| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 7: Windows-Firewall blockiert Firefox-AnwendungenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.02.2015, 18:47
| #1 |
| |  Windows 7: Windows-Firewall blockiert Firefox-Anwendungen Hallo, bei mir ist heute eine Sache aufgetreten, die vorher noch nie passiert ist; da ich in letzter Zeit verstärkt Probleme mit meinem Notebook (v. a. deutliche Verlangsamung, gelegentliches Abstürzen etc.) aufgetreten sind, war damit endgültig der Rubikon überschritten. Nun aber endlich zum Vorkommnis: Nachdem ich an meinem Notebook gearbeitet hatte (u.a. war mein Firefox geöffnet), hab ich ne Pause gemacht und das Notebook zugeklappt und somit in den Ruhezustand geschickt. Beim Wiederaufklappen öffnete sich das angehängte Bild. Gemacht hatte ich vorher nichts, was m.W. diesen Vorgang verursacht haben könnte. Das Fenster habe ich geschlossen und sonst nichts gedrückt. Bin ich einfach paranoid? Oder könnte hinter dem Vorkommnis Malware stecken? Ich habe noch mehrere Logfiles, von denen ich nur drei im Text anfüge, da ansonsten die Zeichenmenge das Limit sprengt. (als Zip: GMER-Log) Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:05 on 26/02/2015 (Admin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01
Ran by Timo at 2015-02-26 15:08:42
Running from C:\Users\Timo\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
ABBYY FineReader 12 Professional (HKLM-x32\...\{F12000FE-0001-0000-0000-074957833700}) (Version: 12.1.426 - ABBYY Production LLC)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.5.0.11 - Swiss Academic Software)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.31 - Cliqz.com)
Core Temp 1.0 RC5 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4417 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-819639659-4150350305-585420797-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Easy File Share (HKLM-x32\...\{95BB7324-77D3-4BF3-8CF6-29F0857AC175}) (Version: 1.1.1699 - Samsung Electronics Co., Ltd.)
Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics Co., Ltd.)
Easy Software Manager (HKLM-x32\...\{DE256D8B-D971-456D-BC02-CB64DA24F115}) (Version: 1.1.16.14 - Samsung Electronics Co., Ltd.)
Easy Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.36 - Samsung)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung)
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
FeedReader (HKLM-x32\...\FeedReader_is1) (Version: - i-Systems Inc.)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.44.922 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.44.922 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Books Downloader version 2.5 (HKLM-x32\...\{216729B6-014A-F413-814F-F17F74FBA113}_is1) (Version: 2.5 - GBOOKSDOWNLOADER.COM)
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.15) (Version: 9.15 - Artifex Software Inc.)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
ICQ 8.2 (build 7138) (HKU\S-1-5-21-819639659-4150350305-585420797-1001\...\ICQ) (Version: 8.2.7138.0 - ICQ)
ImageMagick 6.8.9-6 Q16 (64-bit) (2014-08-15) (HKLM\...\ImageMagick 6.8.9 Q16 (64-bit)_is1) (Version: 6.8.9 - ImageMagick Studio LLC)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Juniper Networks Network Connect 7.1.0 (HKLM-x32\...\Juniper Network Connect 7.1.0) (Version: 7.1.0.19243 - Juniper Networks)
Juniper Networks Network Connect 7.1.14 (HKLM-x32\...\Juniper Network Connect 7.1.14) (Version: 7.1.14.23943 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-819639659-4150350305-585420797-1001\...\Juniper_Setup_Client) (Version: 7.1.17.41283 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LibreOffice 4.0 Help Pack (German) (HKLM-x32\...\{FE231FC3-A6F1-45D4-AE1B-C591610EBC32}) (Version: 4.0.5.2 - The Document Foundation)
LibreOffice 4.0.5.2 (HKLM-x32\...\{5B9C9486-4287-4621-8F9D-EC3EE622A82F}) (Version: 4.0.5.2 - The Document Foundation)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-819639659-4150350305-585420797-1001\...\OneDriveSetup.exe) (Version: 17.0.4029.0217 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 36.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 de)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 17.0.3 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 17.0.3 (x86 de)) (Version: 17.0.3 - Mozilla)
Multimedia POP (HKLM-x32\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.0 - )
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
Nero 11 InfoTool (HKLM-x32\...\{64BEF779-5053-48AF-A3D8-B70EBC1C70E7}) (Version: 11.0.00500 - Nero AG)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Opera 12.10 (HKLM\...\Opera 12.10.1652) (Version: 12.10.1652 - Opera Software ASA)
PDF24 Creator 5.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.206.0 - Tracker Software Products Ltd)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.6 - )
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime (HKLM-x32\...\QuickTime) (Version: - )
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6413 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_5 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_5 - Samsung Electronics Co., Ltd.) Hidden
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.5 - Samsung)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 4.04 (64-bit) (HKLM\...\Sandboxie) (Version: 4.04 - Sandboxie Holdings, LLC)
Secure Download Manager (HKLM-x32\...\{AA57D6F1-6360-4397-B2D9-B21C69863D97}) (Version: 3.1.0 - Kivuto Solutions Inc.)
SecureW2 EAP Suite 1.1.1 for Windows (HKLM-x32\...\SecureW2 EAP Suite) (Version: - )
Shockwave (HKLM-x32\...\Shockwave) (Version: - )
SketchUp 2013 (HKLM-x32\...\{2C0777B8-E91F-45AA-976B-7EB6B40E5400}) (Version: 13.0.4812 - Trimble Navigation Limited)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung)
Spotify (HKU\S-1-5-21-819639659-4150350305-585420797-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.7.0 - Synaptics Incorporated)
UnderCoverXP 1.23 (HKLM-x32\...\UnderCoverXP_is1) (Version: - Wicked & Wild Inc.)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.3 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled.
Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2013-07-21 09:44 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job =>
==================== Loaded Modules (whitelisted) ==============
2014-08-14 12:11 - 2014-07-02 21:48 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2012-10-29 00:57 - 2009-03-29 11:30 - 02058240 _____ () C:\Program Files (x86)\FeedReader30\feedreader.exe
2013-05-22 19:50 - 2013-05-22 19:50 - 00400704 _____ () C:\Users\Timo\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2011-07-21 06:51 - 2010-12-16 10:37 - 00094208 _____ () C:\windows\system32\IccLibDll_x64.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Timo\Desktop\WordPlaceholders_2015-02-17 21-49-02.bak:com.dropbox.attributes
AlternateDataStreams: C:\Users\Timo\Desktop\WordPlaceholders_2015-02-17 22-04-54.bak:com.dropbox.attributes
AlternateDataStreams: C:\Users\Timo\Desktop\[Citavi Backup] 02 Teil A (Dezember-Fassung) - TW -umgewandelte Felder 2015-02-17 21-49-02.docx:com.dropbox.attributes
AlternateDataStreams: C:\Users\Timo\Desktop\[Citavi Backup] 2015-02-17 - Teil B - umgewandelt 2015-02-17 22-04-54.docx:com.dropbox.attributes
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-819639659-4150350305-585420797-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 194.94.133.253 - 194.94.133.13
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: UMVPFSrv => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Bonus.SSR.FR12 => "C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: Vidalia => "C:\Program Files (x86)\Vidalia Bridge Bundle\Vidalia\vidalia.exe"
==================== Accounts: =============================
Admin (S-1-5-21-819639659-4150350305-585420797-1004 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-819639659-4150350305-585420797-500 - Administrator - Disabled)
Gast (S-1-5-21-819639659-4150350305-585420797-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-819639659-4150350305-585420797-1003 - Limited - Enabled)
Timo (S-1-5-21-819639659-4150350305-585420797-1001 - Limited - Enabled) => C:\Users\Timo
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/26/2015 03:01:26 PM) (Source: VSS) (EventID: 12298) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die E/A-Schreibvorgänge können während des Schattenkopie-Erstellungszeitraums auf Volume "C:\" nicht gespeichert werden.
Der Volumeindex im Schattenkopiesatz ist 0. Fehlerdetails: Offen[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Leerung[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Freigabe[0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
], Ausführung[0x00000000, Der Vorgang wurde erfolgreich beendet.
].
Vorgang:
Asynchroner Vorgang wird ausgeführt
Kontext:
Aktueller Status: DoSnapshotSet
Error: (02/26/2015 03:01:26 PM) (Source: VSS) (EventID: 12310) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die Schattenkopie kann nicht zugesichert werden - Vorgang hat das Zeitlimit überschritten.
Fehlerkontext: DeviceIoControl(\\?\Volume{97949846-3b3c-11e1-ab21-806e6f6e6963} - 0000000000000104,0x0053c010,000000000027C820,0,000000000027B810,4096,[0]).
Vorgang:
Schattenkopien werden übertragen
Kontext:
Ausführungskontext: System Provider
Error: (02/26/2015 03:01:25 PM) (Source: VSS) (EventID: 12298) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die E/A-Schreibvorgänge können während des Schattenkopie-Erstellungszeitraums auf Volume "C:\" nicht gespeichert werden.
Der Volumeindex im Schattenkopiesatz ist 0. Fehlerdetails: Offen[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Leerung[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Freigabe[0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
], Ausführung[0x00000000, Der Vorgang wurde erfolgreich beendet.
].
Vorgang:
Asynchroner Vorgang wird ausgeführt
Kontext:
Aktueller Status: DoSnapshotSet
Error: (02/26/2015 03:01:24 PM) (Source: VSS) (EventID: 12310) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die Schattenkopie kann nicht zugesichert werden - Vorgang hat das Zeitlimit überschritten.
Fehlerkontext: DeviceIoControl(\\?\Volume{97949846-3b3c-11e1-ab21-806e6f6e6963} - 000000000000013C,0x0053c010,00000000002797F0,0,000000000027A800,4096,[0]).
Vorgang:
Schattenkopien werden übertragen
Kontext:
Ausführungskontext: System Provider
Error: (02/26/2015 00:38:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SWMAgent.exe, Version: 1.1.16.14, Zeitstempel: 0x4e71639d
Name des fehlerhaften Moduls: SWMAgent.exe, Version: 1.1.16.14, Zeitstempel: 0x4e71639d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001fbe8
ID des fehlerhaften Prozesses: 0xeac
Startzeit der fehlerhaften Anwendung: 0xSWMAgent.exe0
Pfad der fehlerhaften Anwendung: SWMAgent.exe1
Pfad des fehlerhaften Moduls: SWMAgent.exe2
Berichtskennung: SWMAgent.exe3
Error: (02/26/2015 00:36:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/26/2015 00:35:28 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
Error: (02/26/2015 00:35:14 PM) (Source: SecureW2) (EventID: 1317) (User: )
Description: Unknown Function Failed
Error: (02/25/2015 09:58:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SWMAgent.exe, Version: 1.1.16.14, Zeitstempel: 0x4e71639d
Name des fehlerhaften Moduls: SWMAgent.exe, Version: 1.1.16.14, Zeitstempel: 0x4e71639d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001fbe8
ID des fehlerhaften Prozesses: 0xae0
Startzeit der fehlerhaften Anwendung: 0xSWMAgent.exe0
Pfad der fehlerhaften Anwendung: SWMAgent.exe1
Pfad des fehlerhaften Moduls: SWMAgent.exe2
Berichtskennung: SWMAgent.exe3
Error: (02/25/2015 09:56:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (02/26/2015 03:01:36 PM) (Source: volsnap) (EventID: 8) (User: )
Description: Das Zeitlimit für den Lösch- und Speicherschreibvorgang für Volume "C:" wurde beim Warten auf eine Schreibvorgangfreigabe überschritten.
Error: (02/26/2015 01:16:18 AM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: 0x80004004-1
Error: (02/25/2015 05:28:22 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 141.20.170.230
registriert werden. Der Computer mit IP-Adresse 141.20.170.152 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (02/25/2015 05:23:11 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 141.20.170.230
registriert werden. Der Computer mit IP-Adresse 141.20.170.152 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (02/25/2015 05:18:01 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 141.20.170.230
registriert werden. Der Computer mit IP-Adresse 141.20.170.152 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (02/25/2015 05:13:02 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 141.20.170.230
registriert werden. Der Computer mit IP-Adresse 141.20.170.152 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (02/25/2015 03:07:47 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "NINA-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{35EDC2EE-1A7C-46EC-9C97-1CC4CAE27B04}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (02/25/2015 02:00:28 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (02/24/2015 05:04:36 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "SCHALKE",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{35EDC2EE-1A7C-46EC-9C97-1CC4CAE27B04}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (02/24/2015 05:02:09 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst IPBusEnum erreicht.
Microsoft Office Sessions:
=========================
Error: (02/26/2015 03:01:26 PM) (Source: VSS) (EventID: 12298) (User: )
Description: C:\00x00000000, Der Vorgang wurde erfolgreich beendet.
0x00000000, Der Vorgang wurde erfolgreich beendet.
0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
0x00000000, Der Vorgang wurde erfolgreich beendet.
Vorgang:
Asynchroner Vorgang wird ausgeführt
Kontext:
Aktueller Status: DoSnapshotSet
Error: (02/26/2015 03:01:26 PM) (Source: VSS) (EventID: 12310) (User: )
Description: DeviceIoControl(\\?\Volume{97949846-3b3c-11e1-ab21-806e6f6e6963} - 0000000000000104,0x0053c010,000000000027C820,0,000000000027B810,4096,[0])
Vorgang:
Schattenkopien werden übertragen
Kontext:
Ausführungskontext: System Provider
Error: (02/26/2015 03:01:25 PM) (Source: VSS) (EventID: 12298) (User: )
Description: C:\00x00000000, Der Vorgang wurde erfolgreich beendet.
0x00000000, Der Vorgang wurde erfolgreich beendet.
0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
0x00000000, Der Vorgang wurde erfolgreich beendet.
Vorgang:
Asynchroner Vorgang wird ausgeführt
Kontext:
Aktueller Status: DoSnapshotSet
Error: (02/26/2015 03:01:24 PM) (Source: VSS) (EventID: 12310) (User: )
Description: DeviceIoControl(\\?\Volume{97949846-3b3c-11e1-ab21-806e6f6e6963} - 000000000000013C,0x0053c010,00000000002797F0,0,000000000027A800,4096,[0])
Vorgang:
Schattenkopien werden übertragen
Kontext:
Ausführungskontext: System Provider
Error: (02/26/2015 00:38:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SWMAgent.exe1.1.16.144e71639dSWMAgent.exe1.1.16.144e71639dc00000050001fbe8eac01d051b8b17c0e79C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exeC:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exef25e649a-bdab-11e4-8695-e8039aa11699
Error: (02/26/2015 00:36:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/26/2015 00:35:28 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
Error: (02/26/2015 00:35:14 PM) (Source: SecureW2) (EventID: 1317) (User: )
Description: Unknown Function Failed
Error: (02/25/2015 09:58:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SWMAgent.exe1.1.16.144e71639dSWMAgent.exe1.1.16.144e71639dc00000050001fbe8ae001d0513dce299890C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exeC:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe0e559456-bd31-11e4-b233-e8039aa11699
Error: (02/25/2015 09:56:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2013-08-04 00:50:28.875
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Admin\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-08-04 00:50:28.844
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Admin\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-08-04 00:50:28.766
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-08-04 00:50:28.735
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 29%
Total physical RAM: 8105.55 MB
Available physical RAM: 5732.52 MB
Total Pagefile: 16209.28 MB
Available Pagefile: 12754.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:271 GB) (Free:175.69 GB) NTFS
Drive d: () (Fixed) (Total:404.22 GB) (Free:237.52 GB) NTFS
==================== MBR & Partition Table ==================
==================== End Of Log ============================
FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by Timo (ATTENTION: The logged in user is not administrator) on TIMO-PC on 26-02-2015 15:07:34
Running from C:\Users\Timo\Desktop
Loaded Profiles: Timo & Admin (Available profiles: Timo & Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> svchost.exe
Failed to access process -> nvvsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> winlogon.exe
Failed to access process -> svchost.exe
Failed to access process -> SbieSvc.exe
Failed to access process -> svchost.exe
Failed to access process -> nvxdsync.exe
Failed to access process -> nvvsvc.exe
Failed to access process -> spoolsv.exe
Failed to access process -> sched.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> NetworkLicenseServer.exe
Failed to access process -> Eap3Host.exe
Failed to access process -> armsvc.exe
Failed to access process -> avguard.exe
Failed to access process -> officeclicktorun.exe
Failed to access process -> dsNcService.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> WLIDSVC.EXE
Failed to access process -> Avira.OE.ServiceHost.exe
Failed to access process -> WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\FeedReader30\feedreader.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
() C:\Users\Timo\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Spotify Ltd) C:\Users\Timo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
Failed to access process -> avshadow.exe
Failed to access process -> svchost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Dropbox, Inc.) C:\Users\Timo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
Failed to access process -> SearchIndexer.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
Failed to access process -> svchost.exe
Failed to access process -> LMS.exe
Failed to access process -> svchost.exe
Failed to access process -> wmpnetwk.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> UNS.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Swiss Academic Software) C:\Program Files (x86)\Citavi 4\bin\Citavi.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
Failed to access process -> svchost.exe
() C:\Program Files (x86)\Mozilla Firefox\updated\firefox.exe
Failed to access process -> avscan.exe
Failed to access process -> VSSVC.exe
Failed to access process -> svchost.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
Failed to access process -> taskeng.exe
() C:\Users\Timo\Desktop\Defogger.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> sppsvc.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> SearchFilterHost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2784552 2011-05-13] (Synaptics Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-819639659-4150350305-585420797-1001\...\Run: [feedreader.exe] => C:\Program Files (x86)\FeedReader30\feedreader.exe [2058240 2009-03-29] ()
HKU\S-1-5-21-819639659-4150350305-585420797-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759384 2013-07-08] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-819639659-4150350305-585420797-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Timo\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-819639659-4150350305-585420797-1001\...\Run: [icq] => C:\Users\Timo\AppData\Roaming\ICQM\icq.exe [35239432 2014-12-12] (ICQ)
HKU\S-1-5-21-819639659-4150350305-585420797-1001\...\Run: [Spotify Web Helper] => C:\Users\Timo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-02-23] (Spotify Ltd)
HKU\S-1-5-21-819639659-4150350305-585420797-1001\...\MountPoints2: {68b47204-083e-11e4-b31e-e8039aa11699} - G:\Startme.exe
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
Startup: C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Timo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Timo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Timo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Timo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Timo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Timo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Timo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Timo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Timo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Timo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Timo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Timo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Timo\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-819639659-4150350305-585420797-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
HKU\S-1-5-21-819639659-4150350305-585420797-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
URLSearchHook: [S-1-5-21-819639659-4150350305-585420797-1004] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll No File
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll No File
DPF: HKLM-x32 {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} hxxp://ax.emsisoft.com/emsisoft_webscan.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 194.94.133.253 194.94.133.13
FireFox:
========
FF ProfilePath: C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\gmwm9fm1.default-1385935033880
FF SelectedSearchEngine: DuckDuckGo
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-819639659-4150350305-585420797-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll (Macromedia, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Computer, Inc.)
