| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.01.2015, 12:59
| #4 |
 |  Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam Anhang 72206 Anhang 72207 FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01 Ran by ms (administrator) on KLEOPATRA on 27-01-2015 13:00:20 Running from C:\Users\ms\Downloads\Firefox\Neuer Ordner Loaded Profiles: ms (Available profiles: ms & Marina) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files\P4G\BatteryLife.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe () C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (AVM Berlin) C:\Program Files\FRITZ!DSL\FwebProt.exe () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (ASUS) C:\Windows\AsScrPro.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] () HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] () HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [57393 2004-03-09] (ScanSoft, Inc.) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH) HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2014-11-05] (RealNetworks, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-348309450-1816809450-22596906-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-348309450-1816809450-22596906-1001\...\MountPoints2: {789e5a69-283a-11e3-80c9-14dae951dcb4} - F:\Autorun.exe HKU\S-1-5-21-348309450-1816809450-22596906-1001\...\MountPoints2: {b64c869c-2b90-11e3-a03f-14dae951dcb4} - G:\Autorun.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin) Startup: C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Users\ms\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.) ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com HKU\S-1-5-21-348309450-1816809450-22596906-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-348309450-1816809450-22596906-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) Winsock: Catalog5 10 %ProgramFiles(x86)%\FRITZ!DSL\\sarah.dll File Not found () Winsock: Catalog5-x64 10 C:\Program Files\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\b8qlvk6x.default-1417579723982 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-348309450-1816809450-22596906-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer) FF Extension: NoScript - C:\Users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\b8qlvk6x.default-1417579723982\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-12-03] FF Extension: eCleaner - C:\Users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\b8qlvk6x.default-1417579723982\Extensions\{c72c0c73-4eb0-4fb3-af0f-074e97326cfd}.xpi [2015-01-26] FF Extension: Adblock Plus - C:\Users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\b8qlvk6x.default-1417579723982\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-03] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-05] FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext Chrome: ======= CHR Profile: C:\Users\ms\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (RealDownloader) - C:\Users\ms\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-03-06] CHR Extension: (Google Wallet) - C:\Users\ms\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-15] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AFBAgent; C:\Windows\system32\FBAgent.exe [377264 2010-09-30] (ASUSTeK Computer Inc.) [File not signed] R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin) R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 assd; C:\Windows\System32\Drivers\assd.sys [27264 2010-04-28] (ASUS Corporation) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-10-02] (DT Soft Ltd) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-27] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R1 MpKsl2ee2b510; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CCD1ED66-16F5-477A-8BCB-5F095394CA37}\MpKsl2ee2b510.sys [45352 2015-01-27] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-20] () R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-10-02] (Duplex Secure Ltd.) U3 ax2qs7pp; C:\Windows\System32\Drivers\ax2qs7pp.sys [0 ] (JMicron Technology Corporation) <==== ATTENTION (zero size file/folder) S3 ipswuio; System32\DRIVERS\ipswuio.