424 _____ (SurfRight) C:\WINDOWS\system32\hmpalert.dll 2015-01-15 06:14 - 2015-01-15 06:37 - 00477008 _____ (SurfRight) C:\WINDOWS\SysWOW64\hmpalert.dll 2015-01-15 06:14 - 2015-01-15 06:37 - 00093144 _____ () C:\WINDOWS\system32\Drivers\hmpalert.sys 2015-01-15 06:14 - 2015-01-15 06:14 - 01889616 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\hmpalert.exe 2015-01-15 06:14 - 2015-01-15 06:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert 2015-01-15 06:14 - 2015-01-15 06:14 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert 2015-01-15 06:09 - 2015-01-15 06:09 - 00319536 _____ () C:\WINDOWS\Minidump\011515-10203-01.dmp 2015-01-15 06:08 - 2015-01-15 06:08 - 1604350282 _____ () C:\WINDOWS\MEMORY.DMP 2015-01-15 05:52 - 2015-01-15 05:52 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe 2015-01-15 05:52 - 2015-01-15 05:52 - 00000856 _____ () C:\WINDOWS\system32\.crusader 2015-01-15 05:52 - 2015-01-15 05:52 - 00000142 _____ () C:\WINDOWS\system32\bootdelete.lst 2015-01-14 20:20 - 2015-01-14 20:22 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.6 2015-01-14 20:20 - 2015-01-14 20:20 - 00059392 ____R () C:\WINDOWS\SysWOW64\streamhlp.dll 2015-01-14 20:20 - 2015-01-14 20:20 - 00001097 _____ () C:\Users\Admin\Desktop\TrojanHunter.lnk 2015-01-14 20:20 - 2015-01-14 20:20 - 00000000 ____D () C:\ProgramData\TrojanHunter 2015-01-14 20:20 - 2015-01-14 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter 2015-01-14 20:16 - 2015-01-14 20:16 - 00000949 _____ () C:\Users\Mcx1-ONEPC\Desktop\PeerGuardian.lnk 2015-01-14 20:16 - 2015-01-14 20:16 - 00000949 _____ () C:\Users\Admin\Desktop\PeerGuardian.lnk 2015-01-14 20:16 - 2015-01-14 20:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerGuardian 2 2015-01-14 20:16 - 2015-01-14 20:16 - 00000000 ____D () C:\Program Files (x86)\PeerGuardian2 2015-01-14 19:44 - 2015-01-14 19:45 - 02347384 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_deu.exe 2015-01-14 19:44 - 2015-01-14 19:44 - 02209056 _____ () C:\Users\Admin\Downloads\avira-eu-cleaner_de.exe 2015-01-14 19:44 - 2015-01-14 19:44 - 00002072 _____ () C:\Users\Admin\Desktop\Entfernen des Avira EU-Cleaners.lnk 2015-01-14 19:44 - 2015-01-14 19:44 - 00002016 _____ () C:\Users\Admin\Desktop\Avira EU-Cleaner.lnk 2015-01-14 19:35 - 2015-01-15 05:52 - 00000000 ____D () C:\ProgramData\HitmanPro 2015-01-14 19:35 - 2015-01-14 19:35 - 11225840 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\hitmanpro_x64.exe 2015-01-14 19:28 - 2015-01-19 20:08 - 00009541 _____ () C:\WINDOWS\setupact.log 2015-01-14 19:28 - 2015-01-14 19:28 - 00000000 _____ () C:\WINDOWS\setuperr.log 2015-01-14 17:25 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll 2015-01-14 17:25 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll 2015-01-14 10:15 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-01-14 10:15 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-01-14 10:15 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-01-14 10:15 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-01-14 10:15 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-01-14 10:15 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-01-14 10:15 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-01-14 10:15 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-01-14 10:15 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-01-14 10:15 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-01-14 10:15 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-01-14 10:15 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-01-14 10:15 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-01-14 10:15 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-01-14 10:15 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-01-13 14:36 - 2015-01-13 14:41 - 00000000 ____D () C:\Users\Admin\Documents\InfiniteCrisis 2015-01-13 14:36 - 2015-01-13 14:36 - 00000000 ____D () C:\Users\Admin\AppData\Local\InfiniteCrisis 2015-01-13 08:17 - 2015-01-13 12:41 - 00000000 ____D () C:\Users\Admin\AppData\Local\Turbine 2015-01-13 08:08 - 2015-01-13 08:08 - 00000000 ____D () C:\ProgramData\Turbine 2015-01-13 07:17 - 2015-01-13 07:19 - 164623600 _____ () C:\Users\Admin\Desktop\InfiniteCrisisInstaller.exe 2015-01-10 12:50 - 2015-01-10 12:50 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf 2015-01-10 12:49 - 2015-01-10 12:50 - 05410368 _____ (Code Laboratories, Inc.) C:\Users\Admin\Downloads\CL-Eye-Driver-5.3.0.0341.exe 2015-01-10 12:42 - 2015-01-10 12:43 - 23535342 _____ () C:\Users\Admin\Downloads\ECam-V2_0_3_0.zip 2015-01-09 17:16 - 2015-01-09 17:50 - 2840363008 _____ () C:\Users\Admin\Downloads\Image_Windows7_32+64.iso 2015-01-05 14:30 - 2015-01-05 14:30 - 01923104 _____ (CTS Games Ltd. ) C:\Users\Admin\Downloads\szone_webinst.exe 2015-01-04 19:49 - 2015-01-19 20:09 - 00070144 ___SH () C:\Users\Admin\Desktop\Thumbs.db 2015-01-03 16:16 - 2015-01-03 16:16 - 00000876 _____ () C:\Users\Admin\Desktop\X-Motor Racing Launcher.lnk 2015-01-03 16:16 - 2015-01-03 16:16 - 00000831 _____ () C:\Users\Admin\Desktop\X-Motor Racing.lnk 2015-01-03 16:16 - 2015-01-03 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X-Motor Racing Demo 2015-01-03 16:15 - 2015-01-03 16:15 - 00000000 ____D () C:\Games 2015-01-03 16:11 - 2015-01-03 16:14 - 220323599 _____ () C:\Users\Admin\Downloads\x-motor-racing.demo.v1.48.zip 2014-12-30 13:55 - 2014-12-30 13:55 - 00003909 _____ () C:\Users\Admin\Downloads\Transformers.Rise.of.the.Dark.Spark.save100.zip 2014-12-30 13:47 - 2014-12-30 13:47 - 00000000 ____H () C:\Users\Admin\Documents\Default.rdp 2014-12-29 18:53 - 2014-12-29 18:53 - 00000000 ____D () C:\Lohnkonto 2014-12-29 17:46 - 2014-12-29 17:46 - 00002860 _____ () C:\Users\Admin\Desktop\ToppKurierMA2014.csv 2014-12-29 17:42 - 2014-12-29 17:42 - 00004266 _____ () C:\Users\Admin\Desktop\MA2014.txt 2014-12-29 17:35 - 2014-12-29 19:12 - 00000000 ____D () C:\Users\Admin\elan2014 2014-12-29 17:34 - 2014-12-29 17:34 - 00001985 _____ () C:\Users\Admin\Desktop\REHADAT_Elan_2014.lnk 2014-12-29 17:34 - 2014-12-29 17:34 - 00000000 ____D () C:\Users\Admin\elan2014start 2014-12-29 17:34 - 2014-12-29 17:34 