FF SearchPlugin: C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\gmwm9fm1.default-1385935033880\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\gmwm9fm1.default-1385935033880\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\gmwm9fm1.default-1385935033880\searchplugins\ixquick-https.xml
FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\gmwm9fm1.default-1385935033880\Extensions\donottrackplus@abine.com [2014-11-22]
FF Extension: Ghostery - C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\gmwm9fm1.default-1385935033880\Extensions\firefox@ghostery.com.xpi [2013-12-29]
FF Extension: ProxTube - C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\gmwm9fm1.default-1385935033880\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: DuckDuckGo Plus - C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\gmwm9fm1.default-1385935033880\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2013-12-29]
FF Extension: Adblock Plus - C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\gmwm9fm1.default-1385935033880\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-01]
FF Extension: BetterPrivacy - C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\gmwm9fm1.default-1385935033880\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-07-15]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
Opera:
=======
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ABBYY.Licensing.FineReader.Professional.12.0; C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe [961744 2014-07-13] (ABBYY Production LLC)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [21504 2011-03-01] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [21504 2011-03-01] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [21504 2011-03-01] (Microsoft Corporation)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [183896 2013-07-08] (Sandboxie Holdings, LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-14] (Avira Operations GmbH & Co. KG)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-04-10] (Windows (R) 2003 DDK 3790 provider)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [199384 2013-07-08] (Sandboxie Holdings, LLC)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
S3 ALSysIO; \??\C:\Users\Admin\AppData\Local\Temp\ALSysIO64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-26 15:07 - 2015-02-26 15:08 - 00022555 _____ () C:\Users\Timo\Desktop\FRST.txt
2015-02-26 15:07 - 2015-02-26 15:07 - 02087936 _____ (Farbar) C:\Users\Timo\Desktop\FRST64.exe
2015-02-26 15:05 - 2015-02-26 15:05 - 00000472 _____ () C:\Users\Timo\Desktop\defogger_disable.log
2015-02-26 15:05 - 2015-02-26 15:05 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2015-02-26 15:04 - 2015-02-26 15:04 - 00050477 _____ () C:\Users\Timo\Desktop\Defogger.exe
2015-02-26 15:00 - 2015-02-26 15:00 - 00050477 _____ () C:\Users\Timo\Downloads\SpotifySetup.exe
2015-02-26 10:14 - 2015-02-26 10:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-25 21:04 - 2015-01-09 00:44 - 00419936 _____ () C:\windows\SysWOW64\locale.nls
2015-02-25 21:04 - 2015-01-09 00:43 - 00419936 _____ () C:\windows\system32\locale.nls
2015-02-23 23:48 - 2015-02-25 22:00 - 00000000 ____D () C:\Users\Timo\AppData\Local\Spotify
2015-02-23 23:48 - 2015-02-23 23:48 - 00001799 _____ () C:\Users\Timo\Desktop\Spotify.lnk
2015-02-23 23:48 - 2015-02-23 23:48 - 00001785 _____ () C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-02-23 23:47 - 2015-02-26 00:44 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\Spotify
2015-02-23 23:38 - 2015-02-26 15:03 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-23 23:38 - 2015-02-23 23:38 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-23 23:38 - 2015-02-23 23:38 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-17 22:04 - 2015-02-17 22:04 - 00447698 _____ () C:\Users\Timo\Desktop\WordPlaceholders_2015-02-17 22-04-54.bak
2015-02-17 21:49 - 2015-02-17 21:49 - 00038896 _____ () C:\Users\Timo\Desktop\WordPlaceholders_2015-02-17 21-49-02.bak
2015-02-14 14:40 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-02-14 14:40 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-02-14 14:40 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-02-14 14:40 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2015-02-13 17:53 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-13 17:53 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-13 17:53 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-02-13 17:53 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-02-11 14:43 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-02-11 14:43 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-02-11 14:43 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-02-11 14:43 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-02-11 14:43 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-02-11 14:43 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-02-11 14:43 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-02-11 14:43 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-02-11 14:43 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-11 14:43 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-02-11 14:43 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-11 14:43 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-02-11 14:43 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-02-11 14:43 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-02-11 14:43 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-02-11 14:43 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-02-11 14:43 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-02-11 14:43 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-02-11 14:43 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-02-11 14:43 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 14:43 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-02-11 14:43 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-02-11 14:43 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-02-11 14:43 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-11 14:43 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-02-11 14:43 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-02-11 14:43 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-02-11 14:43 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-02-11 14:43 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-02-11 14:43 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-11 14:43 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-11 14:43 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-02-11 14:43 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 14:43 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-02-11 14:43 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-02-11 14:43 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-02-11 14:43 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-02-11 14:43 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-02-11 14:43 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-11 14:43 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-11 14:43 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-02-11 14:43 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-02-11 14:43 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-02-11 14:43 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-11 14:43 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-02-11 14:43 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-02-11 14:43 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-02-11 14:43 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-02-11 14:43 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-02-11 14:43 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-02-11 14:43 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-02-11 14:43 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-02-11 14:43 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-02-11 14:43 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-02-11 14:43 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-02-11 14:43 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-02-11 14:43 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-02-11 14:43 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-02-11 14:43 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-02-11 14:43 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2015-02-11 14:42 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-11 14:42 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-11 14:42 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-11 14:42 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-11 14:42 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-11 14:42 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-11 14:42 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-11 14:42 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-11 14:42 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-11 14:42 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-11 14:42 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-11 14:42 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-02-11 14:42 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-02-11 14:42 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-02-11 14:42 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-02-11 14:42 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-02-11 14:42 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-02-11 14:42 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-11 14:42 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-11 14:42 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-02-11 14:42 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-11 14:42 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-11 14:42 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-11 14:42 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-11 14:42 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-11 14:42 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-11 14:42 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-11 14:42 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-11 14:42 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-02-11 14:42 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-02-11 14:42 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-11 14:42 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-11 14:42 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-02-11 14:42 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-11 14:42 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-02-11 14:42 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-11 14:42 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-02-11 14:42 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-02-11 14:41 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-02-11 14:41 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-02-11 14:41 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-11 14:41 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-02-11 14:40 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-11 14:40 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-02-11 14:40 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-02-11 14:40 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-02-11 14:40 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-02-11 14:40 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-02-11 14:40 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-02-11 14:40 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-11 14:40 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-02-11 14:39 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-02 18:20 - 2015-02-02 18:20 - 00004074 _____ () C:\Users\Timo\AppData\Local\recently-used.xbel
2015-01-29 17:07 - 2015-01-29 17:13 - 81307064 _____ (Swiss Academic Software) C:\Users\Timo\Downloads\Citavi4Setup.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-26 15:07 - 2013-11-11 02:00 - 00000000 ____D () C:\FRST
2015-02-26 15:05 - 2013-02-12 20:59 - 00000000 ____D () C:\Users\Admin
2015-02-26 14:47 - 2012-01-10 04:42 - 01707250 _____ () C:\windows\WindowsUpdate.log
2015-02-26 13:04 - 2012-10-12 19:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-26 12:42 - 2009-07-14 05:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-26 12:42 - 2009-07-14 05:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-26 12:38 - 2013-04-09 15:17 - 00000000 ____D () C:\Users\Timo\Documents\Citavi 4
2015-02-26 12:37 - 2014-02-05 12:40 - 00000000 ___RD () C:\Users\Timo\Dropbox
2015-02-26 12:37 - 2014-02-05 12:38 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\Dropbox
2015-02-26 12:35 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-26 12:35 - 2009-07-14 05:51 - 00165451 _____ () C:\windows\setupact.log
2015-02-25 21:01 - 2012-10-26 18:46 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\Swiss Academic Software
2015-02-25 10:53 - 2010-11-21 04:47 - 00615112 _____ () C:\windows\PFRO.log
2015-02-24 20:28 - 2013-07-07 18:27 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-24 14:46 - 2012-01-10 04:13 - 00699666 _____ () C:\windows\system32\perfh007.dat
2015-02-24 14:46 - 2012-01-10 04:13 - 00149774 _____ () C:\windows\system32\perfc007.dat
2015-02-24 14:46 - 2009-07-14 06:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-23 23:44 - 2013-02-23 22:04 - 00001570 _____ () C:\windows\Sandboxie.ini
2015-02-23 02:13 - 2013-09-10 09:31 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\tor
2015-02-15 00:55 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2015-02-14 13:26 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-02-13 20:31 - 2014-02-05 12:40 - 00001013 _____ () C:\Users\Timo\Desktop\Dropbox.lnk
2015-02-13 20:31 - 2014-02-05 12:39 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-13 19:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-12 15:38 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2015-02-12 14:41 - 2009-07-14 05:45 - 00394776 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-12 14:38 - 2014-12-10 03:21 - 00000000 ____D () C:\windows\system32\appraiser
2015-02-12 14:38 - 2014-05-06 22:34 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-02-12 14:37 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\tracing
2015-02-12 08:03 - 2013-08-05 12:47 - 00000000 ____D () C:\windows\system32\MRT
2015-02-12 07:59 - 2012-10-13 07:26 - 116773704 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-02-10 22:46 - 2014-08-17 10:48 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-10 22:46 - 2012-10-12 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-10 22:46 - 2012-10-12 14:25 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-05 15:28 - 2009-07-14 06:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-02-02 18:32 - 2012-12-29 14:04 - 00000000 ____D () C:\Users\Timo\.gimp-2.8
2015-02-02 18:20 - 2014-08-05 15:24 - 00000000 ____D () C:\Users\Timo\AppData\Local\gtk-2.0
2015-01-29 17:43 - 2013-07-15 21:49 - 00001909 _____ () C:\Users\Public\Desktop\Citavi 4.lnk
2015-01-29 17:43 - 2013-07-15 21:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 4
2015-01-29 17:43 - 2012-10-26 18:40 - 00000000 ____D () C:\ProgramData\Swiss Academic Software
==================== Files in the root of some directories =======
2013-11-10 18:55 - 2014-08-14 21:17 - 0008704 _____ () C:\Users\Timo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-02 18:20 - 2015-02-02 18:20 - 0004074 _____ () C:\Users\Timo\AppData\Local\recently-used.xbel
2012-01-09 13:08 - 2012-01-09 13:09 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-01-09 13:01 - 2012-01-09 13:03 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2012-01-09 13:06 - 2012-01-09 13:07 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-01-09 13:03 - 2012-01-09 13:06 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2012-01-09 13:07 - 2012-01-09 13:08 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
Files to move or delete:
====================
C:\Users\Timo\gimp-2.8.10-setup.exe
C:\Users\Timo\ImageMagick-6.8.9-6-Q16-x64-dll.exe
Some content of TEMP:
====================
C:\Users\Timo\AppData\Local\Temp\3ezlg3hg.dll
C:\Users\Timo\AppData\Local\Temp\AdbeRdr1013_de_DE.exe
C:\Users\Timo\AppData\Local\Temp\AskSLib.dll
C:\Users\Timo\AppData\Local\Temp\avgnt.exe
C:\Users\Timo\AppData\Local\Temp\bq3ig2ss.dll
C:\Users\Timo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplvdtha.dll
C:\Users\Timo\AppData\Local\Temp\fto0deuc.dll
C:\Users\Timo\AppData\Local\Temp\golq5mfe.dll
C:\Users\Timo\AppData\Local\Temp\gytztds1.dll
C:\Users\Timo\AppData\Local\Temp\hht13fn4.dll
C:\Users\Timo\AppData\Local\Temp\hmk5ekyf.dll
C:\Users\Timo\AppData\Local\Temp\jbmh5nrd.dll
C:\Users\Timo\AppData\Local\Temp\jn14jmpr.dll
C:\Users\Timo\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Timo\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Timo\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Timo\AppData\Local\Temp\lxmrzlvh.dll
C:\Users\Timo\AppData\Local\Temp\mb2vmkum.dll
C:\Users\Timo\AppData\Local\Temp\mdypm5sc.dll
C:\Users\Timo\AppData\Local\Temp\meqjny0w.dll
C:\Users\Timo\AppData\Local\Temp\mhdvb1al.dll
C:\Users\Timo\AppData\Local\Temp\nceqmlnj.dll
C:\Users\Timo\AppData\Local\Temp\neoNCSetup64.exe
C:\Users\Timo\AppData\Local\Temp\nlykh2m5.dll
C:\Users\Timo\AppData\Local\Temp\orzs2vgz.dll
C:\Users\Timo\AppData\Local\Temp\s5rxq4hu.dll
C:\Users\Timo\AppData\Local\Temp\SandboxieInstall.exe
C:\Users\Timo\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Timo\AppData\Local\Temp\uiupdlvu.dll
C:\Users\Timo\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Timo\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Timo\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Timo\AppData\Local\Temp\WZCPlugin_VISTA.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- Mein Antivir meldet keine Funde. Vielen lieben Dank für Eure Hilfe schon mal im Voraus! Elvis P. Geändert von Elvis P. (26.02.2015 um 19:00 Uhr) |
|
26.02.2015, 19:06
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: Windows-Firewall blockiert Firefox-Anwendungen hi,