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-27 12:45 - 2015-01-27 13:00 - 00000000 ___DC () C:\FRST 2015-01-27 11:08 - 2015-01-27 11:08 - 00120320 ____C () C:\Users\ms\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-27 10:53 - 2015-01-27 10:54 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-27 10:52 - 2015-01-27 10:52 - 00001100 ____C () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-27 10:52 - 2015-01-27 10:52 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-27 10:52 - 2015-01-27 10:52 - 00000000 ___DC () C:\ProgramData\Malwarebytes 2015-01-27 10:52 - 2015-01-27 10:52 - 00000000 ___DC () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-27 10:52 - 2014-11-21 06:14 - 00093400 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-27 10:52 - 2014-11-21 06:14 - 00063704 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-27 10:52 - 2014-11-21 06:14 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-26 23:09 - 2015-01-26 23:14 - 00002119 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2015-01-26 23:09 - 2015-01-26 23:14 - 00001912 ____C () C:\Windows\epplauncher.mif 2015-01-26 23:08 - 2015-01-26 23:13 - 00000000 ___DC () C:\Program Files (x86)\Microsoft Security Client 2015-01-26 23:07 - 2015-01-26 23:14 - 00000000 ___DC () C:\Program Files\Microsoft Security Client 2015-01-26 22:29 - 2015-01-26 22:29 - 00000000 ____C () C:\Windows\SysWOW64\sho9EF.tmp 2015-01-26 22:18 - 2015-01-26 22:20 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox 2015-01-26 19:11 - 2015-01-26 19:11 - 00000000 ____C () C:\autoexec.bat 2015-01-26 19:10 - 2015-01-26 19:10 - 00000000 ___DC () C:\sh4ldr 2015-01-26 19:09 - 2015-01-26 19:09 - 00000000 ___DC () C:\Program Files\Enigma Software Group 2015-01-23 15:26 - 2015-01-26 21:47 - 00000000 ___DC () C:\FreeOCR 2015-01-22 21:28 - 2015-01-26 21:46 - 00000000 ___DC () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-01-22 21:28 - 2015-01-26 21:46 - 00000000 ___DC () C:\Program Files\iTunes 2015-01-22 21:28 - 2015-01-26 21:46 - 00000000 ___DC () C:\Program Files (x86)\iTunes 2015-01-22 21:28 - 2015-01-22 21:28 - 00000000 ___DC () C:\Program Files\iPod 2015-01-22 21:18 - 2015-01-22 21:28 - 00000000 ___DC () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2015-01-22 21:16 - 2015-01-26 21:47 - 00000000 ___DC () C:\Program Files (x86)\Bonjour 2015-01-22 21:16 - 2015-01-26 21:46 - 00000000 ___DC () C:\Program Files\Bonjour 2015-01-22 15:38 - 2015-01-22 15:38 - 00000000 ____C () C:\Windows\SysWOW64\shoD692.tmp 2015-01-21 11:16 - 2015-01-27 10:38 - 00003336 ____C () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-348309450-1816809450-22596906-1001 2015-01-20 20:18 - 2015-01-20 20:18 - 00000000 ____C () C:\Windows\SysWOW64\sho97FF.tmp 2015-01-20 14:37 - 2015-01-20 14:37 - 00000000 ___DC () C:\Users\Default\AppData\Roaming\Real 2015-01-20 14:37 - 2015-01-20 14:37 - 00000000 ___DC () C:\Users\Default User\AppData\Roaming\Real 2015-01-14 12:43 - 2015-01-14 17:39 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 12:43 - 2015-01-14 17:38 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 12:43 - 2015-01-14 17:38 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 12:43 - 2015-01-14 17:38 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 12:43 - 2015-01-14 17:38 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-14 12:42 - 2015-01-14 17:38 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 12:37 - 2015-01-14 