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\REHADAT_Elan_2014 2014-12-28 15:26 - 2014-12-28 15:26 - 00000000 ____D () C:\Users\Admin\AppData\Local\Skyrim 2014-12-28 08:06 - 2014-12-28 08:06 - 00000000 ____D () C:\Users\Admin\AppData\Local\techland 2014-12-27 21:21 - 2014-12-27 21:21 - 00000222 _____ () C:\Users\Admin\Desktop\Call of Juarez Gunslinger.url 2014-12-26 08:14 - 2014-12-26 08:14 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2014-12-25 14:03 - 2015-01-19 11:40 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\QuickScan 2014-12-25 09:52 - 2014-12-25 09:52 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2819443126-392552937-1277417864-1001 2014-12-24 20:00 - 2014-12-24 20:00 - 00000222 _____ () C:\Users\Admin\Desktop\Next Car Game Wreckfest.url 2014-12-24 19:03 - 2014-12-24 19:03 - 00000000 ____D () C:\Users\Admin\AppData\Local\next car game technology sneak peek 2014-12-24 19:02 - 2014-12-24 19:02 - 11754447 _____ () C:\Users\Admin\Downloads\ncg_wallpapers.zip 2014-12-24 18:26 - 2014-12-24 19:00 - 00000222 _____ () C:\Users\Admin\Desktop\Next Car Game Sneak Peek 2.0.url 2014-12-24 12:15 - 2014-12-24 12:15 - 00000221 _____ () C:\Users\Admin\Desktop\Cogs.url 2014-12-24 11:39 - 2014-12-24 11:38 - 00000444 _____ () C:\Users\Admin\Desktop\Delivery report.ext 2014-12-22 19:50 - 2015-01-19 18:55 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2819443126-392552937-1277417864-1001 2014-12-22 17:33 - 2014-12-22 17:34 - 06177829 _____ () C:\Users\Admin\Downloads\Helmet&Driver.rar 2014-12-22 17:33 - 2014-12-22 17:33 - 00534227 _____ (Reiza Studios Ltda. ) C:\Users\Admin\Downloads\Marcas_v102_Setup.exe 2014-12-22 12:40 - 2015-01-19 20:09 - 01919859 _____ () C:\WINDOWS\WindowsUpdate.log 2014-12-22 12:37 - 2015-01-19 20:01 - 00005124 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ONEPC-Admin OnePC 2014-12-22 12:34 - 2014-12-22 12:34 - 00002772 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2014-12-22 12:34 - 2014-12-22 12:34 - 00000794 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-12-22 12:34 - 2014-12-22 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-12-22 12:34 - 2014-12-22 12:34 - 00000000 ____D () C:\Program Files\CCleaner 2014-12-22 12:30 - 2015-01-05 14:39 - 00000000 ____D () C:\Program Files (x86)\Panda Security 2014-12-22 12:30 - 2015-01-05 14:38 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Panda Security 2014-12-22 12:30 - 2014-12-22 12:31 - 04036200 _____ (Piriform Ltd) C:\Users\Admin\Downloads\ccsetup500_slim.exe 2014-12-22 12:29 - 2015-01-05 14:38 - 00000000 ____D () C:\ProgramData\Panda Security 2014-12-21 11:49 - 2014-12-21 11:49 - 00000222 _____ () C:\Users\Admin\Desktop\The Great War 1918.url 2014-12-21 11:46 - 2014-12-21 11:46 - 00001373 _____ () C:\Users\Admin\Desktop\The Great War 1918.lnk 2014-12-21 09:44 - 2014-12-21 09:44 - 00000222 _____ () C:\Users\Admin\Desktop\Company of Heroes (New Steam Version).url 2014-12-20 11:53 - 2014-12-25 13:17 - 00000022 _____ () C:\WINDOWS\GPU-Z.INI 2014-12-20 11:43 - 2014-12-20 11:43 - 00000000 ____D () C:\Program Files (x86)\Futuremark 2014-12-20 11:40 - 2014-12-20 11:41 - 02674688 _____ () C:\Users\Admin\Downloads\Futuremark_SystemInfo_v433_installer.msi 2014-12-20 11:40 - 2014-12-20 11:40 - 00000000 ____D () C:\Users\Admin\AppData\Local\Futuremark 2014-12-20 11:33 - 2014-12-20 11:33 - 00001176 _____ () C:\Users\Public\Desktop\3DMark.lnk 2014-12-20 11:33 - 2014-12-20 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark 2014-12-20 11:33 - 2014-12-20 11:33 - 00000000 ____D () C:\Program Files\Futuremark 2014-12-20 08:41 - 2014-12-20 08:41 - 00000975 _____ () C:\Users\Admin\Desktop\TechPowerUp GPU-Z.lnk 2014-12-20 08:41 - 2014-12-20 08:41 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z 2014-12-20 08:41 - 2014-12-20 08:41 - 00000000 ____D () C:\Program Files (x86)\GPU-Z 2014-12-20 08:40 - 2014-12-20 08:40 - 01577464 _____ ( ) C:\Users\Admin\Downloads\cpu-z_1.71.1-setup-en.exe 2014-12-20 08:09 - 2014-12-20 08:09 - 00001098 _____ () C:\Users\Admin\Desktop\MSI Afterburner.lnk 2014-12-20 08:08 - 2014-12-20 08:08 - 00000000 ____D () C:\Users\Admin\Downloads\MSIAfterburnerSetup400 ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-19 20:10 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\inetsrv 2015-01-19 20:09 - 2014-11-12 10:36 - 27590656 _____ () C:\WINDOWS\system32\vmguest.iso 2015-01-19 20:09 - 2013-08-04 19:03 - 00000000 ____D () C:\ProgramData\Origin 2015-01-19 20:09 - 2013-06-04 07:27 - 00000000 __RDO () C:\Users\Admin\SkyDrive 2015-01-19 20:08 - 2014-11-28 10:25 - 32800895 _____ () C:\Simraceway.log 2015-01-19 20:08 - 2013-11-03 10:49 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-19 20:08 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-01-19 20:07 - 2013-08-22 14:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI 2015-01-19 20:05 - 2013-09-30 05:14 - 02192756 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-01-19 20:05 - 2013-09-30 04:58 - 00926386 _____ () C:\WINDOWS\system32\perfh007.dat 2015-01-19 20:05 - 2013-09-30 04:58 - 00222270 _____ () C:\WINDOWS\system32\perfc007.dat 2015-01-19 19:44 - 2013-11-03 10:49 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-19 19:43 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2015-01-19 19:43 - 2013-06-04 18:18 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps 2015-01-19 19:43 - 2013-06-03 18:14 - 00000000 ____D () C:\Users\Admin\AppData\Local\Packages 2015-01-19 19:24 - 2013-11-03 16:46 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-01-19 19:00 - 2013-12-28 10:24 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2015-01-19 18:40 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\registration 2015-01-19 18:40 - 2013-06-03 18:44 - 02127216 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI 2015-01-19 18:37 - 2014-11-29 08:50 - 13784576 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmms.exe 2015-01-19 18:37 - 2014-11-29 08:50 - 06287360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwp.exe 2015-01-19 18:37 - 2014-11-29 08:50 - 03684864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdsai.dll 2015-01-19 18:37 - 2014-11-29 08:50 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsec.dll 2015-01-19 18:37 - 2014-11-29 08:50 - 00233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqad.dll 2015-01-19 18:37 - 2014-11-29 08:50 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsec.dll 2015-01-19 18:37 - 2014-11-29 08:50 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqad.dll 2015-01-19 18:37 - 2014-11-29 08:50 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcmiplugin.dll 2015-01-19 18:37 - 2014-11-29 08:49 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wnv.sys 2015-01-19 18:37 - 2014-11-29 08:49 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsconfig.dll 2015-01-19 18:37 - 2014-11-29 08:49 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcmiplugin.dll 2015-01-19 18:37 - 2014-11-29 08:49 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqmigplugin.dll 2015-01-19 18:37 - 2014-11-29 08:48 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll 2015-01-19 18:37 - 2014-11-29 08:48 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll 2015-01-19 18:37 - 2014-11-29 08:48 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqmigplugin.dll 2015-01-19 18:37 - 2014-11-29 08:48 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wnvapi.dll 2015-01-19 18:37 - 2014-11-29 08:48 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll 2015-01-19 18:37 - 2014-11-29 08:48 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdvGpuInfo.dll 2015-01-19 18:37 - 2014-11-29 08:48 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll 2015-01-19 18:37 - 2014-11-29 08:48 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll 2015-01-19 18:37 - 2014-11-29 08:48 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll 2015-01-19 18:37 - 2014-11-29 08:48 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe 2015-01-19 18:37 - 2014-11-29 08:48 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe 2015-01-19 18:37 - 2014-11-29 08:48 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll 2015-01-19 18:37 - 2014-11-29 08:48 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll 2015-01-19 18:37 - 2014-11-29 08:48 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll 2015-01-19 18:37 - 2014-11-29 08:48 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll 2015-01-19 18:37 - 2014-09-15 05:04 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpdsvc.dll 2015-01-19 18:37 - 2014-09-15 05:04 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\lprmon.dll 2015-01-19 18:37 - 2014-05-16 06:41 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\infoadmn.dll 2015-01-19 18:37 - 2014-05-16 06:41 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\infoadmn.dll 2015-01-19 18:37 - 2014-05-16 06:41 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\infoctrs.dll 2015-01-19 18:37 - 2014-05-16 06:41 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\infoctrs.dll 2015-01-19 18:37 - 2014-04-21 12:08 - 01429336 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2015-01-19 18:37 - 2014-04-21 12:08 - 01390936 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi 2015-01-19 18:37 - 2014-04-21 12:08 - 01378648 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2015-01-19 18:37 - 2014-04-21 12:08 - 01263960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe 2015-01-19 18:37 - 2014-04-21 12:08 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\adprop.dll 2015-01-19 18:37 - 2014-04-21 12:08 - 00421376 _____ (Microsoft Corporation) C:\WINDOWS\system32\synthnic.dll 2015-01-19 18:37 - 2014-04-21 12:08 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmulatedNic.dll 2015-01-19 18:37 - 2014-04-21 12:05 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcdiag.exe 2015-01-19 18:37 - 2014-04-21 12:05 - 00423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcdiag.exe 2015-01-19 18:37 - 2014-04-21 12:05 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\synthstor.dll 2015-01-19 18:37 - 2014-04-21 12:05 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsrolesrv.dll 2015-01-19 18:37 - 2014-04-21 12:04 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdparser.sys 2015-01-19 18:37 - 2014-04-14 08:52 - 00068960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2015-01-19 18:37 - 2014-04-14 08:52 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll 2015-01-19 18:37 - 2013-12-14 08:45 - 00257536 _____ (Microsoft Corporation) C:\WINDOWS\system32\synthfcvdev.dll 2015-01-19 18:37 - 2013-09-30 05:11 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pvhdparser.sys 2015-01-19 18:37 - 2013-09-30 04:58 - 00000000 ____D () C:\WINDOWS\system32\de 2015-01-19 18:37 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-01-19 18:37 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\inetsrv 2015-01-19 18:37 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\schemas 2015-01-19 18:37 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2015-01-19 18:37 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-01-19 18:37 - 2013-08-22 12:48 - 00014688 _____ () C:\WINDOWS\system32\sbresources.dll 2015-01-19 18:37 - 2013-08-22 12:46 - 01466522 _____ () C:\WINDOWS\system32\WindowsVirtualization.V2.mof 2015-01-19 18:37 - 2013-08-22 12:44 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb 2015-01-19 18:37 - 2013-08-22 12:44 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb 2015-01-19 18:37 - 2013-08-22 12:44 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb 2015-01-19 18:37 - 2013-08-22 12:44 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb 2015-01-19 18:37 - 2013-08-22 12:44 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdsmsg.dll 2015-01-19 18:37 - 2013-08-22 12:40 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys 2015-01-19 18:37 - 2013-08-22 12:39 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\passthruparser.sys 2015-01-19 18:37 - 2013-08-22 12:39 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lunparser.sys 2015-01-19 18:37 - 2013-08-22 12:38 - 00039739 _____ () C:\WINDOWS\system32\hypervisor.mof 2015-01-19 18:37 - 2013-08-22 12:35 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll 2015-01-19 18:37 - 2013-08-22 12:34 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdsatq.dll 2015-01-19 18:37 - 2013-08-22 12:34 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\adamssip.dll 2015-01-19 18:37 - 2013-08-22 12:33 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\evntcmd.exe 2015-01-19 18:37 - 2013-08-22 12:33 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdsperf.dll 2015-01-19 18:37 - 2013-08-22 12:33 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmpmib.dll 2015-01-19 18:37 - 2013-08-22 12:32 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdsa.dll 2015-01-19 18:37 - 2013-08-22 12:32 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe 2015-01-19 18:37 - 2013-08-22 12:32 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\lprhelp.dll 2015-01-19 18:37 - 2013-08-22 12:32 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\simptcp.dll 2015-01-19 18:37 - 2013-08-22 12:32 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsamain.exe 2015-01-19 18:37 - 2013-08-22 12:31 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\evntwin.exe 2015-01-19 18:37 - 2013-08-22 12:31 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\evntagnt.dll 2015-01-19 18:37 - 2013-08-22 12:31 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmp.exe 2015-01-19 18:37 - 2013-08-22 12:31 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\TFTP.EXE 2015-01-19 18:37 - 2013-08-22 12:31 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64mib.dll 2015-01-19 18:37 - 2013-08-22 12:31 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\lprmonui.dll 2015-01-19 18:37 - 2013-08-22 12:31 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpr.exe 2015-01-19 18:37 - 2013-08-22 12:31 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpq.exe 2015-01-19 18:37 - 2013-08-22 12:29 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsadb.dll 2015-01-19 18:37 - 2013-08-22 12:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdskcc.dll 2015-01-19 18:37 - 2013-08-22 12:27 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lmmib2.dll 2015-01-19 18:37 - 2013-08-22 12:26 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe 2015-01-19 18:37 - 2013-08-22 12:25 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsmgmt.exe 2015-01-19 18:37 - 2013-08-22 12:25 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprip.dll 2015-01-19 18:37 - 2013-08-22 12:25 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspperf.dll 2015-01-19 18:37 - 2013-08-22 12:22 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\repadmin.exe 2015-01-19 18:37 - 2013-08-22 12:22 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetProj.exe 2015-01-19 18:37 - 2013-08-22 12:20 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdsbsrv.dll 2015-01-19 18:37 - 2013-08-22 12:20 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\hostmib.dll 2015-01-19 18:37 - 2013-08-22 12:20 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll 2015-01-19 18:37 - 2013-08-22 12:17 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlntsvr.exe 2015-01-19 18:37 - 2013-08-22 12:13 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsacls.exe 2015-01-19 18:37 - 2013-08-22 12:12 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\csvde.exe 2015-01-19 18:37 - 2013-08-22 12:11 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ldifde.exe 2015-01-19 18:37 - 2013-08-22 12:10 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ldp.exe 2015-01-19 18:37 - 2013-08-22 12:05 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdsetup.dll 2015-01-19 18:37 - 2013-08-22 11:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HyperVSysprepProvider.dll 2015-01-19 18:37 - 2013-08-22 11:53 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll 2015-01-19 18:37 - 2013-08-22 11:53 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsuiwiz.dll 2015-01-19 18:37 - 2013-08-22 11:51 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqtrig.dll 2015-01-19 18:37 - 2013-08-22 11:45 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\telnet.exe 2015-01-19 18:37 - 2013-08-22 11:45 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDEWSProxy.DLL 2015-01-19 18:37 - 2013-08-22 11:44 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\CRPPresentation.dll 2015-01-19 18:37 - 2013-08-22 11:41 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqtgsvc.exe 2015-01-19 18:37 - 2013-08-22 11:39 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\schmmgmt.dll 2015-01-19 18:37 - 2013-08-22 11:36 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlntsess.exe 2015-01-19 18:37 - 2013-08-22 11:36 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqise.dll 2015-01-19 18:37 - 2013-08-22 11:35 - 00759808 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsiedit.dll 2015-01-19 18:37 - 2013-08-22 11:35 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteFileBrowse.dll 2015-01-19 18:37 - 2013-08-22 11:34 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsdbutil.exe 2015-01-19 18:37 - 2013-08-22 11:33 - 01093632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsadmin.dll 2015-01-19 18:37 - 2013-08-22 11:31 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmpsnap.dll 2015-01-19 18:37 - 2013-08-22 11:27 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlntadmn.exe 2015-01-19 18:37 - 2013-08-22 11:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDRCWSProxy.DLL 2015-01-19 18:37 - 2013-08-22 11:24 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetProjW.dll 2015-01-19 18:37 - 2013-08-22 11:23 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll 2015-01-19 18:37 - 2013-08-22 11:19 - 00788992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll 2015-01-19 18:37 - 2013-08-22 11:16 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMCNative.dll 2015-01-19 18:37 - 2013-08-22 11:10 - 01408512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll 2015-01-19 18:37 - 2013-08-22 10:53 - 00033280 _____ () C:\WINDOWS\system32\ActivationVdev.dll 2015-01-19 18:37 - 2013-08-22 10:50 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll 2015-01-19 18:37 - 2013-08-22 10:39 