__________________FRST bitte nochmal, unsere Tools brauchen immer Adminrechte.
__________________ |
|
01.03.2015, 11:58
| #3 |
| | FRST Sorry, hier noch mal der Scan vom anderen Benutzerkonto aus:
__________________FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by Admin (administrator) on TIMO-PC on 01-03-2015 11:44:20
Running from C:\Users\Admin\Desktop
Loaded Profiles: Timo & Admin (Available profiles: Timo & Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY Production LLC) C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\FeedReader30\feedreader.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Spotify Ltd) C:\Users\Timo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Dropbox, Inc.) C:\Users\Timo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Samsung) C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Samsung) C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2784552 2011-05-13] (Synaptics Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-819639659-4150350305-585420797-1001\...\Run: [feedreader.exe] => C:\Program Files (x86)\FeedReader30\feedreader.exe [2058240 2009-03-29] ()
HKU\S-1-5-21-819639659-4150350305-585420797-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759384 2013-07-08] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-819639659-4150350305-585420797-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Timo\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-819639659-4150350305-585420797-1001\...\Run: [icq] => C:\Users\Timo\AppData\Roaming\ICQM\icq.exe [35239432 2014-12-12] (ICQ)
HKU\S-1-5-21-819639659-4150350305-585420797-1001\...\Run: [Spotify Web Helper] => C:\Users\Timo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-02-23] (Spotify Ltd)
HKU\S-1-5-21-819639659-4150350305-585420797-1001\...\MountPoints2: {68b47204-083e-11e4-b31e-e8039aa11699} - G:\Startme.exe
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
Startup: C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Timo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Timo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Timo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Timo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-819639659-4150350305-585420797-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
HKU\S-1-5-21-819639659-4150350305-585420797-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
HKU\S-1-5-21-819639659-4150350305-585420797-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
HKU\S-1-5-21-819639659-4150350305-585420797-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll No File
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll No File
DPF: HKLM-x32 {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} hxxp://ax.emsisoft.com/emsisoft_webscan.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ldha8x22.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-819639659-4150350305-585420797-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll (Macromedia, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Computer, Inc.)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ldha8x22.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ldha8x22.default\searchplugins\google-maps.xml
FF Extension: Cliqz Beta - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ldha8x22.default\Extensions\cliqz@cliqz.com [2014-11-08]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-07-15]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF HKU\S-1-5-21-819639659-4150350305-585420797-1004\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF HKU\S-1-5-21-819639659-4150350305-585420797-1004\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ldha8x22.default\extensions\cliqz@cliqz.com
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
Opera:
=======
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ABBYY.Licensing.FineReader.Professional.12.0; C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe [961744 2014-07-13] (ABBYY Production LLC)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [183896 2013-07-08] (Sandboxie Holdings, LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-14] (Avira Operations GmbH & Co. KG)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-04-10] (Windows (R) 2003 DDK 3790 provider)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [199384 2013-07-08] (Sandboxie Holdings, LLC)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
S3 ALSysIO; \??\C:\Users\Admin\AppData\Local\Temp\ALSysIO64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-01 11:44 - 2015-03-01 11:45 - 00020816 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-02-26 18:56 - 2015-02-26 18:56 - 00006631 _____ () C:\Users\Timo\Desktop\Gmer.zip
2015-02-26 18:54 - 2015-02-26 18:54 - 01182149 _____ () C:\Users\Timo\Desktop\7z936.exe
2015-02-26 15:24 - 2015-02-26 15:43 - 00131763 _____ () C:\Users\Timo\Desktop\Gmer.txt
2015-02-26 15:12 - 2015-02-26 15:12 - 00380416 _____ () C:\Users\Timo\Desktop\Gmer-19357.exe
2015-02-26 15:08 - 2015-02-26 15:08 - 00033730 _____ () C:\Users\Timo\Desktop\Addition.txt
2015-02-26 15:07 - 2015-02-26 15:08 - 00045841 _____ () C:\Users\Timo\Desktop\FRST.txt
2015-02-26 15:07 - 2015-02-26 15:07 - 02087936 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2015-02-26 15:05 - 2015-02-26 15:05 - 00000472 _____ () C:\Users\Timo\Desktop\defogger_disable.log
2015-02-26 15:05 - 2015-02-26 15:05 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2015-02-26 15:04 - 2015-02-26 15:04 - 00050477 _____ () C:\Users\Timo\Desktop\Defogger.exe
2015-02-26 15:00 - 2015-02-26 15:00 - 00050477 _____ () C:\Users\Timo\Downloads\SpotifySetup.exe
2015-02-26 10:14 - 2015-02-26 10:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-25 21:04 - 2015-01-09 00:44 - 00419936 _____ () C:\windows\SysWOW64\locale.nls
2015-02-25 21:04 - 2015-01-09 00:43 - 00419936 _____ () C:\windows\system32\locale.nls
2015-02-23 23:48 - 2015-02-28 09:52 - 00000000 ____D () C:\Users\Timo\AppData\Local\Spotify
2015-02-23 23:48 - 2015-02-23 23:48 - 00001799 _____ () C:\Users\Timo\Desktop\Spotify.lnk
2015-02-23 23:48 - 2015-02-23 23:48 - 00001785 _____ () C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-02-23 23:47 - 2015-02-28 11:16 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\Spotify
2015-02-23 23:38 - 2015-03-01 00:03 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-23 23:38 - 2015-02-23 23:38 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-23 23:38 - 2015-02-23 23:38 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-23 23:38 - 2015-02-23 23:38 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-17 22:04 - 2015-02-17 22:04 - 00447698 _____ () C:\Users\Timo\Desktop\WordPlaceholders_2015-02-17 22-04-54.bak
2015-02-17 21:49 - 2015-02-17 21:49 - 00038896 _____ () C:\Users\Timo\Desktop\WordPlaceholders_2015-02-17 21-49-02.bak
2015-02-14 14:40 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-02-14 14:40 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-02-14 14:40 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-02-14 14:40 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2015-02-13 17:53 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-13 17:53 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-13 17:53 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-02-13 17:53 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-02-11 14:43 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-02-11 14:43 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-02-11 14:43 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-02-11 14:43 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-02-11 14:43 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-02-11 14:43 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-02-11 14:43 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-02-11 14:43 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-02-11 14:43 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-11 14:43 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-02-11 14:43 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-11 14:43 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-02-11 14:43 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-02-11 14:43 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-02-11 14:43 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-02-11 14:43 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-02-11 14:43 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-02-11 14:43 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-02-11 14:43 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-02-11 14:43 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 14:43 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-02-11 14:43 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-02-11 14:43 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-02-11 14:43 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-11 14:43 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-02-11 14:43 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-02-11 14:43 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-02-11 14:43 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-02-11 14:43 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-02-11 14:43 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-11 14:43 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-11 14:43 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-02-11 14:43 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 14:43 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-02-11 14:43 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-02-11 14:43 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-02-11 14:43 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-02-11 14:43 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-02-11 14:43 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-11 14:43 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-11 14:43 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-02-11 14:43 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-02-11 14:43 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-02-11 14:43 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-11 14:43 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-02-11 14:43 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-02-11 14:43 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-02-11 14:43 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-02-11 14:43 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-02-11 14:43 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-02-11 14:43 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-02-11 14:43 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-02-11 14:43 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-02-11 14:43 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-02-11 14:43 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-02-11 14:43 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-02-11 14:43 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-02-11 14:43 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-02-11 14:43 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-02-11 14:43 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2015-02-11 14:42 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-11 14:42 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-11 14:42 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-11 14:42 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-11 14:42 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-11 14:42 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-11 14:42 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-11 14:42 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-11 14:42 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-11 14:42 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-11 14:42 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-11 14:42 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-02-11 14:42 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-02-11 14:42 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-02-11 14:42 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-02-11 14:42 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-02-11 14:42 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-02-11 14:42 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-11 14:42 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-11 14:42 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-02-11 14:42 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-11 14:42 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-11 14:42 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-11 14:42 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-11 14:42 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-11 14:42 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-11 14:42 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-11 14:42 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-11 14:42 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-02-11 14:42 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-02-11 14:42 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-11 14:42 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-11 14:42 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-02-11 14:42 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-11 14:42 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-02-11 14:42 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-11 14:42 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-02-11 14:42 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-02-11 14:41 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-02-11 14:41 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-02-11 14:41 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-11 14:41 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-02-11 14:40 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-11 14:40 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-02-11 14:40 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-02-11 14:40 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-02-11 14:40 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-02-11 14:40 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-02-11 14:40 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-02-11 14:40 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-11 14:40 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-02-11 14:39 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-02 18:20 - 2015-02-02 18:20 - 00004074 _____ () C:\Users\Timo\AppData\Local\recently-used.xbel
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-01 11:44 - 2013-11-11 02:00 - 00000000 ____D () C:\FRST
2015-03-01 11:44 - 2009-07-14 05:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-01 11:44 - 2009-07-14 05:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-01 11:38 - 2014-01-29 23:24 - 00005128 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Timo-PC-Timo Timo-PC
2015-03-01 11:36 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-01 11:36 - 2009-07-14 05:51 - 00165731 _____ () C:\windows\setupact.log
2015-03-01 00:11 - 2012-01-10 04:42 - 01853609 _____ () C:\windows\WindowsUpdate.log
2015-02-28 20:36 - 2014-02-05 12:40 - 00000000 ___RD () C:\Users\Timo\Dropbox
2015-02-28 20:36 - 2014-02-05 12:38 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\Dropbox
2015-02-28 17:46 - 2012-01-10 04:13 - 00699666 _____ () C:\windows\system32\perfh007.dat
2015-02-28 17:46 - 2012-01-10 04:13 - 00149774 _____ () C:\windows\system32\perfc007.dat
2015-02-28 17:46 - 2009-07-14 06:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-28 17:44 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2015-02-28 16:41 - 2013-04-09 15:17 - 00000000 ____D () C:\Users\Timo\Documents\Citavi 4
2015-02-26 15:27 - 2012-10-12 19:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-26 15:05 - 2013-02-12 20:59 - 00000000 ____D () C:\Users\Admin
2015-02-25 21:01 - 2012-10-26 18:46 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\Swiss Academic Software
2015-02-25 10:53 - 2010-11-21 04:47 - 00615112 _____ () C:\windows\PFRO.log
2015-02-24 20:28 - 2013-07-07 18:27 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-23 23:44 - 2013-02-23 22:04 - 00001570 _____ () C:\windows\Sandboxie.ini
2015-02-23 23:38 - 2014-10-17 14:35 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2015-02-23 02:13 - 2013-09-10 09:31 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\tor
2015-02-15 00:55 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2015-02-14 13:26 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-02-13 20:31 - 2014-02-05 12:40 - 00001013 _____ () C:\Users\Timo\Desktop\Dropbox.lnk
2015-02-13 20:31 - 2014-02-05 12:39 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-13 19:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-12 14:41 - 2009-07-14 05:45 - 00394776 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-12 14:38 - 2014-12-10 03:21 - 00000000 ____D () C:\windows\system32\appraiser
2015-02-12 14:38 - 2014-05-06 22:34 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-02-12 14:37 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\tracing
2015-02-12 08:03 - 2013-08-05 12:47 - 00000000 ____D () C:\windows\system32\MRT
2015-02-12 07:59 - 2012-10-13 07:26 - 116773704 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-02-10 22:46 - 2014-08-17 10:48 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-10 22:46 - 2012-10-12 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-10 22:46 - 2012-10-12 14:25 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-05 15:28 - 2009-07-14 06:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-02-02 18:32 - 2012-12-29 14:04 - 00000000 ____D () C:\Users\Timo\.gimp-2.8
2015-02-02 18:20 - 2014-08-05 15:24 - 00000000 ____D () C:\Users\Timo\AppData\Local\gtk-2.0
==================== Files in the root of some directories =======
2013-07-30 08:21 - 2013-07-30 08:21 - 0001424 _____ () C:\Users\Admin\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
2013-04-21 23:29 - 2013-08-02 15:15 - 0007641 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2012-01-09 13:08 - 2012-01-09 13:09 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-01-09 13:01 - 2012-01-09 13:03 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2012-01-09 13:06 - 2012-01-09 13:07 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-01-09 13:03 - 2012-01-09 13:06 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2012-01-09 13:07 - 2012-01-09 13:08 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
Files to move or delete:
====================
C:\Users\Timo\gimp-2.8.10-setup.exe
C:\Users\Timo\ImageMagick-6.8.9-6-Q16-x64-dll.exe
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\avgnt.exe
C:\Users\Admin\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih.exe
C:\Users\Admin\AppData\Local\Temp\iv_uninstall.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\neoNCSetup64.exe
C:\Users\Admin\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Admin\AppData\Local\Temp\ose00000.exe
C:\Users\Admin\AppData\Local\Temp\ose00001.exe
C:\Users\Admin\AppData\Local\Temp\ose00002.exe
C:\Users\Admin\AppData\Local\Temp\ose00003.exe
C:\Users\Admin\AppData\Local\Temp\ose00004.exe
C:\Users\Admin\AppData\Local\Temp\ose00005.exe
C:\Users\Admin\AppData\Local\Temp\ose00006.exe
C:\Users\Admin\AppData\Local\Temp\WZCPlugin_Vista.exe
C:\Users\Timo\AppData\Local\Temp\3ezlg3hg.dll
C:\Users\Timo\AppData\Local\Temp\AdbeRdr1013_de_DE.exe
C:\Users\Timo\AppData\Local\Temp\AskSLib.dll
C:\Users\Timo\AppData\Local\Temp\avgnt.exe
C:\Users\Timo\AppData\Local\Temp\bq3ig2ss.dll
C:\Users\Timo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmaaqfd.dll
C:\Users\Timo\AppData\Local\Temp\fto0deuc.dll
C:\Users\Timo\AppData\Local\Temp\golq5mfe.dll
C:\Users\Timo\AppData\Local\Temp\gytztds1.dll
C:\Users\Timo\AppData\Local\Temp\hht13fn4.dll
C:\Users\Timo\AppData\Local\Temp\hmk5ekyf.dll
C:\Users\Timo\AppData\Local\Temp\jbmh5nrd.dll
C:\Users\Timo\AppData\Local\Temp\jn14jmpr.dll
C:\Users\Timo\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Timo\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Timo\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Timo\AppData\Local\Temp\lxmrzlvh.dll
C:\Users\Timo\AppData\Local\Temp\mb2vmkum.dll
C:\Users\Timo\AppData\Local\Temp\mdypm5sc.dll
C:\Users\Timo\AppData\Local\Temp\meqjny0w.dll
C:\Users\Timo\AppData\Local\Temp\mhdvb1al.dll
C:\Users\Timo\AppData\Local\Temp\nceqmlnj.dll
C:\Users\Timo\AppData\Local\Temp\neoNCSetup64.exe
C:\Users\Timo\AppData\Local\Temp\nlykh2m5.dll
C:\Users\Timo\AppData\Local\Temp\orzs2vgz.dll
C:\Users\Timo\AppData\Local\Temp\s5rxq4hu.dll
C:\Users\Timo\AppData\Local\Temp\SandboxieInstall.exe
C:\Users\Timo\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Timo\AppData\Local\Temp\uiupdlvu.dll
C:\Users\Timo\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Timo\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Timo\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\Timo\AppData\Local\Temp\WZCPlugin_VISTA.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-23 01:34
==================== End Of Log ============================
--- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01
Ran by Admin at 2015-03-01 11:45:33
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
7-Zip 9.36 beta (HKLM-x32\...\7-Zip) (Version: - )
ABBYY FineReader 12 Professional (HKLM-x32\...\{F12000FE-0001-0000-0000-074957833700}) (Version: 12.1.426 - ABBYY Production LLC)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.5.0.11 - Swiss Academic Software)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.31 - Cliqz.com)
Core Temp 1.0 RC5 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4417 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-819639659-4150350305-585420797-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Easy File Share (HKLM-x32\...\{95BB7324-77D3-4BF3-8CF6-29F0857AC175}) (Version: 1.1.1699 - Samsung Electronics Co., Ltd.)
Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics Co., Ltd.)
Easy Software Manager (HKLM-x32\...\{DE256D8B-D971-456D-BC02-CB64DA24F115}) (Version: 1.1.16.14 - Samsung Electronics Co., Ltd.)
Easy Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.36 - Samsung)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung)
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
FeedReader (HKLM-x32\...\FeedReader_is1) (Version: - i-Systems Inc.)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.44.922 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.44.922 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Books Downloader version 2.5 (HKLM-x32\...\{216729B6-014A-F413-814F-F17F74FBA113}_is1) (Version: 2.5 - GBOOKSDOWNLOADER.COM)
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.15) (Version: 9.15 - Artifex Software Inc.)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
ICQ 8.2 (build 7138) (HKU\S-1-5-21-819639659-4150350305-585420797-1001\...\ICQ) (Version: 8.2.7138.0 - ICQ)
ImageMagick 6.8.9-6 Q16 (64-bit) (2014-08-15) (HKLM\...\ImageMagick 6.8.9 Q16 (64-bit)_is1) (Version: 6.8.9 - ImageMagick Studio LLC)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Juniper Networks Network Connect 7.1.0 (HKLM-x32\...\Juniper Network Connect 7.1.0) (Version: 7.1.0.19243 - Juniper Networks)
Juniper Networks Network Connect 7.1.14 (HKLM-x32\...\Juniper Network Connect 7.1.14) (Version: 7.1.14.23943 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-819639659-4150350305-585420797-1001\...\Juniper_Setup_Client) (Version: 7.1.17.41283 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-819639659-4150350305-585420797-1004\...\Juniper_Setup_Client) (Version: 7.1.10.21853 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LibreOffice 4.0 Help Pack (German) (HKLM-x32\...\{FE231FC3-A6F1-45D4-AE1B-C591610EBC32}) (Version: 4.0.5.2 - The Document Foundation)
LibreOffice 4.0.5.2 (HKLM-x32\...\{5B9C9486-4287-4621-8F9D-EC3EE622A82F}) (Version: 4.0.5.2 - The Document Foundation)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-819639659-4150350305-585420797-1001\...\OneDriveSetup.exe) (Version: 17.0.4029.0217 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-819639659-4150350305-585420797-1004\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 36.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 de)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 17.0.3 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 17.0.3 (x86 de)) (Version: 17.0.3 - Mozilla)
Multimedia POP (HKLM-x32\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.0 - )
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
Nero 11 InfoTool (HKLM-x32\...\{64BEF779-5053-48AF-A3D8-B70EBC1C70E7}) (Version: 11.0.00500 - Nero AG)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Opera 12.10 (HKLM\...\Opera 12.10.1652) (Version: 12.10.1652 - Opera Software ASA)
PDF24 Creator 5.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.206.0 - Tracker Software Products Ltd)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.6 - )
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime (HKLM-x32\...\QuickTime) (Version: - )
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6413 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_5 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_5 - Samsung Electronics Co., Ltd.) Hidden
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.5 - Samsung)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 4.04 (64-bit) (HKLM\...\Sandboxie) (Version: 4.04 - Sandboxie Holdings, LLC)
Secure Download Manager (HKLM-x32\...\{AA57D6F1-6360-4397-B2D9-B21C69863D97}) (Version: 3.1.0 - Kivuto Solutions Inc.)