17:38 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 12:37 - 2015-01-14 17:38 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 12:37 - 2015-01-14 17:38 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 12:37 - 2015-01-14 17:38 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 12:37 - 2015-01-14 17:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 12:37 - 2015-01-14 17:38 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 12:37 - 2015-01-14 17:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-14 03:31 - 2015-01-14 03:31 - 00000000 ____C () C:\Windows\SysWOW64\sho72C1.tmp 2015-01-13 03:18 - 2015-01-13 03:18 - 00000000 ____C () C:\Windows\SysWOW64\shoD0BA.tmp 2015-01-12 09:28 - 2015-01-12 09:28 - 00000355 ____C () C:\Users\ms\Documents\Computer - Verknüpfung.lnk 2015-01-12 03:15 - 2015-01-12 03:15 - 00000000 ____C () C:\Windows\SysWOW64\sho83A.tmp 2015-01-11 19:31 - 2015-01-22 15:28 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\WiseUpdate 2015-01-11 04:32 - 2015-01-11 04:33 - 00000000 ___DC () C:\afd82bc8219b0339f691aaa3fe6fd92e 2015-01-11 03:24 - 2015-01-11 03:26 - 00000000 ___DC () C:\e3e395ec3b549020b4354be2 2015-01-11 03:02 - 2015-01-11 03:04 - 00000000 ___DC () C:\a7a4e9af4fb6ec59e01508676f96de14 2015-01-10 03:05 - 2015-01-10 03:07 - 00000000 ___DC () C:\9b07d5d3e7a75a14c52ebd91 2015-01-09 10:43 - 2015-01-09 13:43 - 00011469 _____ () C:\Users\ms\Documents\0109_Teilnehmerliste.xlsx 2015-01-09 10:30 - 2015-01-09 10:31 - 00011373 _____ () C:\Users\ms\Documents\0901_Teilnehmerliste.xlsx 2015-01-09 03:02 - 2015-01-09 03:04 - 00000000 ___DC () C:\ef4261d189143e43de74b3bcadaa0c02 2015-01-09 01:23 - 2015-01-09 10:29 - 00011194 _____ () C:\Users\ms\Documents\Teilnehmerliste.xlsx 2015-01-08 18:43 - 2015-01-27 12:13 - 00000000 ___DC () C:\AdwCleaner 2015-01-08 12:34 - 2015-01-08 12:36 - 00000000 ___DC () C:\5eaf4e3b1df9bcb06a140e7579e784 2015-01-08 04:41 - 2015-01-08 04:43 - 00000000 ___DC () C:\ba3d6355d0e7b2ea68e63b 2015-01-08 03:03 - 2015-01-08 03:06 - 00000000 ___DC () C:\80f37e2564837500be 2015-01-07 16:24 - 2015-01-07 16:27 - 00000000 ___DC () C:\43936e5f1939b65c5a6953e6 2015-01-07 01:08 - 2015-01-07 01:10 - 00000000 ___DC () C:\f514b1ffda68a3a96d5c0bb2cf7e 2015-01-06 15:29 - 2015-01-06 15:29 - 00000000 ____C () C:\Windows\SysWOW64\shoECC8.tmp 2015-01-06 15:27 - 2015-01-06 15:29 - 00000000 ___DC () C:\e5f8571611fc9eb03290b00b33c2 2015-01-06 06:17 - 2015-01-06 06:17 - 00000000 ____C () C:\Windows\SysWOW64\shoA273.tmp 2015-01-06 06:15 - 2015-01-06 06:16 - 00000000 ___DC () C:\bc62b273202b2a2d3ba54f361f 2015-01-06 05:49 - 2015-01-26 21:44 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Skype 2015-01-06 05:49 - 2015-01-06 05:49 - 00002699 ____C () C:\Users\Public\Desktop\Skype.lnk 2015-01-06 05:49 - 2015-01-06 05:49 - 00000000 __RDC () C:\Program Files (x86)\Skype 2015-01-06 05:49 - 2015-01-06 05:49 - 00000000 ___DC () C:\Users\ms\AppData\Local\Skype 2015-01-06 05:49 - 2015-01-06 05:49 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-01-06 05:48 - 2015-01-06 05:48 - 00000000 ___DC () C:\ProgramData\Skype 2015-01-06 05:44 - 2015-01-06 05:46 - 00000000 ___DC () C:\Users\ms\Downloads\skype 2015-01-06 05:28 - 2015-01-06 05:30 - 00000000 ___DC () C:\cb6b89e93d762edf5c06cdb5 2015-01-05 03:52 - 2015-01-05 03:55 - 00000000 ___DC () C:\1822221633495573b8 2015-01-04 03:55 - 2015-01-04 03:57 - 00000000 ___DC () C:\3e4c7b04819d2bc4d5487e9b1eb7fa 2015-01-03 12:23 - 2015-01-03 12:23 - 00000000 _SHDC () C:\Users\ms\AppData\Local\EmieBrowserModeList 2015-01-03 03:10 - 2015-01-03 03:12 - 00000000 ___DC () C:\1fb40d568f5ec3a269cf756119412132 2015-01-02 23:46 - 2015-01-02 23:48 - 00000000 ___DC () C:\ce32657ca2cf6f6ecca3390055143a 2015-01-02 23:42 - 2015-01-02 23:42 