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbusvdev.dll 2015-01-19 18:37 - 2013-08-22 10:38 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmprox.dll 2015-01-19 18:37 - 2013-08-22 10:38 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmwpctrl.dll 2015-01-19 18:37 - 2013-08-22 10:34 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmickvpexchange.dll 2015-01-19 18:37 - 2013-08-22 10:33 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicshutdown.dll 2015-01-19 18:37 - 2013-08-22 10:33 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicguestinterface.dll 2015-01-19 18:37 - 2013-08-22 10:33 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmictimesync.dll 2015-01-19 18:37 - 2013-08-22 10:31 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicheartbeat.dll 2015-01-19 18:37 - 2013-08-22 10:30 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicvss.dll 2015-01-19 18:37 - 2013-08-22 10:29 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmicrdv.dll 2015-01-19 18:37 - 2013-08-22 10:19 - 02159616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdp4vs.dll 2015-01-19 18:37 - 2013-08-22 09:29 - 00144646 _____ () C:\WINDOWS\system32\dssite.msc 2015-01-19 18:37 - 2013-08-22 09:29 - 00144380 _____ () C:\WINDOWS\system32\adsiedit.msc 2015-01-19 18:37 - 2013-08-22 09:25 - 00533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmconnect.exe 2015-01-19 18:37 - 2013-08-22 08:35 - 00144967 _____ () C:\WINDOWS\system32\virtmgmt.msc 2015-01-19 18:37 - 2013-08-22 07:59 - 00047974 _____ () C:\WINDOWS\system32\IIsScHlp.wsc 2015-01-19 18:37 - 2013-08-22 07:59 - 00041401 _____ () C:\WINDOWS\system32\IIsExt.vbs 2015-01-19 18:37 - 2013-08-22 07:59 - 00009096 _____ () C:\WINDOWS\system32\msmqtrc.mof 2015-01-19 18:37 - 2013-08-22 07:58 - 00107882 _____ () C:\WINDOWS\system32\mib_ii.mib 2015-01-19 18:37 - 2013-08-22 07:58 - 00048593 _____ () C:\WINDOWS\system32\hostmib.mib 2015-01-19 18:37 - 2013-08-22 07:58 - 00034317 _____ () C:\WINDOWS\system32\msiprip2.mib 2015-01-19 18:37 - 2013-08-22 07:58 - 00030448 _____ () C:\WINDOWS\system32\mcastmib.mib 2015-01-19 18:37 - 2013-08-22 07:58 - 00026236 _____ () C:\WINDOWS\system32\wins.mib 2015-01-19 18:37 - 2013-08-22 07:58 - 00026100 _____ () C:\WINDOWS\system32\lmmib2.mib 2015-01-19 18:37 - 2013-08-22 07:58 - 00022462 _____ () C:\WINDOWS\system32\rfc2571.mib 2015-01-19 18:37 - 2013-08-22 07:58 - 00021271 _____ () C:\WINDOWS\system32\http.mib 2015-01-19 18:37 - 2013-08-22 07:58 - 00015799 _____ () C:\WINDOWS\system32\ipforwd.mib 2015-01-19 18:37 - 2013-08-22 07:58 - 00015032 _____ () C:\WINDOWS\system32\authserv.mib 2015-01-19 18:37 - 2013-08-22 07:58 - 00014032 _____ () C:\WINDOWS\system32\accserv.mib 2015-01-19 18:37 - 2013-08-22 07:58 - 00013767 _____ () C:\WINDOWS\system32\msipbtp.mib 2015-01-19 18:37 - 2013-08-22 07:58 - 00006179 _____ () C:\WINDOWS\system32\ftp.mib 2015-01-19 18:37 - 2013-08-22 07:58 - 00004597 _____ () C:\WINDOWS\system32\dhcp.mib 2015-01-19 18:37 - 2013-08-22 07:58 - 00004411 _____ () C:\WINDOWS\system32\smi.mib 2015-01-19 18:37 - 2013-08-22 05:16 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb 2015-01-19 18:37 - 2013-08-22 05:16 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb 2015-01-19 18:37 - 2013-08-22 05:16 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb 2015-01-19 18:37 - 2013-08-22 05:16 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb 2015-01-19 18:37 - 2013-08-22 05:06 - 00563712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll 2015-01-19 18:37 - 2013-08-22 05:05 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\snmpmib.dll 2015-01-19 18:37 - 2013-08-22 05:04 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evntcmd.exe 2015-01-19 18:37 - 2013-08-22 05:04 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdsperf.dll 2015-01-19 18:37 - 2013-08-22 05:03 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evntagnt.dll 2015-01-19 18:37 - 2013-08-22 05:03 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\snmp.exe 2015-01-19 18:37 - 2013-08-22 05:02 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evntwin.exe 2015-01-19 18:37 - 2013-08-22 05:00 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lmmib2.dll 2015-01-19 18:37 - 2013-08-22 04:59 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsmgmt.exe 2015-01-19 18:37 - 2013-08-22 04:59 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspperf.dll 2015-01-19 18:37 - 2013-08-22 04:56 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\repadmin.exe 2015-01-19 18:37 - 2013-08-22 04:54 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll 2015-01-19 18:37 - 2013-08-22 04:53 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hostmib.dll 2015-01-19 18:37 - 2013-08-22 04:48 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsacls.exe 2015-01-19 18:37 - 2013-08-22 04:46 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ldifde.exe 2015-01-19 18:37 - 2013-08-22 04:46 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\csvde.exe 2015-01-19 18:37 - 2013-08-22 04:31 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll 2015-01-19 18:37 - 2013-08-22 04:29 - 00165888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqtrig.dll 2015-01-19 18:37 - 2013-08-22 04:25 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDEWSProxy.DLL 2015-01-19 18:37 - 2013-08-22 04:19 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqise.dll 2015-01-19 18:37 - 2013-08-22 04:17 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsdbutil.exe 2015-01-19 18:37 - 2013-08-22 04:15 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\snmpsnap.dll 2015-01-19 18:37 - 2013-08-22 04:09 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDRCWSProxy.DLL 2015-01-19 18:37 - 2013-08-22 04:08 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll 2015-01-19 18:37 - 2013-08-22 04:05 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll 2015-01-19 18:37 - 2013-08-22 04:03 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SMCNative.dll 2015-01-19 18:37 - 2013-08-22 02:39 - 01140224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Windows.Smc.dll 2015-01-19 18:37 - 2013-08-22 02:39 - 00033614 _____ () C:\WINDOWS\system32\ScanManagement.msc 2015-01-19 18:37 - 2013-08-22 00:55 - 00009096 _____ () C:\WINDOWS\SysWOW64\msmqtrc.mof 2015-01-19 18:37 - 2013-08-22 00:54 - 00047974 _____ () C:\WINDOWS\SysWOW64\IIsScHlp.wsc 2015-01-19 18:37 - 2013-08-22 00:54 - 00041401 _____ () C:\WINDOWS\SysWOW64\IIsExt.vbs 2015-01-19 18:37 - 2013-08-22 00:53 - 00107882 _____ () C:\WINDOWS\SysWOW64\mib_ii.mib 2015-01-19 18:37 - 2013-08-22 00:53 - 00048593 _____ () C:\WINDOWS\SysWOW64\hostmib.mib 2015-01-19 18:37 - 2013-08-22 00:53 - 00034317 _____ () C:\WINDOWS\SysWOW64\msiprip2.mib 2015-01-19 18:37 - 2013-08-22 00:53 - 00030448 _____ () C:\WINDOWS\SysWOW64\mcastmib.mib 2015-01-19 18:37 - 2013-08-22 00:53 - 00026236 _____ () C:\WINDOWS\SysWOW64\wins.mib 2015-01-19 18:37 - 2013-08-22 00:53 - 00026100 _____ () C:\WINDOWS\SysWOW64\lmmib2.mib 2015-01-19 18:37 - 2013-08-22 00:53 - 00022462 _____ () C:\WINDOWS\SysWOW64\rfc2571.mib 2015-01-19 18:37 - 2013-08-22 00:53 - 00021271 _____ () C:\WINDOWS\SysWOW64\http.mib 2015-01-19 18:37 - 2013-08-22 00:53 - 00015799 _____ () C:\WINDOWS\SysWOW64\ipforwd.mib 2015-01-19 18:37 - 2013-08-22 00:53 - 00015032 _____ () C:\WINDOWS\SysWOW64\authserv.mib 2015-01-19 18:37 - 2013-08-22 00:53 - 00014032 _____ () C:\WINDOWS\SysWOW64\accserv.mib 2015-01-19 18:37 - 2013-08-22 00:53 - 00013767 _____ () C:\WINDOWS\SysWOW64\msipbtp.mib 2015-01-19 18:37 - 2013-08-22 00:53 - 00006179 _____ () C:\WINDOWS\SysWOW64\ftp.mib 2015-01-19 18:37 - 2013-08-22 00:53 - 00004597 _____ () C:\WINDOWS\SysWOW64\dhcp.mib 2015-01-19 18:37 - 2013-08-22 00:53 - 00004411 _____ () C:\WINDOWS\SysWOW64\smi.mib 2015-01-19 18:37 - 2012-07-26 11:27 - 00000000 ____D () C:\WINDOWS\system32\0407 2015-01-19 18:37 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-01-19 15:09 - 2014-09-28 09:25 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Raptr 2015-01-19 15:09 - 2013-11-03 07:37 - 00000000 ____D () C:\Fraps 2015-01-19 09:46 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-01-18 11:16 - 2014-04-13 18:20 - 00000000 ____D () C:\Users\Admin\Documents\Garmin 2015-01-18 11:16 - 2014-04-13 18:19 - 00000000 ____D () C:\Program Files (x86)\Garmin 2015-01-18 11:16 - 2014-04-13 18:16 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Garmin 2015-01-18 11:16 - 2014-04-13 18:16 - 00000000 ____D () C:\Users\Admin\AppData\Local\Garmin 2015-01-18 11:16 - 2014-04-13 18:16 - 00000000 ____D () C:\ProgramData\Garmin 2015-01-18 11:16 - 2013-10-04 13:33 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-18 11:06 - 2014-11-15 10:45 - 00000000 ____D () C:\ProgramData\eMule 2015-01-18 10:56 - 2013-06-03 18:28 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-18 10:46 - 2013-10-23 15:32 - 00000000 ____D () C:\Users\Admin 2015-01-18 10:33 - 2014-10-21 11:59 - 00000000 ____D () C:\ProgramData\Netzmanager 2015-01-18 10:33 - 2014-10-20 16:39 - 00000000 ____D () C:\Users\Mcx1-ONEPC 2015-01-18 09:03 - 2014-08-03 04:32 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\StormFall 2015-01-18 08:45 - 2013-06-03 18:27 - 00000000 ____D () C:\WINDOWS\tmpdrv 2015-01-18 08:38 - 2014-04-13 13:41 - 00000132 _____ () C:\Users\Admin\AppData\Local\killertool.log 2015-01-18 07:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-01-17 09:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\IME 2015-01-17 09:20 - 2014-08-26 16:37 - 00000000 ____D () C:\Users\Admin\Desktop\Neues Verzeichnis 2015-01-17 08:39 - 2013-06-20 18:11 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TeamViewer 2015-01-15 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-01-15 06:09 - 2014-01-17 15:30 - 00000000 ____D () C:\WINDOWS\Minidump 2015-01-14 19:23 - 2013-06-27 19:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\TS3Client 2015-01-14 10:34 - 2013-07-12 17:28 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-01-14 10:31 - 2013-06-03 19:18 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-01-13 21:46 - 2013-06-04 07:07 - 00000000 ____D () C:\ProgramData\Lexware 2015-01-13 19:24 - 2013-11-03 16:46 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-01-13 18:25 - 2014-02-11 16:50 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\apsec 2015-01-13 08:17 - 2014-08-19 15:45 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe 2015-01-13 07:07 - 2014-12-02 10:55 - 00000000 ____D () C:\Users\Admin\Documents\The Crew 2015-01-13 07:07 - 2014-03-01 12:42 - 00000000 ____D () C:\Users\Admin\Documents\DayZ 2015-01-13 07:07 - 2013-09-26 18:04 - 00000000 ____D () C:\Users\Admin\Documents\Arma 3 2015-01-10 16:31 - 2013-06-27 08:14 - 00000000 ____D () C:\Users\Admin\Documents\Outlook-Dateien 2015-01-07 08:35 - 2014-06-03 10:45 - 01291280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll 2015-01-07 08:35 - 2014-04-08 20:01 - 02210224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll 2015-01-07 08:34 - 2014-06-03 10:45 - 01715408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll 2015-01-07 08:34 - 2014-04-08 20:01 - 02824504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll 2015-01-06 01:08 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-01-06 01:08 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-05 14:39 - 2014-12-17 22:00 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV 2015-01-05 14:39 - 2014-12-17 22:00 - 00000000 ____D () C:\WINDOWS\system32\NV 2015-01-05 14:39 - 2013-08-22 15:44 - 00500104 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-01-05 14:34 - 2013-08-04 19:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Origin 2015-01-03 08:38 - 2014-12-19 13:00 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc 2015-01-03 08:22 - 2013-08-22 16:36 - 00000000 __RHD () C:\Users\Public\Libraries 2014-12-31 12:14 - 2013-06-03 19:24 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2014-12-31 11:31 - 2013-11-30 13:20 - 00000000 ____D () C:\Users\Admin\Documents\SimCity 2014-12-28 11:52 - 2013-06-04 16:16 - 00000000 ____D () C:\Users\Admin\Documents\my games 2014-12-28 09:27 - 2013-08-26 18:03 - 00000000 ____D () C:\Users\Admin\Documents\4A Games 2014-12-27 21:21 - 2013-06-05 20:49 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-12-25 10:02 - 