SecureW2 EAP Suite 1.1.1 for Windows (HKLM-x32\...\SecureW2 EAP Suite) (Version: - )
Shockwave (HKLM-x32\...\Shockwave) (Version: - )
SketchUp 2013 (HKLM-x32\...\{2C0777B8-E91F-45AA-976B-7EB6B40E5400}) (Version: 13.0.4812 - Trimble Navigation Limited)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung)
Spotify (HKU\S-1-5-21-819639659-4150350305-585420797-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.7.0 - Synaptics Incorporated)
UnderCoverXP 1.23 (HKLM-x32\...\UnderCoverXP_is1) (Version: - Wicked & Wild Inc.)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.3 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-819639659-4150350305-585420797-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Timo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-819639659-4150350305-585420797-1001_Classes\CLSID\{7BC2BAFD-8E57-2A4D-CAFC-89827046831F}\InprocServer32 -> C:\windows\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-819639659-4150350305-585420797-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Timo\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-819639659-4150350305-585420797-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Timo\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-819639659-4150350305-585420797-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Timo\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-819639659-4150350305-585420797-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Timo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-819639659-4150350305-585420797-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Timo\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-819639659-4150350305-585420797-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Timo\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-819639659-4150350305-585420797-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Timo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-819639659-4150350305-585420797-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Timo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-819639659-4150350305-585420797-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Timo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-819639659-4150350305-585420797-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Timo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-819639659-4150350305-585420797-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Timo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-819639659-4150350305-585420797-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Timo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-819639659-4150350305-585420797-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Timo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-819639659-4150350305-585420797-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Timo\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-819639659-4150350305-585420797-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Timo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-819639659-4150350305-585420797-1004_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-819639659-4150350305-585420797-1004_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-819639659-4150350305-585420797-1004_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-819639659-4150350305-585420797-1004_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-819639659-4150350305-585420797-1004_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-819639659-4150350305-585420797-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Timo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
CustomCLSID: HKU\S-1-5-21-819639659-4150350305-585420797-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Timo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
CustomCLSID: HKU\S-1-5-21-819639659-4150350305-585420797-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Timo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
CustomCLSID: HKU\S-1-5-21-819639659-4150350305-585420797-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Timo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
==================== Restore Points =========================
ATTENTION: System Restore is disabled.
23-02-2015 02:13:28 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2013-07-21 09:44 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {02F2241B-9E1A-419B-9EF9-FC61A92D19D7} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-08-19] (SAMSUNG Electronics co., LTD.)
Task: {26F87A52-F847-41DC-9AEC-DEE6A6B5FF9B} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-06-24] (SEC)
Task: {4012145F-41CC-49D3-87F9-1EA7FEA89825} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {473D00F9-6DA8-41F1-ADA5-0DCD8C2E0AC1} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-23] (Adobe Systems Incorporated)
Task: {4F0C8CC6-E900-4E36-A076-2E6B8DF80B6C} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe [2011-07-29] (SAMSUNG Electronics)
Task: {5FA560AC-6C1D-4377-9E57-F6DC03FDEE9D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {7F696172-018E-432A-88F7-59AC0DABF5B9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {85D1E419-D21A-455F-98B1-571053764007} - System32\Tasks\{64A79135-29E6-4FB6-BB9D-24DF00667B45} => pcalua.exe -a C:\Users\Timo\Downloads\SecureW2_EAP_Suite_113\SecureW2_EAP_Suite_113.exe -d C:\Users\Timo\Downloads\SecureW2_EAP_Suite_113
Task: {8BE37F8A-690E-4BE1-B074-4371BC121A30} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2011-09-06] (Samsung Electronics Co., Ltd.)
Task: {CA09BC21-F069-421A-A85C-D900B4BE755F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink)
Task: {D3BF8BC0-B274-40CA-9EC2-1AAD4AA46DBD} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2011-08-19] (Samsung Electronics Co., Ltd.)
Task: {D5C6A7B0-D201-4F5A-A21E-16AF37DD068D} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2011-09-27] (Samsung Electronics)
Task: {DE9F620B-63E1-4810-A6B3-9D2F03659CA5} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2011-09-06] (Samsung Electronics Co., Ltd.)
Task: {E7943E5D-D161-48FC-99F2-D12DFF3088AF} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Timo-PC-Timo Timo-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-01-06] (Microsoft Corporation)
Task: {EAADE241-A28D-4A2B-8988-433CC7E1D66A} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2011-08-22] (Samsung Electronics Co., Ltd.)
Task: {F8C9C5FA-B3B7-43AA-8A7F-804479BE6C92} - System32\Tasks\Easy Software Manager Agent => C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe [2011-09-15] (Samsung)
Task: {FC9A9DDB-B45F-4B92-9A36-A11C87B35CAD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) ==============
2014-08-14 12:11 - 2014-07-02 21:48 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-08-17 10:50 - 2014-07-02 19:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-23 13:08 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-10-29 00:57 - 2009-03-29 11:30 - 02058240 _____ () C:\Program Files (x86)\FeedReader30\feedreader.exe
2011-07-21 06:51 - 2010-12-16 10:37 - 00094208 _____ () C:\windows\system32\IccLibDll_x64.dll
2014-08-14 12:11 - 2014-07-02 21:48 - 00013272 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2012-01-09 11:56 - 2011-02-16 16:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2014-11-17 23:54 - 2014-11-17 23:54 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\Timo\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-01 11:37 - 2015-03-01 11:37 - 00043008 _____ () c:\users\timo\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmaaqfd.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00047616 _____ () C:\Users\Timo\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00865280 _____ () C:\Users\Timo\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00200704 _____ () C:\Users\Timo\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-11-17 23:54 - 2014-11-17 23:54 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2012-01-09 12:05 - 2011-07-29 01:53 - 00746064 _____ () C:\Program Files (x86)\Samsung\Easy Software Manager\SWMFuncDLL.dll
2012-01-09 11:56 - 2006-08-12 03:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2012-01-09 12:04 - 2010-05-07 15:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2009-11-02 06:20 - 2009-11-02 06:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 06:23 - 2009-11-02 06:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Timo\Desktop\WordPlaceholders_2015-02-17 21-49-02.bak:com.dropbox.attributes
AlternateDataStreams: C:\Users\Timo\Desktop\WordPlaceholders_2015-02-17 22-04-54.bak:com.dropbox.attributes
AlternateDataStreams: C:\Users\Timo\Desktop\[Citavi Backup] 02 Teil A (Dezember-Fassung) - TW -umgewandelte Felder 2015-02-17 21-49-02.docx:com.dropbox.attributes
AlternateDataStreams: C:\Users\Timo\Desktop\[Citavi Backup] 2015-02-17 - Teil B - umgewandelt 2015-02-17 22-04-54.docx:com.dropbox.attributes
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-819639659-4150350305-585420797-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-819639659-4150350305-585420797-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: UMVPFSrv => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Bonus.SSR.FR12 => "C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: Vidalia => "C:\Program Files (x86)\Vidalia Bridge Bundle\Vidalia\vidalia.exe"
==================== Accounts: =============================
Admin (S-1-5-21-819639659-4150350305-585420797-1004 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-819639659-4150350305-585420797-500 - Administrator - Disabled)
Gast (S-1-5-21-819639659-4150350305-585420797-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-819639659-4150350305-585420797-1003 - Limited - Enabled)
Timo (S-1-5-21-819639659-4150350305-585420797-1001 - Limited - Enabled) => C:\Users\Timo
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/01/2015 11:38:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: dmhkcore.exe, Version: 3.2.8.17, Zeitstempel: 0x4e65db1a
Name des fehlerhaften Moduls: dmhkcore.exe, Version: 3.2.8.17, Zeitstempel: 0x4e65db1a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000324a7
ID des fehlerhaften Prozesses: 0x9f0
Startzeit der fehlerhaften Anwendung: 0xdmhkcore.exe0
Pfad der fehlerhaften Anwendung: dmhkcore.exe1
Pfad des fehlerhaften Moduls: dmhkcore.exe2
Berichtskennung: dmhkcore.exe3
Error: (03/01/2015 11:38:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/01/2015 11:36:49 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
Error: (02/28/2015 08:35:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SWMAgent.exe, Version: 1.1.16.14, Zeitstempel: 0x4e71639d
Name des fehlerhaften Moduls: SWMAgent.exe, Version: 1.1.16.14, Zeitstempel: 0x4e71639d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001fbe8
ID des fehlerhaften Prozesses: 0x11b4
Startzeit der fehlerhaften Anwendung: 0xSWMAgent.exe0
Pfad der fehlerhaften Anwendung: SWMAgent.exe1
Pfad des fehlerhaften Moduls: SWMAgent.exe2
Berichtskennung: SWMAgent.exe3
Error: (02/28/2015 08:35:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/28/2015 08:33:27 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
Error: (02/28/2015 06:45:01 PM) (Source: SecureW2) (EventID: 1317) (User: )
Description: Unknown Function Failed
Error: (02/28/2015 06:45:00 PM) (Source: SecureW2) (EventID: 1317) (User: )
Description: Unknown Function Failed
Error: (02/28/2015 06:44:58 PM) (Source: SecureW2) (EventID: 1317) (User: )
Description: Unknown Function Failed
Error: (02/28/2015 06:43:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 36.0.0.5531 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1338
Startzeit: 01d0536cf8b6fe6c
Endzeit: 110
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: 3baf75f3-bf71-11e4-852d-e8039aa11699
System errors:
=============
Error: (02/28/2015 10:06:21 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService erreicht.
Error: (02/28/2015 08:34:29 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (02/28/2015 08:34:25 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Error: (02/28/2015 05:40:02 PM) (Source: volsnap) (EventID: 67) (User: )
Description: Die Schattenkopie des erstellten Volumes "C:" konnte nicht installiert werden.
Error: (02/28/2015 09:21:44 AM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: 0x80004004-1
Error: (02/27/2015 06:57:01 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "FELIX-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{35EDC2EE-1A7C-46EC-9C97-1CC4CAE27B04}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (02/27/2015 04:16:54 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 141.20.215.77
registriert werden. Der Computer mit IP-Adresse 141.20.215.137 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (02/27/2015 03:42:55 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "KATHARINA-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{35EDC2EE-1A7C-46EC-9C97-1CC4CAE27B04}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (02/27/2015 03:18:52 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "KATHARINA-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{35EDC2EE-1A7C-46EC-9C97-1CC4CAE27B04}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (02/26/2015 03:49:05 PM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.
Microsoft Office Sessions:
=========================
Error: (03/01/2015 11:38:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: dmhkcore.exe3.2.8.174e65db1admhkcore.exe3.2.8.174e65db1ac0000005000324a79f001d0540bbceaca0aC:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exeC:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe23d31c83-bfff-11e4-9a18-e8039aa11699
Error: (03/01/2015 11:38:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/01/2015 11:36:49 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
Error: (02/28/2015 08:35:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SWMAgent.exe1.1.16.144e71639dSWMAgent.exe1.1.16.144e71639dc00000050001fbe811b401d0538d916bb622C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exeC:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exee3ab570b-bf80-11e4-a42d-e8039aa11699
Error: (02/28/2015 08:35:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/28/2015 08:33:27 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
bei System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
Error: (02/28/2015 06:45:01 PM) (Source: SecureW2) (EventID: 1317) (User: )
Description: Unknown Function Failed
Error: (02/28/2015 06:45:00 PM) (Source: SecureW2) (EventID: 1317) (User: )
Description: Unknown Function Failed
Error: (02/28/2015 06:44:58 PM) (Source: SecureW2) (EventID: 1317) (User: )
Description: Unknown Function Failed
Error: (02/28/2015 06:43:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe36.0.0.5531133801d0536cf8b6fe6c110C:\Program Files (x86)\Mozilla Firefox\firefox.exe3baf75f3-bf71-11e4-852d-e8039aa11699
CodeIntegrity Errors:
===================================
Date: 2013-08-04 00:50:28.875
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Admin\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-08-04 00:50:28.844
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Admin\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-08-04 00:50:28.766
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-08-04 00:50:28.735
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 27%
Total physical RAM: 8105.55 MB
Available physical RAM: 5868.52 MB
Total Pagefile: 16209.28 MB
Available Pagefile: 13708.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:271 GB) (Free:175.08 GB) NTFS
Drive d: () (Fixed) (Total:404.22 GB) (Free:237.52 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 915FBAC0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=271 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=404.2 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=23.3 GB) - (Type=27)
==================== End Of Log ============================
Beste Grüße Elvis |
|
01.03.2015, 16:18
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7: Windows-Firewall blockiert Firefox-Anwendungen hi, Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.03.2015, 17:34
| #5 |
| | Windows 7: Windows-Firewall blockiert Firefox-Anwendungen Hallo, anbei die Ergebnisse: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.03.01.03
rootkit: v2015.02.25.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17633
Admin :: TIMO-PC [administrator]
01.03.2015 16:35:22
mbar-log-2015-03-01 (16-35-22).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 438160
Time elapsed: 47 minute(s), 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 17:26:05.0507 0x1a00 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
17:26:14.0761 0x1a00 ============================================================
17:26:14.0761 0x1a00 Current date / time: 2015/03/01 17:26:14.0761
17:26:14.0761 0x1a00 SystemInfo:
17:26:14.0761 0x1a00
17:26:14.0761 0x1a00 OS Version: 6.1.7601 ServicePack: 1.0
17:26:14.0761 0x1a00 Product type: Workstation