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\PC-FAX TX 2015-01-02 05:25 - 2015-01-02 05:27 - 00000000 ___DC () C:\5c40cdc0d5f45c5e97b658a30b 2015-01-01 22:28 - 2015-01-01 22:30 - 00000000 ___DC () C:\07b9b2972ba5c9f28ae22bbe00126a1f 2015-01-01 06:07 - 2015-01-01 06:09 - 00000000 ___DC () C:\220425c0a1578e921a9f67 2015-01-01 05:07 - 2015-01-01 05:07 - 00000000 ____C () C:\Windows\SysWOW64\shoFEA7.tmp 2015-01-01 05:05 - 2015-01-01 05:06 - 00000000 ___DC () C:\387e8b1d129a9244d6 2015-01-01 03:01 - 2015-01-01 03:03 - 00000000 ___DC () C:\805116f115698068b3 2014-12-31 19:11 - 2014-12-31 19:13 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\Wise Registry Cleaner 2014-12-31 15:55 - 2014-12-31 15:55 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\Macromedia 2014-12-31 15:55 - 2014-12-31 15:55 - 00000000 ___DC () C:\Users\Marina\AppData\Local\Macromedia 2014-12-31 15:53 - 2015-01-18 02:48 - 00008234 ____C () C:\Users\Marina\DesktopStCenter.txt 2014-12-31 15:53 - 2014-12-31 15:53 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\Mozilla 2014-12-31 15:53 - 2014-12-31 15:53 - 00000000 ___DC () C:\Users\Marina\AppData\Local\Mozilla 2014-12-31 15:17 - 2014-12-31 15:23 - 00000000 ___DC () C:\335610c6c8e09682eb6a797c 2014-12-31 05:11 - 2014-12-31 05:13 - 00000000 ___DC () C:\edb757e063a3858ad4cd8526b755 2014-12-30 16:36 - 2014-12-30 16:41 - 00000000 ___DC () C:\6e302748143f7779516b3c465ea39c 2014-12-30 03:01 - 2014-12-30 03:03 - 00000000 ___DC () C:\c180fbd747f888624503 2014-12-29 03:09 - 2014-12-29 03:09 - 00000000 ____C () C:\Windows\SysWOW64\sho969F.tmp 2014-12-29 03:01 - 2014-12-29 03:03 - 00000000 ___DC () C:\910e892608bbb1491958 2014-12-28 15:59 - 2014-12-28 16:02 - 00000000 ___DC () C:\b95da1f66e8c460f601d ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-27 11:07 - 2012-06-16 11:37 - 00000000 ___DC () C:\Users\ms\Downloads\Firefox 2015-01-27 10:44 - 2014-04-15 13:45 - 01731521 ____C () C:\Windows\WindowsUpdate.log 2015-01-27 10:42 - 2009-07-14 05:45 - 00021472 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-27 10:42 - 2009-07-14 05:45 - 00021472 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-27 10:39 - 2012-04-04 12:06 - 06897662 ____C () C:\Users\ms\DesktopStCenter.txt 2015-01-27 10:38 - 2014-04-27 20:05 - 00003196 ____C () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-348309450-1816809450-22596906-1001 2015-01-27 10:35 - 2009-07-14 06:08 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT 2015-01-27 10:34 - 2014-11-08 18:22 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-27 03:05 - 2012-04-04 12:07 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\FRITZ! 2015-01-26 22:36 - 2011-08-17 01:03 - 00045056 ____C () C:\Windows\system32\acovcnt.exe 2015-01-26 21:59 - 2011-11-10 10:24 - 00000000 ___DC () C:\Users\ms 2015-01-26 21:47 - 2014-02-26 22:53 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite 2015-01-26 21:47 - 2014-02-26 22:53 - 00000000 ___DC () C:\Users\Marina 2015-01-26 21:47 - 2013-04-02 15:58 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cornelsen 2015-01-26 21:47 - 2013-02-01 22:16 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter 2015-01-26 21:47 - 2013-01-02 00:15 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon 2015-01-26 21:47 - 2012-10-11 22:24 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-01-26 21:47 - 2012-09-05 08:13 - 00000000 ___DC () C:\Users\ms\Desktop\Computer-tools 2015-01-26 21:47 - 2012-09-04 15:23 - 00000000 ___DC () C:\Users\ms\Downloads\Brother 2015-01-26 21:47 - 2012-07-16 16:17 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CLC E-Learning Resource 2015-01-26 21:47 - 2012-07-06 23:54 - 00000000 ___DC () C:\Users\ms\Desktop\Deutsch 2015-01-26 21:47 - 2012-06-22 12:12 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Wise