2014-10-05 11:21 - 00007602 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg 2014-12-25 07:33 - 2013-07-07 18:47 - 00000000 ____D () C:\Users\Admin\AppData\Local\4A Games 2014-12-23 20:23 - 2014-04-21 10:25 - 00000000 ____D () C:\Users\Admin\Downloads\recuva 8gb stick 2014-12-23 06:55 - 2013-09-12 07:56 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-12-22 12:18 - 2013-11-17 08:59 - 00015512 _____ () C:\Users\Admin\Downloads\hijackthis.log 2014-12-22 12:15 - 2013-11-17 09:04 - 00000000 ____D () C:\Users\Admin\Downloads\backups 2014-12-21 08:24 - 2013-06-22 13:07 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\.rFactor 2014-12-21 08:03 - 2013-06-20 18:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rFactor 2 2014-12-20 19:56 - 2014-12-02 10:55 - 00000000 ____D () C:\Users\Admin\Documents\ProfileCache 2014-12-20 18:31 - 2014-08-26 16:52 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server 2014-12-20 11:57 - 2013-08-25 15:25 - 00000000 ____D () C:\Users\Admin\Documents\3DMark 2014-12-20 08:40 - 2014-07-15 15:20 - 00000845 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk 2014-12-20 08:09 - 2013-11-03 07:59 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx 2014-12-20 08:09 - 2013-11-03 07:59 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner 2014-12-20 08:09 - 2013-11-03 07:59 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner 2014-12-20 06:40 - 2014-12-15 22:52 - 00000000 ____D () C:\Users\Admin\Documents\Assetto Corsa ==================== Files in the root of some directories ======= 2014-07-05 19:34 - 2014-07-06 05:11 - 0000154 _____ () C:\Users\Admin\AppData\Roaming\Rim.Desktop.Exception.log 2014-07-05 19:34 - 2014-11-28 10:20 - 0001937 _____ () C:\Users\Admin\AppData\Roaming\Rim.Desktop.HttpServerSetup.log 2014-07-05 19:34 - 2014-07-06 05:11 - 0000154 _____ () C:\Users\Admin\AppData\Roaming\Rim.DesktopHelper.Exception.log 2014-04-13 13:44 - 2014-10-23 09:10 - 0000000 _____ () C:\Users\Admin\AppData\Local\BluetoothPresent.flag 2014-04-13 13:44 - 2014-10-23 09:10 - 0000000 _____ () C:\Users\Admin\AppData\Local\Driver_Jupiter_01Present.flag 2014-04-13 13:44 - 2014-10-23 09:10 - 0000000 _____ () C:\Users\Admin\AppData\Local\Driver_LOM_8161Present.flag 2014-11-09 07:59 - 2014-11-09 08:00 - 0318088 _____ () C:\Users\Admin\AppData\Local\HDGraph.log 2014-04-13 13:41 - 2015-01-18 08:38 - 0000132 _____ () C:\Users\Admin\AppData\Local\killertool.log 2014-01-04 17:12 - 2014-11-10 16:33 - 0000600 _____ () C:\Users\Admin\AppData\Local\PUTTY.RND 2014-10-05 11:21 - 2014-12-25 10:02 - 0007602 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg 2013-09-09 14:29 - 2013-09-09 14:29 - 0000057 _____ () C:\ProgramData\Ament.ini ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-18 15:22 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- hier ein Link für das Bild vom netzwerkdienst hotspotshield der immer noch zu installieren ginge https://onedrive.live.com/?cid=9f32aba1b2778102&id=9F32ABA1B2778102!164273&v=3&ithint=photo,jpg&authkey=!ABihEqmw3jPHlF4 Guten Morgen und täglich grüsst das Murmeltier hab aber den Netzmanager deinstalliert wegen der doppelten Anmeldung um das zu beobachten.... aber 6:55 kam noch mal ein angriff da war schon der Netzmanager weg... Code:
ATTFilter 20.01.2015 06:55:33 DoS(Denial of Service) Angriff UDP flood wurde entdeckt. (FW101) 20.01.2015 06:51:53 Doppelte Benutzeranmeldung von IP-Adresse 192.168.2.14 20.01.2015 06:51:37 DoS(Denial of Service) Angriff SYN Flood Stop wurde entdeckt. (FW101) 20.01.2015 06:51:36 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:51:36 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:51:36 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:51:35 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:51:24 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:51:23 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:51:23 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:51:22 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:51:21 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:51:21 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:51:21 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:51:20 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:51:20 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:51:20 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:51:20 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:51:20 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:51:19 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:50:57 192.168.2.14 Anmeldung erfolgreich. (G101) 20.01.2015 06:46:45 DoS(Denial of Service) Angriff SYN Flood Stop wurde entdeckt. (FW101) 20.01.2015 06:46:44 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:46:44 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:46:44 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:46:43 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:46:43 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:46:43 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:46:42 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:46:42 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:46:42 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:46:41 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:46:41 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:46:40 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:46:39 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:46:39 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:46:39 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:43:37 DoS(Denial of Service) Angriff SYN Flood Stop wurde entdeckt. (FW101) 20.01.2015 06:43:37 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:43:37 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:43:37 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:43:37 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:43:36 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:43:36 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:43:28 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:43:28 