17:26:14.0761 0x1a00 ComputerName: TIMO-PC
17:26:14.0761 0x1a00 UserName: Admin
17:26:14.0761 0x1a00 Windows directory: C:\windows
17:26:14.0761 0x1a00 System windows directory: C:\windows
17:26:14.0761 0x1a00 Running under WOW64
17:26:14.0761 0x1a00 Processor architecture: Intel x64
17:26:14.0761 0x1a00 Number of processors: 4
17:26:14.0761 0x1a00 Page size: 0x1000
17:26:14.0761 0x1a00 Boot type: Normal boot
17:26:14.0761 0x1a00 ============================================================
17:26:15.0211 0x1a00 KLMD registered as C:\windows\system32\drivers\58456623.sys
17:26:15.0981 0x1a00 System UUID: {627401DF-6F2C-F52E-7237-8AE9396BB217}
17:26:16.0511 0x1a00 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x162DD1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
17:26:16.0511 0x1a00 ============================================================
17:26:16.0511 0x1a00 \Device\Harddisk0\DR0:
17:26:16.0511 0x1a00 MBR partitions:
17:26:16.0511 0x1a00 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:26:16.0511 0x1a00 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x21E00000
17:26:16.0541 0x1a00 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x21E33000, BlocksNum 0x32870000
17:26:16.0541 0x1a00 ============================================================
17:26:16.0571 0x1a00 C: <-> \Device\Harddisk0\DR0\Partition2
17:26:16.0631 0x1a00 D: <-> \Device\Harddisk0\DR0\Partition3
17:26:16.0651 0x1a00 ============================================================
17:26:16.0651 0x1a00 Initialize success
17:26:16.0651 0x1a00 ============================================================
17:27:19.0021 0x1ae4 ============================================================
17:27:19.0021 0x1ae4 Scan started
17:27:19.0021 0x1ae4 Mode: Manual; SigCheck; TDLFS;
17:27:19.0021 0x1ae4 ============================================================
17:27:19.0021 0x1ae4 KSN ping started
17:27:23.0361 0x1ae4 KSN ping finished: true
17:27:24.0431 0x1ae4 ================ Scan system memory ========================
17:27:24.0431 0x1ae4 System memory - ok
17:27:24.0441 0x1ae4 ================ Scan services =============================
17:27:24.0601 0x1ae4 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
17:27:24.0841 0x1ae4 1394ohci - ok
17:27:24.0981 0x1ae4 [ 7494475F1BE72A371685F96A6B6044D9, 7F0A8BC9D2565F153D9BA2E55691CD742C8EA90FD61084A13CA8AD0581625EB7 ] ABBYY.Licensing.FineReader.Professional.12.0 C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe
17:27:25.0031 0x1ae4 ABBYY.Licensing.FineReader.Professional.12.0 - ok
17:27:25.0061 0x1ae4 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\windows\system32\drivers\ACPI.sys
17:27:25.0081 0x1ae4 ACPI - ok
17:27:25.0111 0x1ae4 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
17:27:25.0191 0x1ae4 AcpiPmi - ok
17:27:25.0281 0x1ae4 [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:27:25.0291 0x1ae4 AdobeARMservice - ok
17:27:25.0421 0x1ae4 [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:27:25.0431 0x1ae4 AdobeFlashPlayerUpdateSvc - ok
17:27:25.0481 0x1ae4 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
17:27:25.0501 0x1ae4 adp94xx - ok
17:27:25.0541 0x1ae4 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\windows\system32\drivers\adpahci.sys
17:27:25.0561 0x1ae4 adpahci - ok
17:27:25.0581 0x1ae4 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\windows\system32\drivers\adpu320.sys
17:27:25.0591 0x1ae4 adpu320 - ok
17:27:25.0621 0x1ae4 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
17:27:25.0751 0x1ae4 AeLookupSvc - ok
17:27:25.0811 0x1ae4 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\windows\system32\drivers\afd.sys
17:27:25.0861 0x1ae4 AFD - ok
17:27:25.0901 0x1ae4 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\windows\system32\drivers\agp440.sys
17:27:25.0901 0x1ae4 agp440 - ok
17:27:25.0931 0x1ae4 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\windows\System32\alg.exe
17:27:26.0001 0x1ae4 ALG - ok
17:27:26.0031 0x1ae4 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\windows\system32\drivers\aliide.sys
17:27:26.0041 0x1ae4 aliide - ok
17:27:26.0151 0x1ae4 ALSysIO - ok
17:27:26.0181 0x1ae4 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\windows\system32\drivers\amdide.sys
17:27:26.0181 0x1ae4 amdide - ok
17:27:26.0211 0x1ae4 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
17:27:26.0251 0x1ae4 AmdK8 - ok
17:27:26.0271 0x1ae4 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
17:27:26.0291 0x1ae4 AmdPPM - ok
17:27:26.0331 0x1ae4 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\windows\system32\drivers\amdsata.sys
17:27:26.0341 0x1ae4 amdsata - ok
17:27:26.0381 0x1ae4 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\windows\system32\drivers\amdsbs.sys
17:27:26.0391 0x1ae4 amdsbs - ok
17:27:26.0411 0x1ae4 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\windows\system32\drivers\amdxata.sys
17:27:26.0421 0x1ae4 amdxata - ok
17:27:26.0481 0x1ae4 [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:27:26.0501 0x1ae4 AntiVirSchedulerService - ok
17:27:26.0551 0x1ae4 [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:27:26.0571 0x1ae4 AntiVirService - ok
17:27:26.0611 0x1ae4 [ 80B9412C4DE09147581FC935FB4C97AB, 0C9661F7B5EF7F9D61981790B7AB64E3375BD117962166619D0CC546A2D014D3 ] AppID C:\windows\system32\drivers\appid.sys
17:27:26.0651 0x1ae4 AppID - ok
17:27:26.0691 0x1ae4 [ F71CA01C24FC3798A717B5A6F682F9AD, 8CF1C209E7BBBAD02D6D087293C0B681CDA3170AF119CA2916C2708D8801E749 ] AppIDSvc C:\windows\System32\appidsvc.dll
17:27:26.0721 0x1ae4 AppIDSvc - ok
17:27:26.0761 0x1ae4 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\windows\System32\appinfo.dll
17:27:26.0801 0x1ae4 Appinfo - ok
17:27:26.0831 0x1ae4 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\windows\system32\drivers\arc.sys
17:27:26.0841 0x1ae4 arc - ok
17:27:26.0851 0x1ae4 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\windows\system32\drivers\arcsas.sys
17:27:26.0861 0x1ae4 arcsas - ok
17:27:26.0961 0x1ae4 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:27:26.0971 0x1ae4 aspnet_state - ok
17:27:27.0091 0x1ae4 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
17:27:27.0141 0x1ae4 AsyncMac - ok
17:27:27.0181 0x1ae4 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\windows\system32\drivers\atapi.sys
17:27:27.0181 0x1ae4 atapi - ok
17:27:27.0251 0x1ae4 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
17:27:27.0321 0x1ae4 AudioEndpointBuilder - ok
17:27:27.0351 0x1ae4 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv C:\windows\System32\Audiosrv.dll
17:27:27.0371 0x1ae4 AudioSrv - ok
17:27:27.0411 0x1ae4 [ 1B87A1F2FA5B91AC1A7D171B8D952441, 4CB21F6567021DAE6B2E35B9BA84D015580E2DDFEBEB1AA9637BD93F42883DD2 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
17:27:27.0451 0x1ae4 avgntflt - ok
17:27:27.0491 0x1ae4 [ AF61774060F277FE45CBD3A9A8E7D45A, 2F96DC9735BAF017603D72A258BF7A772BF8C4AFECB5AA0CAD8F8E3CCAA0F2B5 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
17:27:27.0501 0x1ae4 avipbb - ok
17:27:27.0591 0x1ae4 [ 8E6214E8C6100222BEB6A14F9B908A7E, 268279AE0D87E4B1CC227355DF12B7E8113F8355B1D20447AA723830D706021A ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
17:27:27.0601 0x1ae4 Avira.OE.ServiceHost - ok
17:27:27.0681 0x1ae4 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
17:27:27.0691 0x1ae4 avkmgr - ok
17:27:27.0731 0x1ae4 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\windows\System32\AxInstSV.dll
17:27:27.0791 0x1ae4 AxInstSV - ok
17:27:27.0831 0x1ae4 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
17:27:27.0881 0x1ae4 b06bdrv - ok
17:27:27.0911 0x1ae4 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
17:27:27.0941 0x1ae4 b57nd60a - ok
17:27:27.0981 0x1ae4 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\windows\System32\bdesvc.dll
17:27:28.0021 0x1ae4 BDESVC - ok
17:27:28.0051 0x1ae4 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\windows\system32\drivers\Beep.sys
17:27:28.0111 0x1ae4 Beep - ok
17:27:28.0171 0x1ae4 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\windows\System32\bfe.dll
17:27:28.0221 0x1ae4 BFE - ok
17:27:28.0261 0x1ae4 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\windows\System32\qmgr.dll
17:27:28.0421 0x1ae4 BITS - ok
17:27:28.0441 0x1ae4 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
17:27:28.0461 0x1ae4 blbdrive - ok
17:27:28.0501 0x1ae4 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\windows\system32\DRIVERS\bowser.sys
17:27:28.0531 0x1ae4 bowser - ok
17:27:28.0571 0x1ae4 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
17:27:28.0611 0x1ae4 BrFiltLo - ok
17:27:28.0621 0x1ae4 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
17:27:28.0651 0x1ae4 BrFiltUp - ok
17:27:28.0691 0x1ae4 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\windows\System32\browser.dll
17:27:28.0741 0x1ae4 Browser - ok
17:27:28.0771 0x1ae4 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\windows\System32\Drivers\Brserid.sys
17:27:28.0801 0x1ae4 Brserid - ok
17:27:28.0831 0x1ae4 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
17:27:28.0861 0x1ae4 BrSerWdm - ok
17:27:28.0881 0x1ae4 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
17:27:28.0911 0x1ae4 BrUsbMdm - ok
17:27:28.0941 0x1ae4 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
17:27:28.0971 0x1ae4 BrUsbSer - ok
17:27:29.0011 0x1ae4 [ 9D95F74875491CECBF9E10A5936A570E, 55BDA43FB0C0623CFB7899D0A42BA6696A0A314F9DB5D0EC27A606C2AD9AF34C ] BtFilter C:\windows\system32\DRIVERS\btfilter.sys
17:27:29.0051 0x1ae4 BtFilter - detected UnsignedFile.Multi.Generic ( 1 )
17:27:31.0811 0x1ae4 Detect skipped due to KSN trusted
17:27:31.0811 0x1ae4 BtFilter - ok
17:27:31.0871 0x1ae4 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
17:27:31.0911 0x1ae4 BthEnum - ok
17:27:31.0941 0x1ae4 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
17:27:31.0961 0x1ae4 BTHMODEM - ok
17:27:32.0001 0x1ae4 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
17:27:32.0021 0x1ae4 BthPan - ok
17:27:32.0071 0x1ae4 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
17:27:32.0111 0x1ae4 BTHPORT - ok
17:27:32.0151 0x1ae4 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\windows\system32\bthserv.dll
17:27:32.0191 0x1ae4 bthserv - ok
17:27:32.0211 0x1ae4 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
17:27:32.0231 0x1ae4 BTHUSB - ok
17:27:32.0261 0x1ae4 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
17:27:32.0301 0x1ae4 cdfs - ok
17:27:32.0351 0x1ae4 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
17:27:32.0361 0x1ae4 cdrom - ok
17:27:32.0401 0x1ae4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\windows\System32\certprop.dll
17:27:32.0441 0x1ae4 CertPropSvc - ok
17:27:32.0481 0x1ae4 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\windows\system32\drivers\circlass.sys
17:27:32.0491 0x1ae4 circlass - ok
17:27:32.0531 0x1ae4 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\windows\system32\CLFS.sys
17:27:32.0551 0x1ae4 CLFS - ok
17:27:32.0731 0x1ae4 [ 399F2E92269D4559F1A813624DD78496, 731606646390D2B279B2A51C8AE0E38E5CDE271CDA7D00061186EBBC3E37A72E ] ClickToRunSvc C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
17:27:32.0791 0x1ae4 ClickToRunSvc - ok
17:27:32.0871 0x1ae4 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:27:32.0881 0x1ae4 clr_optimization_v2.0.50727_32 - ok
17:27:32.0921 0x1ae4 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:27:32.0941 0x1ae4 clr_optimization_v2.0.50727_64 - ok
17:27:33.0021 0x1ae4 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:27:33.0031 0x1ae4 clr_optimization_v4.0.30319_32 - ok
17:27:33.0061 0x1ae4 [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:27:33.0071 0x1ae4 clr_optimization_v4.0.30319_64 - ok
17:27:33.0111 0x1ae4 [ E13A438F9E51DD034730678E33B73290, 3BB111DFDAEAB8DA6124600C7F6E080C2950A0BB420803FC12560343E1A9280A ] clwvd C:\windows\system32\DRIVERS\clwvd.sys
17:27:33.0121 0x1ae4 clwvd - ok
17:27:33.0151 0x1ae4 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
17:27:33.0171 0x1ae4 CmBatt - ok
17:27:33.0201 0x1ae4 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\windows\system32\drivers\cmdide.sys
17:27:33.0201 0x1ae4 cmdide - ok
17:27:33.0251 0x1ae4 [ E45CDE1C8340DFEDF1D6724263F39E5B, 8B8091D0A8FF08170F34DA01A4201DAE7C3D026226BC77B5C2EC67657C670168 ] CNG C:\windows\system32\Drivers\cng.sys
17:27:33.0281 0x1ae4 CNG - ok
17:27:33.0301 0x1ae4 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
17:27:33.0311 0x1ae4 Compbatt - ok
17:27:33.0321 0x1ae4 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
17:27:33.0341 0x1ae4 CompositeBus - ok
17:27:33.0361 0x1ae4 COMSysApp - ok
17:27:33.0381 0x1ae4 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
17:27:33.0391 0x1ae4 crcdisk - ok
17:27:33.0441 0x1ae4 [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc C:\windows\system32\cryptsvc.dll
17:27:33.0481 0x1ae4 CryptSvc - ok
17:27:33.0521 0x1ae4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\windows\system32\rpcss.dll
17:27:33.0581 0x1ae4 DcomLaunch - ok
17:27:33.0621 0x1ae4 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\windows\System32\defragsvc.dll
17:27:33.0671 0x1ae4 defragsvc - ok
17:27:33.0711 0x1ae4 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\windows\system32\Drivers\dfsc.sys
17:27:33.0751 0x1ae4 DfsC - ok
17:27:33.0811 0x1ae4 [ 955FFE2B1D74A9E0E3E0E558E6A17F3B, C046C2EF86ED847954931E714A82A0F65ECB6B64068F4EB6F69C2A26CD5B848B ] dg_ssudbus C:\windows\system32\DRIVERS\ssudbus.sys
17:27:33.0821 0x1ae4 dg_ssudbus - ok
17:27:33.0871 0x1ae4 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\windows\system32\dhcpcore.dll
17:27:33.0911 0x1ae4 Dhcp - ok
17:27:33.0931 0x1ae4 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\windows\system32\drivers\discache.sys
17:27:33.0981 0x1ae4 discache - ok
17:27:34.0081 0x1ae4 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\windows\system32\drivers\disk.sys
17:27:34.0091 0x1ae4 Disk - ok
17:27:34.0131 0x1ae4 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\windows\System32\dnsrslvr.dll
17:27:34.0181 0x1ae4 Dnscache - ok
17:27:34.0211 0x1ae4 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\windows\System32\dot3svc.dll
17:27:34.0261 0x1ae4 dot3svc - ok
17:27:34.0291 0x1ae4 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\windows\system32\dps.dll
17:27:34.0321 0x1ae4 DPS - ok
17:27:34.0361 0x1ae4 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
17:27:34.0411 0x1ae4 drmkaud - ok
17:27:34.0451 0x1ae4 [ 0040A0132AAC1004E50055F8FBB14C08, A336CA41DA09AC749242852827C1F2FB645E8E81A707217C360C5E4ACD1760BA ] dsNcAdpt C:\windows\system32\DRIVERS\dsNcAdpt.sys
17:27:34.0491 0x1ae4 dsNcAdpt - ok
17:27:34.0591 0x1ae4 [ BC2DA2317A1E7E4149807560F592D9AF, 67A494CCF452857AFF38794C743ECD69B0794D6E8B4DEBFD924154A92206ACCE ] dsNcService C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
17:27:34.0601 0x1ae4 dsNcService - ok
17:27:34.0661 0x1ae4 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
17:27:34.0691 0x1ae4 DXGKrnl - ok
17:27:34.0741 0x1ae4 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\windows\System32\eapsvc.dll
17:27:34.0781 0x1ae4 EapHost - ok
17:27:34.0891 0x1ae4 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\windows\system32\drivers\evbda.sys
17:27:35.0031 0x1ae4 ebdrv - ok
17:27:35.0091 0x1ae4 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] EFS C:\windows\System32\lsass.exe
17:27:35.0141 0x1ae4 EFS - ok
17:27:35.0201 0x1ae4 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\windows\ehome\ehRecvr.exe
17:27:35.0251 0x1ae4 ehRecvr - ok
17:27:35.0281 0x1ae4 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\windows\ehome\ehsched.exe
17:27:35.0311 0x1ae4 ehSched - ok
17:27:35.0361 0x1ae4 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\windows\system32\drivers\elxstor.sys
17:27:35.0381 0x1ae4 elxstor - ok
17:27:35.0401 0x1ae4 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\windows\system32\drivers\errdev.sys
17:27:35.0421 0x1ae4 ErrDev - ok
17:27:35.0481 0x1ae4 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\windows\system32\es.dll
17:27:35.0541 0x1ae4 EventSystem - ok
17:27:35.0551 0x1ae4 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\windows\system32\drivers\exfat.sys
17:27:35.0601 0x1ae4 exfat - ok
17:27:35.0611 0x1ae4 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\windows\system32\drivers\fastfat.sys
17:27:35.0661 0x1ae4 fastfat - ok
17:27:35.0711 0x1ae4 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\windows\system32\fxssvc.exe
17:27:35.0751 0x1ae4 Fax - ok
17:27:35.0771 0x1ae4 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\windows\system32\drivers\fdc.sys
17:27:35.0791 0x1ae4 fdc - ok
17:27:35.0821 0x1ae4 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\windows\system32\fdPHost.dll
17:27:35.0851 0x1ae4 fdPHost - ok
17:27:35.0851 0x1ae4 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\windows\system32\fdrespub.dll
17:27:35.0891 0x1ae4 FDResPub - ok
17:27:35.0921 0x1ae4 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\windows\system32\drivers\fileinfo.sys