Registry Cleaner 2015-01-26 21:47 - 2012-06-22 12:12 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner 2015-01-26 21:47 - 2012-06-06 16:45 - 00000000 ___DC () C:\Users\ms\Documents\Audible 2015-01-26 21:47 - 2012-06-06 16:45 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager 2015-01-26 21:47 - 2012-05-12 15:32 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Segmenti 2015-01-26 21:47 - 2012-05-12 14:45 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puzzle! - Druckmaschine 2015-01-26 21:47 - 2012-05-06 20:55 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2015-01-26 21:47 - 2012-05-06 20:55 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graboid Video 2015-01-26 21:47 - 2012-03-20 16:46 - 00000000 ___DC () C:\Windows\System32\Tasks\Apple 2015-01-26 21:47 - 2012-03-20 16:46 - 00000000 ___DC () C:\Program Files (x86)\Apple Software Update 2015-01-26 21:47 - 2012-01-10 00:02 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2015-01-26 21:47 - 2011-11-26 22:02 - 00000000 ___DC () C:\Windows\system32\Macromed 2015-01-26 21:47 - 2011-11-17 23:06 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon 2015-01-26 21:47 - 2011-11-11 17:41 - 00000000 ___DC () C:\Program Files (x86)\Brother 2015-01-26 21:47 - 2011-11-10 18:48 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch) 2015-01-26 21:47 - 2011-11-10 10:24 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite 2015-01-26 21:47 - 2011-08-17 01:05 - 00000000 ___DC () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite 2015-01-26 21:47 - 2011-08-17 01:05 - 00000000 ___DC () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite 2015-01-26 21:47 - 2011-08-17 00:58 - 00000000 ___DC () C:\ProgramData\P4G 2015-01-26 21:47 - 2011-08-17 00:53 - 00000000 __RDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2015-01-26 21:47 - 2011-08-17 00:46 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility 2015-01-26 21:47 - 2011-04-09 19:58 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS 2015-01-26 21:47 - 2011-04-09 19:47 - 00000000 __RDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2015-01-26 21:47 - 2011-02-19 10:02 - 00000000 ___DC () C:\Windows\SysWOW64\XPSViewer 2015-01-26 21:47 - 2009-07-14 06:32 - 00000000 ___DC () C:\Program Files\Reference Assemblies 2015-01-26 21:47 - 2009-07-14 06:32 - 00000000 ___DC () C:\Program Files\MSBuild 2015-01-26 21:47 - 2009-07-14 06:32 - 00000000 ___DC () C:\Program Files (x86)\Reference Assemblies 2015-01-26 21:47 - 2009-07-14 06:32 - 00000000 ___DC () C:\Program Files (x86)\MSBuild 2015-01-26 21:47 - 2009-07-14 04:20 - 00000000 ___DC () C:\Windows\AppCompat 2015-01-26 21:47 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2015-01-26 21:46 - 2009-07-14 04:20 - 00000000 ___DC () C:\Windows\registration 2015-01-26 21:43 - 2014-11-06 16:02 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother 2015-01-26 21:43 - 2011-08-17 00:50 - 00000000 __HDC () C:\Program Files (x86)\InstallShield Installation Information 2015-01-23 05:52 - 2014-08-07 13:53 - 00000000 ___DC () C:\Users\ms\AppData\Local\Adobe 2015-01-22 21:12 - 2012-03-28 11:41 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Apple Computer 2015-01-22 20:04 - 2012-05-06 21:04 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\vlc 2015-01-22 17:12 - 2014-12-02 14:37 - 00000000 ____D () C:\found.001 2015-01-22 17:12 - 2014-12-01 14:23 - 00000000 ____D () C:\found.000 2015-01-22 08:10 - 2012-09-20 11:43 - 00701616 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-22 08:10 - 2012-06-24 08:45 - 00071344 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-20 15:50 - 2009-07-14 06:09 - 00000000 ___DC () C:\Windows\System32\Tasks\WPD 2015-01-20 14:37 - 2011-08-17 00:56 - 00120320 ____C () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-20 14:37 - 2011-08-17 00:56 - 00120320 ____C () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-20 14:37 - 2009-07-14 05:57 - 00001547 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-01-20 14:35 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-16 22:31 - 2014-02-26 22:54 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\FRITZ! 