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:43:28 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:43:28 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:43:28 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:43:28 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:41:51 DoS(Denial of Service) Angriff SYN Flood Stop wurde entdeckt. (FW101) 20.01.2015 06:41:29 DoS(Denial of Service) Angriff SYN Flood Stop wurde entdeckt. (FW101) 20.01.2015 06:41:28 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:41:28 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:41:27 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:41:24 DoS(Denial of Service) Angriff SYN Flood Stop wurde entdeckt. (FW101) 20.01.2015 06:41:24 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:41:24 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:36:35 DoS(Denial of Service) Angriff SYN Flood Stop wurde entdeckt. (FW101) 20.01.2015 06:36:34 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:36:34 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:36:34 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:36:34 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:36:33 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:36:33 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:36:33 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:36:33 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:36:32 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:36:32 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:36:32 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:36:32 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:36:32 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:36:32 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:36:32 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:36:31 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:36:31 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:36:30 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:36:30 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:36:30 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:36:29 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:36:29 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:31:47 DoS(Denial of Service) Angriff SYN Flood Stop wurde entdeckt. (FW101) 20.01.2015 06:31:47 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:31:47 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:31:46 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:31:46 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:31:46 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:31:46 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:31:45 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:31:45 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:31:45 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:31:45 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:31:35 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:31:33 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:31:33 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:31:32 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:31:32 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:31:32 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:31:30 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:31:30 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:31:30 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:31:30 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:31:29 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:31:29 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:29:45 Doppelte Benutzeranmeldung von IP-Adresse 192.168.2.14 20.01.2015 06:28:47 Doppelte Benutzeranmeldung von IP-Adresse 192.168.2.14 20.01.2015 06:28:37 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:28:37 DoS(Denial of Service) Angriff SYN Flood Stop wurde entdeckt. (FW101) 20.01.2015 06:28:37 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:28:36 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:28:36 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:28:35 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:28:35 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:28:35 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:28:34 DoS(Denial of Service) Angriff SYN Flood wurde entdeckt. (FW101) 20.01.2015 06:28:01 DHCP ist aktiv: LAN MAC Adresse <DC:D3:21:CF:D2:08> IP-Adresse <192.168.2.3> Subnetzmaske <255.255.255.0> DNS-Server <192.168.2.1> Gateway <192.168.2.1> Lease Time <Immer> (H001) 20.01.2015 06:27:49 Doppelte Benutzeranmeldung von IP-Adresse 192.168.2.14 20.01.2015 06:27:49 DHCP ist aktiv: LAN MAC Adresse <DC:D3:21:CF:D2:08> IP-Adresse <192.168.2.3> Subnetzmaske <255.255.255.0> DNS-Server <192.168.2.1> Gateway <192.168.2.1> Lease Time <Immer> (H001) 20.01.2015 06:27:48 DHCP ist aktiv: LAN MAC Adresse <DC:D3:21:CF:D2:08> IP-Adresse <192.168.2.3> Subnetzmaske <255.255.255.0> DNS-Server <192.168.2.1> Gateway <192.168.2.1> Lease Time <Immer> (H001) 20.01.2015 06:27:35 DHCP ist aktiv: LAN MAC Adresse <DC:D3:21:CF:D2:08> IP-Adresse <192.168.2.3> Subnetzmaske <255.255.255.0> DNS-Server <192.168.2.1> Gateway <192.168.2.1> Lease Time <Immer> (H001) 20.01.2015 06:26:51 Doppelte Benutzeranmeldung von IP-Adresse 192.168.2.14 20.01.2015 06:25:54 Doppelte Benutzeranmeldung von IP-Adresse 192.168.2.14 20.01.2015 06:24:56 Doppelte Benutzeranmeldung von IP-Adresse 192.168.2.14 20.01.2015 06:24:00 Doppelte Benutzeranmeldung von IP-Adresse 192.168.2.14 20.01.2015 06:23:00 Doppelte Benutzeranmeldung von IP-Adresse 192.168.2.14 20.01.2015 06:22:03 Doppelte Benutzeranmeldung von IP-Adresse 192.168.2.14 20.01.2015 06:21:05 Doppelte Benutzeranmeldung von IP-Adresse 192.168.2.14 Geändert von andto (19.01.2015 um 22:01 Uhr) |
Themen zu nur Laptop sendet Dos Attacke Syn und UDP Flood an Router W921v |
abmeldung, aktiv, angemeldet, angriff, anmeldung, attacke, denial of service, dos, entdeck, gelöscht, gmer, griff, guten, interne, laptop, logfiles, morgen, netto, neu, probleme, rechner, router, service, syn flood, udp, upload, w921v, woche |