17:27:35.0931 0x1ae4 FileInfo - ok
17:27:35.0961 0x1ae4 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\windows\system32\drivers\filetrace.sys
17:27:36.0021 0x1ae4 Filetrace - ok
17:27:36.0031 0x1ae4 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\windows\system32\drivers\flpydisk.sys
17:27:36.0061 0x1ae4 flpydisk - ok
17:27:36.0091 0x1ae4 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
17:27:36.0101 0x1ae4 FltMgr - ok
17:27:36.0161 0x1ae4 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\windows\system32\FntCache.dll
17:27:36.0231 0x1ae4 FontCache - ok
17:27:36.0261 0x1ae4 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:27:36.0271 0x1ae4 FontCache3.0.0.0 - ok
17:27:36.0281 0x1ae4 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\windows\system32\drivers\FsDepends.sys
17:27:36.0291 0x1ae4 FsDepends - ok
17:27:36.0321 0x1ae4 [ B16B626996C74B564005BA855C5DEE90, B432C669EB610C262B18F3F8308EEE1B910DE7F7BC2A8EB5483419DC52A07AE1 ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
17:27:36.0331 0x1ae4 fssfltr - ok
17:27:36.0371 0x1ae4 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
17:27:36.0381 0x1ae4 Fs_Rec - ok
17:27:36.0421 0x1ae4 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
17:27:36.0441 0x1ae4 fvevol - ok
17:27:36.0461 0x1ae4 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
17:27:36.0471 0x1ae4 gagp30kx - ok
17:27:36.0521 0x1ae4 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\windows\System32\gpsvc.dll
17:27:36.0571 0x1ae4 gpsvc - ok
17:27:36.0591 0x1ae4 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
17:27:36.0631 0x1ae4 hcw85cir - ok
17:27:36.0671 0x1ae4 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
17:27:36.0711 0x1ae4 HdAudAddService - ok
17:27:36.0741 0x1ae4 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
17:27:36.0761 0x1ae4 HDAudBus - ok
17:27:36.0781 0x1ae4 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\windows\system32\drivers\HidBatt.sys
17:27:36.0811 0x1ae4 HidBatt - ok
17:27:36.0831 0x1ae4 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\windows\system32\drivers\hidbth.sys
17:27:36.0871 0x1ae4 HidBth - ok
17:27:36.0901 0x1ae4 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\windows\system32\drivers\hidir.sys
17:27:36.0911 0x1ae4 HidIr - ok
17:27:36.0931 0x1ae4 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\windows\system32\hidserv.dll
17:27:36.0971 0x1ae4 hidserv - ok
17:27:37.0021 0x1ae4 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
17:27:37.0041 0x1ae4 HidUsb - ok
17:27:37.0051 0x1ae4 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\windows\system32\kmsvc.dll
17:27:37.0091 0x1ae4 hkmsvc - ok
17:27:37.0121 0x1ae4 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
17:27:37.0161 0x1ae4 HomeGroupListener - ok
17:27:37.0181 0x1ae4 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
17:27:37.0211 0x1ae4 HomeGroupProvider - ok
17:27:37.0241 0x1ae4 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
17:27:37.0251 0x1ae4 HpSAMD - ok
17:27:37.0291 0x1ae4 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\windows\system32\drivers\HTTP.sys
17:27:37.0341 0x1ae4 HTTP - ok
17:27:37.0371 0x1ae4 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
17:27:37.0381 0x1ae4 hwpolicy - ok
17:27:37.0411 0x1ae4 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
17:27:37.0421 0x1ae4 i8042prt - ok
17:27:37.0461 0x1ae4 [ 53CC5BF8B5A219119953C7ABB19A7705, F342A9732978D893729EA2591CB72E5F5BD1B3E6C9E4DBFFE54EC866E534A8C0 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
17:27:37.0481 0x1ae4 iaStor - ok
17:27:37.0521 0x1ae4 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
17:27:37.0541 0x1ae4 iaStorV - ok
17:27:37.0601 0x1ae4 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:27:37.0631 0x1ae4 idsvc - ok
17:27:37.0671 0x1ae4 IEEtwCollectorService - ok
17:27:38.0011 0x1ae4 [ 8CB8667F5A3B5515F2585F3254F3AAF7, 068E3E513AFF0ADAAB5EB5C019F13DD6D0BF4E8D69B98CFFCBA0368E04674CA8 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
17:27:38.0421 0x1ae4 igfx - ok
17:27:38.0471 0x1ae4 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\windows\system32\drivers\iirsp.sys
17:27:38.0481 0x1ae4 iirsp - ok
17:27:38.0521 0x1ae4 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\windows\System32\ikeext.dll
17:27:38.0561 0x1ae4 IKEEXT - ok
17:27:38.0671 0x1ae4 [ 8E05ADB4B809B478B2EC65A1A1633DEB, E5404FD4D2A7EAADA0FA8BB5ABC3AEEE36CACBC3D765C3B101FC6BE7EEE81EA8 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
17:27:38.0751 0x1ae4 IntcAzAudAddService - ok
17:27:38.0801 0x1ae4 [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
17:27:38.0841 0x1ae4 IntcDAud - ok
17:27:38.0861 0x1ae4 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\windows\system32\drivers\intelide.sys
17:27:38.0871 0x1ae4 intelide - ok
17:27:38.0911 0x1ae4 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
17:27:38.0921 0x1ae4 intelppm - ok
17:27:38.0951 0x1ae4 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\windows\system32\ipbusenum.dll
17:27:39.0001 0x1ae4 IPBusEnum - ok
17:27:39.0021 0x1ae4 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
17:27:39.0061 0x1ae4 IpFilterDriver - ok
17:27:39.0091 0x1ae4 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\windows\System32\iphlpsvc.dll
17:27:39.0121 0x1ae4 iphlpsvc - ok
17:27:39.0131 0x1ae4 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
17:27:39.0161 0x1ae4 IPMIDRV - ok
17:27:39.0181 0x1ae4 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\windows\system32\drivers\ipnat.sys
17:27:39.0211 0x1ae4 IPNAT - ok
17:27:39.0231 0x1ae4 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\windows\system32\drivers\irenum.sys
17:27:39.0261 0x1ae4 IRENUM - ok
17:27:39.0301 0x1ae4 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\windows\system32\drivers\isapnp.sys
17:27:39.0311 0x1ae4 isapnp - ok
17:27:39.0351 0x1ae4 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
17:27:39.0361 0x1ae4 iScsiPrt - ok
17:27:39.0391 0x1ae4 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
17:27:39.0401 0x1ae4 kbdclass - ok
17:27:39.0421 0x1ae4 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
17:27:39.0431 0x1ae4 kbdhid - ok
17:27:39.0451 0x1ae4 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] KeyIso C:\windows\system32\lsass.exe
17:27:39.0461 0x1ae4 KeyIso - ok
17:27:39.0491 0x1ae4 [ C60C6B9A2E50B0404F6789C62B428C03, 0DFFAACBA038FB3D994049E7BBC8E0C63CB8B4A68C4AB770AD995B66B017C25B ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
17:27:39.0501 0x1ae4 KSecDD - ok
17:27:39.0511 0x1ae4 [ 78D152A9FD5747FF6AA89C79F0346F62, 69138077E84E5324751E3C8B80D05BE58EDF03CEC84F69B734537F10F6998F3B ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
17:27:39.0521 0x1ae4 KSecPkg - ok
17:27:39.0551 0x1ae4 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\windows\system32\drivers\ksthunk.sys
17:27:39.0581 0x1ae4 ksthunk - ok
17:27:39.0601 0x1ae4 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\windows\system32\msdtckrm.dll
17:27:39.0661 0x1ae4 KtmRm - ok
17:27:39.0721 0x1ae4 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\windows\system32\srvsvc.dll
17:27:39.0771 0x1ae4 LanmanServer - ok
17:27:39.0801 0x1ae4 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
17:27:39.0831 0x1ae4 LanmanWorkstation - ok
17:27:39.0871 0x1ae4 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
17:27:39.0911 0x1ae4 lltdio - ok
17:27:39.0941 0x1ae4 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\windows\System32\lltdsvc.dll
17:27:39.0991 0x1ae4 lltdsvc - ok
17:27:40.0021 0x1ae4 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\windows\System32\lmhsvc.dll
17:27:40.0061 0x1ae4 lmhosts - ok
17:27:40.0171 0x1ae4 [ F4A17DCAB576267C85663E64F3ACE5A4, 6E1231740492480DB0ACD28BF7168547EA114037E3CF2F3869C5FADF3D859BAE ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:27:40.0191 0x1ae4 LMS - ok
17:27:40.0211 0x1ae4 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
17:27:40.0221 0x1ae4 LSI_FC - ok
17:27:40.0241 0x1ae4 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
17:27:40.0251 0x1ae4 LSI_SAS - ok
17:27:40.0261 0x1ae4 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
17:27:40.0271 0x1ae4 LSI_SAS2 - ok
17:27:40.0291 0x1ae4 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
17:27:40.0301 0x1ae4 LSI_SCSI - ok
17:27:40.0311 0x1ae4 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\windows\system32\drivers\luafv.sys
17:27:40.0351 0x1ae4 luafv - ok
17:27:40.0411 0x1ae4 [ 0C85B2B6FB74B36A251792D45E0EF860, 2E04204560C1159ABC25F273B0B7F81FDF9BA5E88C17929FD924C4E945DE5020 ] LVRS64 C:\windows\system32\DRIVERS\lvrs64.sys
17:27:40.0431 0x1ae4 LVRS64 - ok
17:27:40.0621 0x1ae4 [ FF3A488924B0032B1A9CA6948C1FA9E8, 6F05852B75498210926F5CDF49D2A6DD97C39CD93D32E3200D7240AADA3E7BEE ] LVUVC64 C:\windows\system32\DRIVERS\lvuvc64.sys
17:27:40.0781 0x1ae4 LVUVC64 - ok
17:27:40.0821 0x1ae4 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
17:27:40.0831 0x1ae4 Mcx2Svc - ok
17:27:40.0851 0x1ae4 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\windows\system32\drivers\megasas.sys
17:27:40.0861 0x1ae4 megasas - ok
17:27:40.0891 0x1ae4 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
17:27:40.0901 0x1ae4 MegaSR - ok
17:27:40.0931 0x1ae4 [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
17:27:40.0941 0x1ae4 MEIx64 - ok
17:27:40.0961 0x1ae4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\windows\system32\mmcss.dll
17:27:41.0001 0x1ae4 MMCSS - ok
17:27:41.0011 0x1ae4 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\windows\system32\drivers\modem.sys
17:27:41.0051 0x1ae4 Modem - ok
17:27:41.0091 0x1ae4 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\windows\system32\DRIVERS\monitor.sys
17:27:41.0121 0x1ae4 monitor - ok
17:27:41.0141 0x1ae4 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
17:27:41.0171 0x1ae4 mouclass - ok
17:27:41.0211 0x1ae4 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
17:27:41.0231 0x1ae4 mouhid - ok
17:27:41.0251 0x1ae4 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
17:27:41.0261 0x1ae4 mountmgr - ok
17:27:41.0311 0x1ae4 [ 5C2B2F10C847834C6DA4E680A4093BA3, 0222EBC8789765613184F47339A1DBD118ED209B72BC5565A8A7D4FB4CCF5418 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:27:41.0321 0x1ae4 MozillaMaintenance - ok
17:27:41.0361 0x1ae4 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\windows\system32\drivers\mpio.sys
17:27:41.0371 0x1ae4 mpio - ok
17:27:41.0391 0x1ae4 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
17:27:41.0421 0x1ae4 mpsdrv - ok
17:27:41.0451 0x1ae4 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\windows\system32\mpssvc.dll
17:27:41.0501 0x1ae4 MpsSvc - ok
17:27:41.0541 0x1ae4 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
17:27:41.0591 0x1ae4 MRxDAV - ok
17:27:41.0621 0x1ae4 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
17:27:41.0661 0x1ae4 mrxsmb - ok
17:27:41.0701 0x1ae4 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
17:27:41.0731 0x1ae4 mrxsmb10 - ok
17:27:41.0751 0x1ae4 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
17:27:41.0781 0x1ae4 mrxsmb20 - ok
17:27:41.0811 0x1ae4 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\windows\system32\drivers\msahci.sys
17:27:41.0811 0x1ae4 msahci - ok
17:27:41.0841 0x1ae4 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\windows\system32\drivers\msdsm.sys
17:27:41.0851 0x1ae4 msdsm - ok
17:27:41.0861 0x1ae4 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\windows\System32\msdtc.exe
17:27:41.0891 0x1ae4 MSDTC - ok
17:27:41.0931 0x1ae4 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\windows\system32\drivers\Msfs.sys
17:27:41.0961 0x1ae4 Msfs - ok
17:27:41.0971 0x1ae4 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
17:27:42.0021 0x1ae4 mshidkmdf - ok
17:27:42.0031 0x1ae4 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
17:27:42.0041 0x1ae4 msisadrv - ok
17:27:42.0081 0x1ae4 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\windows\system32\iscsiexe.dll
17:27:42.0131 0x1ae4 MSiSCSI - ok
17:27:42.0131 0x1ae4 msiserver - ok
17:27:42.0161 0x1ae4 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
17:27:42.0201 0x1ae4 MSKSSRV - ok
17:27:42.0211 0x1ae4 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
17:27:42.0251 0x1ae4 MSPCLOCK - ok
17:27:42.0271 0x1ae4 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\windows\system32\drivers\MSPQM.sys
17:27:42.0321 0x1ae4 MSPQM - ok
17:27:42.0351 0x1ae4 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
17:27:42.0361 0x1ae4 MsRPC - ok
17:27:42.0371 0x1ae4 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
17:27:42.0381 0x1ae4 mssmbios - ok
17:27:42.0391 0x1ae4 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\windows\system32\drivers\MSTEE.sys
17:27:42.0441 0x1ae4 MSTEE - ok
17:27:42.0461 0x1ae4 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\windows\system32\drivers\MTConfig.sys
17:27:42.0491 0x1ae4 MTConfig - ok
17:27:42.0511 0x1ae4 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\windows\system32\Drivers\mup.sys
17:27:42.0521 0x1ae4 Mup - ok
17:27:42.0561 0x1ae4 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\windows\system32\qagentRT.dll
17:27:42.0611 0x1ae4 napagent - ok
17:27:42.0661 0x1ae4 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
17:27:42.0691 0x1ae4 NativeWifiP - ok
17:27:42.0741 0x1ae4 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\windows\system32\drivers\ndis.sys
17:27:42.0771 0x1ae4 NDIS - ok
17:27:42.0811 0x1ae4 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
17:27:42.0851 0x1ae4 NdisCap - ok
17:27:42.0891 0x1ae4 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
17:27:42.0931 0x1ae4 NdisTapi - ok
17:27:42.0961 0x1ae4 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
17:27:43.0001 0x1ae4 Ndisuio - ok
17:27:43.0011 0x1ae4 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
17:27:43.0061 0x1ae4 NdisWan - ok
17:27:43.0101 0x1ae4 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
17:27:43.0121 0x1ae4 NDProxy - ok
17:27:43.0151 0x1ae4 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
17:27:43.0171 0x1ae4 NetBIOS - ok
17:27:43.0181 0x1ae4 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
17:27:43.0231 0x1ae4 NetBT - ok
17:27:43.0251 0x1ae4 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] Netlogon C:\windows\system32\lsass.exe
17:27:43.0261 0x1ae4 Netlogon - ok
17:27:43.0301 0x1ae4 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\windows\System32\netman.dll
17:27:43.0351 0x1ae4 Netman - ok
17:27:43.0391 0x1ae4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:27:43.0401 0x1ae4 NetMsmqActivator - ok
17:27:43.0411 0x1ae4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:27:43.0421 0x1ae4 NetPipeActivator - ok
17:27:43.0451 0x1ae4 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\windows\System32\netprofm.dll
17:27:43.0501 0x1ae4 netprofm - ok
17:27:43.0511 0x1ae4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:27:43.0521 0x1ae4 NetTcpActivator - ok
17:27:43.0531 0x1ae4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:27:43.0541 0x1ae4 NetTcpPortSharing - ok
17:27:43.0801 0x1ae4 [ 9FD1BE1881446D954FF77244AE58FBCB, 4FC9FFDB8F3079372C33F87102E38DC6A82E47FB8751498447CA4B00C2A17694 ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys
17:27:44.0101 0x1ae4 NETwNs64 - ok
17:27:44.0131 0x1ae4 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
17:27:44.0141 0x1ae4 nfrd960 - ok
17:27:44.0181 0x1ae4 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\windows\System32\nlasvc.dll
17:27:44.0231 0x1ae4 NlaSvc - ok
17:27:44.0251 0x1ae4 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\windows\system32\drivers\Npfs.sys
17:27:44.0281 0x1ae4 Npfs - ok
17:27:44.0311 0x1ae4 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\windows\system32\nsisvc.dll
17:27:44.0351 0x1ae4 nsi - ok
17:27:44.0381 0x1ae4 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
17:27:44.0421 0x1ae4 nsiproxy - ok
17:27:44.0491 0x1ae4 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
17:27:44.0541 0x1ae4 Ntfs - ok
17:27:44.0561 0x1ae4 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\windows\system32\drivers\Null.sys
17:27:44.0601 0x1ae4 Null - ok
17:27:44.0971 0x1ae4 [ 2232AE1BB51A96A7381A2CA17DF12E24, 4813E27BC14EB3CBD55AF89B098EA5C8DA4C7FF0B6CCB7AACFC43BC0E578C988 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
17:27:45.0371 0x1ae4 nvlddmkm - ok
17:27:45.0421 0x1ae4 [ 30458B18AEA941B1FD3A6A076BE95A71, F3B36E52D63939A89658073E1DEFFCD050EF9B39F643771E846737915012D5FB ] nvpciflt C:\windows\system32\DRIVERS\nvpciflt.sys
17:27:45.0421 0x1ae4 nvpciflt - ok
17:27:45.0451 0x1ae4 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\windows\system32\drivers\nvraid.sys
17:27:45.0461 0x1ae4 nvraid - ok
17:27:45.0491 0x1ae4 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\windows\system32\drivers\nvstor.sys
17:27:45.0501 0x1ae4 nvstor - ok
17:27:45.0561 0x1ae4 [ 2C8DD5A34A81715865D66D7AF39362A6, 62F9D873127921EE2EAA80B73E8994C4BF6DA7EEDACAEA030B8D58E086FD3850 ] nvsvc C:\windows\system32\nvvsvc.exe