2015-01-15 09:17 - 2012-07-17 17:34 - 00000000 ___DC () C:\Users\ms\Documents\Wohnung 2015-01-14 17:38 - 2013-08-15 02:03 - 00000000 ___DC () C:\Windows\system32\MRT 2015-01-14 17:29 - 2011-11-11 16:07 - 113365784 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-14 16:18 - 2011-11-10 23:50 - 00004096 ____C () C:\Users\Public\Documents\00000044.LCS 2015-01-13 03:03 - 2011-11-10 12:34 - 01653160 ____C () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-01-13 03:03 - 2011-02-19 10:08 - 00721112 ____C () C:\Windows\system32\perfh007.dat 2015-01-13 03:03 - 2011-02-19 10:08 - 00158288 ____C () C:\Windows\system32\perfc007.dat 2015-01-13 03:03 - 2009-07-14 06:13 - 01653160 ____C () C:\Windows\system32\PerfStringBackup.INI 2015-01-12 19:55 - 2013-10-16 18:55 - 00000460 ____C () C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job 2015-01-10 12:01 - 2012-06-16 11:43 - 00000000 ___DC () C:\Users\ms\Downloads\Adobe 2015-01-10 10:38 - 2012-06-16 12:09 - 00000000 ___DC () C:\Users\ms\Downloads\Firefox_Bookmarks 2015-01-08 09:55 - 2012-05-03 14:18 - 00298120 ____C (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-01-06 06:19 - 2011-08-17 01:01 - 00001386 ____C () C:\Windows\system32\ServiceFilter.ini 2015-01-02 23:42 - 2012-12-20 12:15 - 00000778 ____C () C:\Windows\Brpfx04a.ini ==================== Files in the root of some directories ======= 2014-06-26 02:01 - 2014-06-26 02:01 - 6010880 ____C () C:\Program Files (x86)\GUT87B5.tmp 2012-07-29 17:01 - 2006-06-02 13:27 - 0017542 ____C () C:\Program Files\Common Files\Net4Switch.ico 2007-06-12 17:34 - 2007-06-12 17:34 - 0035822 ____C () C:\Program Files (x86)\Common Files\ASPG_icon.ico 2008-05-22 16:35 - 2008-05-22 16:35 - 0051962 ____C () C:\Program Files (x86)\Common Files\banner.jpg 2009-04-08 18:31 - 2009-04-08 18:31 - 0106496 ____C () C:\Program Files (x86)\Common Files\CPInstallAction.dll 2014-05-26 17:47 - 2003-03-21 11:45 - 0250544 ____C (KeyWorks Software) C:\Program Files (x86)\Common Files\keyhelp.ocx 2008-08-12 05:45 - 2008-08-12 05:45 - 0155648 ____C (ASUS) C:\Program Files (x86)\Common Files\MSIactionall.dll 2012-07-29 17:01 - 2006-06-02 13:27 - 0017542 ____C () C:\Program Files (x86)\Common Files\Net4Switch.ico 2014-11-05 10:35 - 2014-11-05 10:35 - 0000115 ____C () C:\Users\ms\AppData\Roaming\Camdata.ini 2014-11-05 10:35 - 2014-11-05 10:35 - 0000408 ____C () C:\Users\ms\AppData\Roaming\CamLayout.ini 2014-11-05 10:35 - 2014-11-05 10:35 - 0000408 ____C () C:\Users\ms\AppData\Roaming\CamShapes.ini 2014-11-05 10:35 - 2014-11-05 10:35 - 0004416 ____C () C:\Users\ms\AppData\Roaming\CamStudio.cfg 2011-04-09 19:59 - 2010-07-07 00:10 - 0131472 ____C () C:\ProgramData\FullRemove.exe 2011-08-17 01:05 - 2011-08-17 01:06 - 0000105 ____C () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2011-08-17 01:04 - 2011-08-17 01:05 - 0000107 ____C () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-26 10:17 ==================== End Of Log ============================ Geändert von moona (27.01.2015 um 13:40 Uhr) |
| Themen zu Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam |
| bericht, betriebssystem, browser, dateien, explorer, festgestellt, firefox, folge, google, internet, internet explorer, langsam, live, microsoft, microsoft essentials, mozilla, opera, ordner, pc sehr langsam, programm, programme, rojaner gefunden, scan, skyhunter, suche, systemwiederherstellung, trojaner, windows |
Baum-Darstellung