17:27:45.0591 0x1ae4 nvsvc - ok
17:27:45.0611 0x1ae4 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\windows\system32\drivers\nv_agp.sys
17:27:45.0621 0x1ae4 nv_agp - ok
17:27:45.0631 0x1ae4 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
17:27:45.0651 0x1ae4 ohci1394 - ok
17:27:45.0731 0x1ae4 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:27:45.0741 0x1ae4 ose - ok
17:27:45.0951 0x1ae4 [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:27:46.0121 0x1ae4 osppsvc - ok
17:27:46.0151 0x1ae4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\windows\system32\pnrpsvc.dll
17:27:46.0201 0x1ae4 p2pimsvc - ok
17:27:46.0231 0x1ae4 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\windows\system32\p2psvc.dll
17:27:46.0251 0x1ae4 p2psvc - ok
17:27:46.0291 0x1ae4 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\windows\system32\drivers\parport.sys
17:27:46.0321 0x1ae4 Parport - ok
17:27:46.0341 0x1ae4 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\windows\system32\drivers\partmgr.sys
17:27:46.0351 0x1ae4 partmgr - ok
17:27:46.0391 0x1ae4 [ 256390425414F90FCBC12F525A84EB11, A4992020BF6A239AD8A77125426E2C39980C9ABC971C4DBCB24B358F946AD7F9 ] PcaSvc C:\windows\System32\pcasvc.dll
17:27:46.0411 0x1ae4 PcaSvc - ok
17:27:46.0431 0x1ae4 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\windows\system32\drivers\pci.sys
17:27:46.0451 0x1ae4 pci - ok
17:27:46.0461 0x1ae4 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\windows\system32\drivers\pciide.sys
17:27:46.0471 0x1ae4 pciide - ok
17:27:46.0491 0x1ae4 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\windows\system32\drivers\pcmcia.sys
17:27:46.0511 0x1ae4 pcmcia - ok
17:27:46.0521 0x1ae4 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\windows\system32\drivers\pcw.sys
17:27:46.0531 0x1ae4 pcw - ok
17:27:46.0551 0x1ae4 [ 946010CDFA91469351B22E2620CEBCD8, F099C92706D42ADC289B72724F7932E5D4F62A427AEC967DDB0A1D728AE59A63 ] PEAUTH C:\windows\system32\drivers\peauth.sys
17:27:46.0591 0x1ae4 PEAUTH - ok
17:27:46.0661 0x1ae4 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\windows\SysWow64\perfhost.exe
17:27:46.0681 0x1ae4 PerfHost - ok
17:27:46.0731 0x1ae4 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\windows\system32\pla.dll
17:27:46.0791 0x1ae4 pla - ok
17:27:46.0831 0x1ae4 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\windows\system32\umpnpmgr.dll
17:27:46.0881 0x1ae4 PlugPlay - ok
17:27:46.0901 0x1ae4 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
17:27:46.0931 0x1ae4 PNRPAutoReg - ok
17:27:46.0951 0x1ae4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\windows\system32\pnrpsvc.dll
17:27:46.0961 0x1ae4 PNRPsvc - ok
17:27:47.0001 0x1ae4 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
17:27:47.0041 0x1ae4 PolicyAgent - ok
17:27:47.0061 0x1ae4 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\windows\system32\umpo.dll
17:27:47.0101 0x1ae4 Power - ok
17:27:47.0131 0x1ae4 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
17:27:47.0181 0x1ae4 PptpMiniport - ok
17:27:47.0201 0x1ae4 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\windows\system32\drivers\processr.sys
17:27:47.0211 0x1ae4 Processor - ok
17:27:47.0251 0x1ae4 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\windows\system32\profsvc.dll
17:27:47.0301 0x1ae4 ProfSvc - ok
17:27:47.0311 0x1ae4 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] ProtectedStorage C:\windows\system32\lsass.exe
17:27:47.0321 0x1ae4 ProtectedStorage - ok
17:27:47.0361 0x1ae4 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\windows\system32\DRIVERS\pacer.sys
17:27:47.0401 0x1ae4 Psched - ok
17:27:47.0481 0x1ae4 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\windows\system32\drivers\ql2300.sys
17:27:47.0531 0x1ae4 ql2300 - ok
17:27:47.0541 0x1ae4 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\windows\system32\drivers\ql40xx.sys
17:27:47.0551 0x1ae4 ql40xx - ok
17:27:47.0581 0x1ae4 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\windows\system32\qwave.dll
17:27:47.0601 0x1ae4 QWAVE - ok
17:27:47.0631 0x1ae4 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
17:27:47.0671 0x1ae4 QWAVEdrv - ok
17:27:47.0691 0x1ae4 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
17:27:47.0731 0x1ae4 RasAcd - ok
17:27:47.0751 0x1ae4 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
17:27:47.0771 0x1ae4 RasAgileVpn - ok
17:27:47.0801 0x1ae4 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\windows\System32\rasauto.dll
17:27:47.0851 0x1ae4 RasAuto - ok
17:27:47.0891 0x1ae4 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
17:27:47.0931 0x1ae4 Rasl2tp - ok
17:27:47.0971 0x1ae4 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\windows\System32\rasmans.dll
17:27:48.0021 0x1ae4 RasMan - ok
17:27:48.0041 0x1ae4 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
17:27:48.0081 0x1ae4 RasPppoe - ok
17:27:48.0101 0x1ae4 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
17:27:48.0141 0x1ae4 RasSstp - ok
17:27:48.0171 0x1ae4 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
17:27:48.0201 0x1ae4 rdbss - ok
17:27:48.0221 0x1ae4 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\windows\system32\drivers\rdpbus.sys
17:27:48.0241 0x1ae4 rdpbus - ok
17:27:48.0261 0x1ae4 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
17:27:48.0301 0x1ae4 RDPCDD - ok
17:27:48.0311 0x1ae4 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
17:27:48.0331 0x1ae4 RDPENCDD - ok
17:27:48.0351 0x1ae4 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
17:27:48.0391 0x1ae4 RDPREFMP - ok
17:27:48.0421 0x1ae4 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\windows\system32\drivers\RDPWD.sys
17:27:48.0451 0x1ae4 RDPWD - ok
17:27:48.0481 0x1ae4 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\windows\system32\drivers\rdyboost.sys
17:27:48.0491 0x1ae4 rdyboost - ok
17:27:48.0521 0x1ae4 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\windows\System32\mprdim.dll
17:27:48.0551 0x1ae4 RemoteAccess - ok
17:27:48.0561 0x1ae4 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\windows\system32\regsvc.dll
17:27:48.0611 0x1ae4 RemoteRegistry - ok
17:27:48.0651 0x1ae4 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
17:27:48.0681 0x1ae4 RFCOMM - ok
17:27:48.0751 0x1ae4 [ F12A68ED55053940CADD59CA5E3468DD, 75331E6DA4E30717085E7D8131989241EBC492DC3EE455546F91DA9DFFFD2BFC ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
17:27:48.0781 0x1ae4 RichVideo - detected UnsignedFile.Multi.Generic ( 1 )
17:27:53.0111 0x1ae4 Detect skipped due to KSN trusted
17:27:53.0111 0x1ae4 RichVideo - ok
17:27:53.0121 0x1ae4 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
17:27:53.0161 0x1ae4 RpcEptMapper - ok
17:27:53.0181 0x1ae4 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\windows\system32\locator.exe
17:27:53.0201 0x1ae4 RpcLocator - ok
17:27:53.0231 0x1ae4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\windows\system32\rpcss.dll
17:27:53.0271 0x1ae4 RpcSs - ok
17:27:53.0301 0x1ae4 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
17:27:53.0351 0x1ae4 rspndr - ok
17:27:53.0411 0x1ae4 [ F4C374B1C46DE294B573BB43723AC3F6, 9B8A40BF54262A1949661596CB753D0B591E94577470ED44D498042BD3EA7C10 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
17:27:53.0421 0x1ae4 RTL8167 - ok
17:27:53.0491 0x1ae4 [ 4CA0DBA9E224473D664C25E411F5A3BD, 71423A66165782EFB4DB7BE6CE48DDB463D9F65FD0F266D333A6558791D158E5 ] rtport C:\windows\SysWOW64\drivers\rtport.sys
17:27:53.0491 0x1ae4 rtport - ok
17:27:53.0521 0x1ae4 [ 62DB6CC4B0818F1B5F3441241B098F12, 7A53B3FBA3F82EDE6FA688E531FBE7EC9E1AE329090C0AFE0DCD64F65BD90F21 ] SABI C:\windows\system32\Drivers\SABI.sys
17:27:53.0561 0x1ae4 SABI - ok
17:27:53.0571 0x1ae4 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] SamSs C:\windows\system32\lsass.exe
17:27:53.0581 0x1ae4 SamSs - ok
17:27:53.0631 0x1ae4 [ 53E618640032FF0511901551D7F77424, 10679F1B0FBF2B0C4B8D53BACB238119EC5E48A4C1A9EE73F121BCBC9A1EEFA6 ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
17:27:53.0651 0x1ae4 SbieDrv - ok
17:27:53.0681 0x1ae4 [ DD78D286FF9032D9E0938F815928C2FD, C85B65CC5B56DFE6D700BA98B607B934C7447C6AF8B59E98E4E4855FA83BDD51 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
17:27:53.0691 0x1ae4 SbieSvc - ok
17:27:53.0711 0x1ae4 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\windows\system32\drivers\sbp2port.sys
17:27:53.0721 0x1ae4 sbp2port - ok
17:27:53.0761 0x1ae4 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\windows\System32\SCardSvr.dll
17:27:53.0811 0x1ae4 SCardSvr - ok
17:27:53.0821 0x1ae4 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
17:27:53.0851 0x1ae4 scfilter - ok
17:27:53.0891 0x1ae4 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\windows\system32\schedsvc.dll
17:27:53.0951 0x1ae4 Schedule - ok
17:27:53.0981 0x1ae4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\windows\System32\certprop.dll
17:27:54.0001 0x1ae4 SCPolicySvc - ok
17:27:54.0021 0x1ae4 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\windows\System32\SDRSVC.dll
17:27:54.0071 0x1ae4 SDRSVC - ok
17:27:54.0101 0x1ae4 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\windows\system32\drivers\secdrv.sys
17:27:54.0151 0x1ae4 secdrv - ok
17:27:54.0181 0x1ae4 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\windows\system32\seclogon.dll
17:27:54.0221 0x1ae4 seclogon - ok
17:27:54.0241 0x1ae4 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\windows\System32\sens.dll
17:27:54.0281 0x1ae4 SENS - ok
17:27:54.0311 0x1ae4 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\windows\system32\sensrsvc.dll
17:27:54.0331 0x1ae4 SensrSvc - ok
17:27:54.0351 0x1ae4 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\windows\system32\drivers\serenum.sys
17:27:54.0381 0x1ae4 Serenum - ok
17:27:54.0401 0x1ae4 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\windows\system32\drivers\serial.sys
17:27:54.0431 0x1ae4 Serial - ok
17:27:54.0461 0x1ae4 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\windows\system32\drivers\sermouse.sys
17:27:54.0491 0x1ae4 sermouse - ok
17:27:54.0521 0x1ae4 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\windows\system32\sessenv.dll
17:27:54.0551 0x1ae4 SessionEnv - ok
17:27:54.0571 0x1ae4 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\windows\system32\drivers\sffdisk.sys
17:27:54.0581 0x1ae4 sffdisk - ok
17:27:54.0601 0x1ae4 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
17:27:54.0611 0x1ae4 sffp_mmc - ok
17:27:54.0621 0x1ae4 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
17:27:54.0641 0x1ae4 sffp_sd - ok
17:27:54.0651 0x1ae4 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
17:27:54.0671 0x1ae4 sfloppy - ok
17:27:54.0711 0x1ae4 [ 2FE1CD3AA602414841DB10AD96C95A5E, 1A2489DF37C13B578E69AA0D3D5DB3627C77750C45D78BB2872E29DD10253326 ] SGDrv C:\windows\system32\DRIVERS\SGdrv64.sys
17:27:54.0741 0x1ae4 SGDrv - ok
17:27:54.0771 0x1ae4 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\windows\System32\ipnathlp.dll
17:27:54.0831 0x1ae4 SharedAccess - ok
17:27:54.0871 0x1ae4 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
17:27:54.0901 0x1ae4 ShellHWDetection - ok
17:27:54.0931 0x1ae4 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
17:27:54.0931 0x1ae4 SiSRaid2 - ok
17:27:54.0951 0x1ae4 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
17:27:54.0961 0x1ae4 SiSRaid4 - ok
17:27:55.0021 0x1ae4 [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:27:55.0041 0x1ae4 SkypeUpdate - ok
17:27:55.0071 0x1ae4 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\windows\system32\DRIVERS\smb.sys
17:27:55.0101 0x1ae4 Smb - ok
17:27:55.0151 0x1ae4 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\windows\System32\snmptrap.exe
17:27:55.0171 0x1ae4 SNMPTRAP - ok
17:27:55.0201 0x1ae4 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\windows\system32\drivers\spldr.sys
17:27:55.0211 0x1ae4 spldr - ok
17:27:55.0251 0x1ae4 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\windows\System32\spoolsv.exe
17:27:55.0301 0x1ae4 Spooler - ok
17:27:55.0391 0x1ae4 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\windows\system32\sppsvc.exe
17:27:55.0551 0x1ae4 sppsvc - ok
17:27:55.0571 0x1ae4 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\windows\system32\sppuinotify.dll
17:27:55.0611 0x1ae4 sppuinotify - ok
17:27:55.0641 0x1ae4 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\windows\system32\DRIVERS\srv.sys
17:27:55.0671 0x1ae4 srv - ok
17:27:55.0691 0x1ae4 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
17:27:55.0721 0x1ae4 srv2 - ok
17:27:55.0751 0x1ae4 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
17:27:55.0771 0x1ae4 srvnet - ok
17:27:55.0841 0x1ae4 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
17:27:55.0871 0x1ae4 SSDPSRV - ok
17:27:55.0881 0x1ae4 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\windows\system32\sstpsvc.dll
17:27:55.0911 0x1ae4 SstpSvc - ok
17:27:55.0961 0x1ae4 [ BB94A5E2CEE5FD83BA5A72A37AECADDF, 2A94AFAF671F11CD496A41687C48B3FF2870B6CA12184E2E29FDCA73544C2B2A ] ssudmdm C:\windows\system32\DRIVERS\ssudmdm.sys
17:27:55.0971 0x1ae4 ssudmdm - ok
17:27:56.0001 0x1ae4 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\windows\system32\drivers\stexstor.sys
17:27:56.0011 0x1ae4 stexstor - ok
17:27:56.0061 0x1ae4 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\windows\System32\wiaservc.dll
17:27:56.0101 0x1ae4 stisvc - ok
17:27:56.0111 0x1ae4 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\windows\system32\DRIVERS\swenum.sys
17:27:56.0121 0x1ae4 swenum - ok
17:27:56.0161 0x1ae4 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\windows\System32\swprv.dll
17:27:56.0201 0x1ae4 swprv - ok
17:27:56.0261 0x1ae4 [ E2CF0E655048CD8CA863631BE8B1F09A, 48367C98CC611E7E5A333FD62E32041768CB712FADBF5132CC66BEEA92930C95 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
17:27:56.0301 0x1ae4 SynTP - ok
17:27:56.0371 0x1ae4 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\windows\system32\sysmain.dll
17:27:56.0421 0x1ae4 SysMain - ok
17:27:56.0431 0x1ae4 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
17:27:56.0441 0x1ae4 TabletInputService - ok
17:27:56.0481 0x1ae4 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\windows\System32\tapisrv.dll
17:27:56.0511 0x1ae4 TapiSrv - ok
17:27:56.0521 0x1ae4 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\windows\System32\tbssvc.dll
17:27:56.0561 0x1ae4 TBS - ok
17:27:56.0631 0x1ae4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\windows\system32\drivers\tcpip.sys
17:27:56.0691 0x1ae4 Tcpip - ok
17:27:56.0741 0x1ae4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
17:27:56.0791 0x1ae4 TCPIP6 - ok
17:27:56.0811 0x1ae4 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
17:27:56.0821 0x1ae4 tcpipreg - ok
17:27:56.0851 0x1ae4 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
17:27:56.0871 0x1ae4 TDPIPE - ok
17:27:56.0891 0x1ae4 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
17:27:56.0901 0x1ae4 TDTCP - ok
17:27:56.0941 0x1ae4 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\windows\system32\DRIVERS\tdx.sys
17:27:56.0991 0x1ae4 tdx - ok
17:27:57.0021 0x1ae4 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\windows\system32\DRIVERS\termdd.sys
17:27:57.0031 0x1ae4 TermDD - ok
17:27:57.0081 0x1ae4 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\windows\System32\termsrv.dll
17:27:57.0131 0x1ae4 TermService - ok
17:27:57.0151 0x1ae4 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\windows\system32\themeservice.dll
17:27:57.0181 0x1ae4 Themes - ok
17:27:57.0201 0x1ae4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\windows\system32\mmcss.dll
17:27:57.0231 0x1ae4 THREADORDER - ok
17:27:57.0251 0x1ae4 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\windows\System32\trkwks.dll
17:27:57.0281 0x1ae4 TrkWks - ok
17:27:57.0331 0x1ae4 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
17:27:57.0381 0x1ae4 TrustedInstaller - ok
17:27:57.0421 0x1ae4 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
17:27:57.0441 0x1ae4 tssecsrv - ok
17:27:57.0471 0x1ae4 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
17:27:57.0511 0x1ae4 TsUsbFlt - ok
17:27:57.0531 0x1ae4 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
17:27:57.0541 0x1ae4 TsUsbGD - ok
17:27:57.0591 0x1ae4 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
17:27:57.0621 0x1ae4 tunnel - ok
17:27:57.0631 0x1ae4 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\windows\system32\drivers\uagp35.sys
17:27:57.0631 0x1ae4 uagp35 - ok
17:27:57.0661 0x1ae4 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\windows\system32\DRIVERS\udfs.sys
17:27:57.0701 0x1ae4 udfs - ok
17:27:57.0731 0x1ae4 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\windows\system32\UI0Detect.exe
17:27:57.0751 0x1ae4 UI0Detect - ok
17:27:57.0771 0x1ae4 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
17:27:57.0781 0x1ae4 uliagpkx - ok
17:27:57.0801 0x1ae4 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\windows\system32\DRIVERS\umbus.sys
17:27:57.0811 0x1ae4 umbus - ok
17:27:57.0841 0x1ae4 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\windows\system32\drivers\umpass.sys
17:27:57.0861 0x1ae4 UmPass - ok
17:27:57.0921 0x1ae4 [ 67A95B9D129ED5399E7965CD09CF30E7, F1F2F684146F1CCB293BB9871117B8CFC1D04588A830F67CE5D3F0D034D93B2A ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
17:27:57.0941 0x1ae4 UMVPFSrv - ok
17:27:58.0051 0x1ae4 [ DB641944F7E4B14C13C3FEFC89843F69, C106F10E802A67D43C9F0591A4A2477F7EF7911C3313C3844A02E3C061FD3EAA ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:27:58.0111 0x1ae4 UNS - ok
17:27:58.0131 0x1ae4 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\windows\System32\upnphost.dll
17:27:58.0191 0x1ae4 upnphost - ok
17:27:58.0231 0x1ae4 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\windows\system32\drivers\usbaudio.sys
17:27:58.0271 0x1ae4 usbaudio - ok
17:27:58.0291 0x1ae4 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
17:27:58.0341 0x1ae4 usbccgp - ok
17:27:58.0381 0x1ae4 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\windows\system32\drivers\usbcir.sys
17:27:58.0411 0x1ae4 usbcir - ok
17:27:58.0431 0x1ae4 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\windows\system32\drivers\usbehci.sys
17:27:58.0471 0x1ae4 usbehci - ok
17:27:58.0511 0x1ae4 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
17:27:58.0541 0x1ae4 usbhub - ok
17:27:58.0571 0x1ae4 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\windows\system32\drivers\usbohci.sys
17:27:58.0581 0x1ae4 usbohci - ok
17:27:58.0611 0x1ae4 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
17:27:58.0621 0x1ae4 usbprint - ok
17:27:58.0631 0x1ae4 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
17:27:58.0651 0x1ae4 USBSTOR - ok
17:27:58.0671 0x1ae4 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\windows\system32\drivers\usbuhci.sys
17:27:58.0681 0x1ae4 usbuhci - ok
17:27:58.0721 0x1ae4 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
17:27:58.0741 0x1ae4 usbvideo - ok
17:27:58.0781 0x1ae4 [ 7B28E2FBE75115660FAB31079C0A9F29, 81BB5A3E64B652A672A0782A88ABF6DDD729D38712D0706CE0FB9DE6D1EE1515 ] usb_rndisx C:\windows\system32\DRIVERS\usb8023x.sys
17:27:58.0791 0x1ae4 usb_rndisx - ok
17:27:58.0811 0x1ae4 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\windows\System32\uxsms.dll
17:27:58.0851 0x1ae4 UxSms - ok
17:27:58.0871 0x1ae4 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] VaultSvc C:\windows\system32\lsass.exe
17:27:58.0881 0x1ae4 VaultSvc - ok
17:27:58.0911 0x1ae4 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
17:27:58.0921 0x1ae4 vdrvroot - ok
17:27:58.0941 0x1ae4 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\windows\System32\vds.exe
17:27:58.0981 0x1ae4 vds - ok
17:27:59.0001 0x1ae4 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
17:27:59.0021 0x1ae4 vga - ok
17:27:59.0021 0x1ae4 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\windows\System32\drivers\vga.sys
17:27:59.0051 0x1ae4 VgaSave - ok
17:27:59.0081 0x1ae4 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\windows\system32\drivers\vhdmp.sys
17:27:59.0091 0x1ae4 vhdmp - ok
17:27:59.0111 0x1ae4 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\windows\system32\drivers\viaide.sys
17:27:59.0121 0x1ae4 viaide - ok
17:27:59.0141 0x1ae4 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\windows\system32\drivers\volmgr.sys
17:27:59.0151 0x1ae4 volmgr - ok
17:27:59.0171 0x1ae4 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\windows\system32\drivers\volmgrx.sys
17:27:59.0181 0x1ae4 volmgrx - ok
17:27:59.0211 0x1ae4 [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap C:\windows\system32\drivers\volsnap.sys
17:27:59.0221 0x1ae4 volsnap - ok
17:27:59.0261 0x1ae4 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\windows\system32\drivers\vsmraid.sys
17:27:59.0271 0x1ae4 vsmraid - ok
17:27:59.0341 0x1ae4 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\windows\system32\vssvc.exe
17:27:59.0411 0x1ae4 VSS - ok
17:27:59.0421 0x1ae4 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
17:27:59.0441 0x1ae4 vwifibus - ok
17:27:59.0481 0x1ae4 [ 13A0DECD1794DE60A8427862C8669D27, 4024AF9F2F052BC80C85F5B9A671499C20AF38838206CC649E6EFE37C380D3BF ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
17:27:59.0511 0x1ae4 vwififlt - ok
17:27:59.0561 0x1ae4 [ 49003B357D101CDC474937437ECF5ABC, D3EC570D616DC39FE6BF02DA1CD6C30CD07C27CC5B4B6FD6DACB5D8A4F1596A6 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
17:27:59.0581 0x1ae4 vwifimp - ok
17:27:59.0611 0x1ae4 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\windows\system32\w32time.dll
17:27:59.0651 0x1ae4 W32Time - ok
17:27:59.0671 0x1ae4 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\windows\system32\drivers\wacompen.sys
17:27:59.0711 0x1ae4 WacomPen - ok
17:27:59.0731 0x1ae4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
17:27:59.0771 0x1ae4 WANARP - ok
17:27:59.0781 0x1ae4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
17:27:59.0801 0x1ae4 Wanarpv6 - ok
17:27:59.0881 0x1ae4 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
17:27:59.0911 0x1ae4 WatAdminSvc - ok
17:27:59.0971 0x1ae4 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\windows\system32\wbengine.exe
17:28:00.0041 0x1ae4 wbengine - ok
17:28:00.0061 0x1ae4 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\windows\System32\wbiosrvc.dll
17:28:00.0081 0x1ae4 WbioSrvc - ok
17:28:00.0101 0x1ae4 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\windows\System32\wcncsvc.dll
17:28:00.0121 0x1ae4 wcncsvc - ok
17:28:00.0141 0x1ae4 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
17:28:00.0151 0x1ae4 WcsPlugInService - ok
17:28:00.0161 0x1ae4 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\windows\system32\drivers\wd.sys
17:28:00.0171 0x1ae4 Wd - ok
17:28:00.0231 0x1ae4 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
17:28:00.0251 0x1ae4 Wdf01000 - ok
17:28:00.0281 0x1ae4 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\windows\system32\wdi.dll
17:28:00.0311 0x1ae4 WdiServiceHost - ok
17:28:00.0311 0x1ae4 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\windows\system32\wdi.dll
17:28:00.0321 0x1ae4 WdiSystemHost - ok
17:28:00.0361 0x1ae4 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\windows\System32\webclnt.dll
17:28:00.0401 0x1ae4 WebClient - ok
17:28:00.0431 0x1ae4 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\windows\system32\wecsvc.dll
17:28:00.0481 0x1ae4 Wecsvc - ok
17:28:00.0501 0x1ae4 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\windows\System32\wercplsupport.dll
17:28:00.0541 0x1ae4 wercplsupport - ok
17:28:00.0571 0x1ae4 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\windows\System32\WerSvc.dll
17:28:00.0601 0x1ae4 WerSvc - ok
17:28:00.0621 0x1ae4 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
17:28:00.0661 0x1ae4 WfpLwf - ok
17:28:00.0691 0x1ae4 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\windows\system32\drivers\wimmount.sys
17:28:00.0691 0x1ae4 WIMMount - ok
17:28:00.0721 0x1ae4 WinDefend - ok
17:28:00.0731 0x1ae4 WinHttpAutoProxySvc - ok
17:28:00.0781 0x1ae4 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
17:28:00.0811 0x1ae4 Winmgmt - ok
17:28:00.0891 0x1ae4 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\windows\system32\WsmSvc.dll
17:28:00.0981 0x1ae4 WinRM - ok
17:28:01.0051 0x1ae4 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
17:28:01.0061 0x1ae4 WinUsb - ok
17:28:01.0111 0x1ae4 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\windows\System32\wlansvc.dll
17:28:01.0151 0x1ae4 Wlansvc - ok
17:28:01.0261 0x1ae4 [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:28:01.0311 0x1ae4 wlidsvc - ok
17:28:01.0331 0x1ae4 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
17:28:01.0361 0x1ae4 WmiAcpi - ok
17:28:01.0401 0x1ae4 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
17:28:01.0431 0x1ae4 wmiApSrv - ok
17:28:01.0461 0x1ae4 WMPNetworkSvc - ok
17:28:01.0481 0x1ae4 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\windows\System32\wpcsvc.dll
17:28:01.0521 0x1ae4 WPCSvc - ok
17:28:01.0541 0x1ae4 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
17:28:01.0571 0x1ae4 WPDBusEnum - ok
17:28:01.0591 0x1ae4 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
17:28:01.0631 0x1ae4 ws2ifsl - ok
17:28:01.0651 0x1ae4 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\windows\System32\wscsvc.dll
17:28:01.0671 0x1ae4 wscsvc - ok
17:28:01.0671 0x1ae4 WSearch - ok
17:28:01.0761 0x1ae4 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\windows\system32\wuaueng.dll
17:28:01.0831 0x1ae4 wuauserv - ok
17:28:01.0851 0x1ae4 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
17:28:01.0881 0x1ae4 WudfPf - ok
17:28:01.0921 0x1ae4 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
17:28:01.0931 0x1ae4 WUDFRd - ok
17:28:01.0961 0x1ae4 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\windows\System32\WUDFSvc.dll
17:28:01.0971 0x1ae4 wudfsvc - ok
17:28:02.0001 0x1ae4 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\windows\System32\wwansvc.dll
17:28:02.0041 0x1ae4 WwanSvc - ok
17:28:02.0081 0x1ae4 ================ Scan global ===============================
17:28:02.0111 0x1ae4 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
17:28:02.0141 0x1ae4 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
17:28:02.0151 0x1ae4 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
17:28:02.0181 0x1ae4 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
17:28:02.0201 0x1ae4 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
17:28:02.0201 0x1ae4 [ Global ] - ok
17:28:02.0201 0x1ae4 ================ Scan MBR ==================================
17:28:02.0211 0x1ae4 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
17:28:02.0751 0x1ae4 \Device\Harddisk0\DR0 - ok
17:28:02.0751 0x1ae4 ================ Scan VBR ==================================
17:28:02.0761 0x1ae4 [ 8C7C0983D6A98E6A1603756F2961CFFB ] \Device\Harddisk0\DR0\Partition1
17:28:02.0761 0x1ae4 \Device\Harddisk0\DR0\Partition1 - ok
17:28:02.0771 0x1ae4 [ D161B13753EB47C128C457BDDDF9C5AF ] \Device\Harddisk0\DR0\Partition2
17:28:02.0781 0x1ae4 \Device\Harddisk0\DR0\Partition2 - ok
17:28:02.0791 0x1ae4 [ ACCA152EB551057889F2AAD16E7953CD ] \Device\Harddisk0\DR0\Partition3
17:28:02.0791 0x1ae4 \Device\Harddisk0\DR0\Partition3 - ok
17:28:02.0801 0x1ae4 ================ Scan generic autorun ======================
17:28:03.0151 0x1ae4 [ 71BC8F95B5E5AFA85D66881EAF919C6F, AF88E6BDA52BAAAEBC640F21BB7C16F3ED3F4127EFA48E0752A55C3D807D0CA3 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
17:28:03.0401 0x1ae4 RtHDVCpl - ok
17:28:03.0411 0x1ae4 SynTPEnh - ok
17:28:03.0481 0x1ae4 [ A162B967A88BF374A81E01EF6E7A2655, 3616D7DDF72964EB1C7C40E45CCEFD7116252607068AEB9FB093F20064FB5BA2 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
17:28:03.0501 0x1ae4 avgnt - ok
17:28:03.0551 0x1ae4 [ BB10E34B162FBEAE5636474A79026A0D, 700629C7497ED01E5B7DF99F0D8F56FF30BBA067ED65AC7A0D77B3765C596ECB ] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
17:28:03.0561 0x1ae4 Avira Systray - ok
17:28:03.0631 0x1ae4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
17:28:03.0691 0x1ae4 Sidebar - ok
17:28:03.0721 0x1ae4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
17:28:03.0731 0x1ae4 mctadmin - ok
17:28:03.0781 0x1ae4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
17:28:03.0811 0x1ae4 Sidebar - ok
17:28:03.0831 0x1ae4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
17:28:03.0841 0x1ae4 mctadmin - ok
17:28:03.0941 0x1ae4 [ 7C153262FAA390C3F9B82B2D98B541C7, B7F15950391CF0E64198DB95AFBE3E737AEC56F6209D12AB4F284A3ACBC76642 ] C:\Program Files (x86)\FeedReader30\feedreader.exe
17:28:04.0001 0x1ae4 feedreader.exe - detected UnsignedFile.Multi.Generic ( 1 )
17:28:08.0571 0x1ae4 Detect skipped due to KSN trusted
17:28:08.0571 0x1ae4 feedreader.exe - ok
17:28:08.0621 0x1ae4 [ FCA082CC69A53982024BD05B4910ABC5, F2B0246C567CD7CFBCDDD1C66492F563047334898BE97678B6624B852C2007E0 ] C:\Program Files\Sandboxie\SbieCtrl.exe
17:28:08.0651 0x1ae4 SandboxieControl - ok
17:28:08.0761 0x1ae4 [ E8405C87CD06FF5D69BC6F3B24D766D0, C82171BEDBFE593A04D09C2E20B0528AA3CEC722D6919F8A5C70C6EFFB9EFEAE ] C:\Users\Timo\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
17:28:09.0071 0x1ae4 AmazonMP3DownloaderHelper - ok
17:28:09.0161 0x1ae4 icq - ok
17:28:09.0261 0x1ae4 [ 08DFA176E4FC0E63ACD8EC854449D2B0, B8CA204C3F318CD9D12F61CDDA5C66184A48D6206F019AD11DB2605FDBEB288D ] C:\Users\Timo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
17:28:09.0311 0x1ae4 Spotify Web Helper - ok
17:28:09.0311 0x1ae4 Waiting for KSN requests completion. In queue: 147
17:28:10.0311 0x1ae4 Waiting for KSN requests completion. In queue: 3
17:28:11.0311 0x1ae4 Waiting for KSN requests completion. In queue: 3
17:28:12.0351 0x1ae4 AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.7.440 ), 0x40000 ( disabled : updated )
17:28:12.0381 0x1ae4 Win FW state via NFP2: enabled
17:28:15.0201 0x1ae4 ============================================================
17:28:15.0201 0x1ae4 Scan finished
17:28:15.0201 0x1ae4 ============================================================
17:28:15.0201 0x12f0 Detected object count: 0
17:28:15.0201 0x12f0 Actual detected object count: 0
Elvis |
|
02.03.2015, 08:21
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7: Windows-Firewall blockiert Firefox-Anwendungen hi, Scan mit Combofix
__________________ --> Windows 7: Windows-Firewall blockiert Firefox-Anwendungen |
|
02.03.2015, 11:02
| #7 |
| | Windows 7: Windows-Firewall blockiert Firefox-Anwendungen Hallo, hier das Combofix-Logfile: Code:
ATTFilter ComboFix 15-03-01.01 - Admin 02.03.2015 9:17.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8106.6449 [GMT 1:00]
ausgeführt von:: c:\users\Admin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SecureW2
c:\program files (x86)\SecureW2\Uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
c:\users\Admin\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\users\Timo\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E8244B59-6F14-48AE-B5FD-F29A93FD3CB5}.xps
c:\users\Timo\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EF5024FF-FC7B-47B0-A3E5-7318FA21E6D1}.xps
c:\users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
D:\reg.reg
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-02-02 bis 2015-03-02 ))))))))))))))))))))))))))))))
.
.
2015-03-02 08:23 . 2015-03-02 08:23 -------- d-----w- c:\users\Timo\AppData\Local\temp
2015-03-02 08:23 . 2015-03-02 08:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-01 15:29 . 2015-03-01 15:32 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-27 14:29 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3CC6F3BC-299C-4CA0-93DF-9C4B7B0C9FF2}\mpengine.dll
2015-02-23 22:48 . 2015-02-28 08:52 -------- d-----w- c:\users\Timo\AppData\Local\Spotify
2015-02-23 22:47 . 2015-02-28 10:16 -------- d-----w- c:\users\Timo\AppData\Roaming\Spotify
2015-02-23 22:38 . 2015-02-23 22:38 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-23 22:38 . 2015-02-23 22:38 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-14 13:40 . 2014-12-11 17:47 52736 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-02-14 13:40 . 2014-10-04 02:10 3722752 ----a-w- c:\windows\system32\mstscax.dll
2015-02-14 13:40 . 2014-10-04 01:42 3221504 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-02-14 13:40 . 2014-10-04 01:42 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2015-02-13 16:53 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-13 16:53 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
2015-02-13 16:53 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-13 16:53 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-11 13:42 . 2015-01-12 02:48 2885632 ----a-w- c:\windows\system32\iertutil.dll
2015-02-11 13:41 . 2014-12-12 05:31 1480192 ----a-w- c:\windows\system32\crypt32.dll
2015-02-11 13:41 . 2014-12-12 05:07 1174528 ----a-w- c:\windows\SysWow64\crypt32.dll
2015-02-11 13:41 . 2014-11-26 03:53 861696 ----a-w- c:\windows\system32\oleaut32.dll
2015-02-11 13:41 . 2014-11-26 03:32 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2015-02-11 13:40 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
2015-02-11 13:40 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-02-11 13:40 . 2015-01-14 06:09 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-02-11 13:40 . 2015-01-14 05:44 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-02-11 13:40 . 2015-01-14 05:44 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-02-11 13:40 . 2015-01-14 06:05 503808 ----a-w- c:\windows\system32\srcore.dll
2015-02-11 13:40 . 2015-01-14 06:04 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-02-11 13:40 . 2015-01-14 06:05 50176 ----a-w- c:\windows\system32\srclient.dll
2015-02-11 13:40 . 2015-01-14 05:41 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-02-11 13:39 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-01 15:34 . 2013-11-11 13:54 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-12 06:59 . 2012-10-13 06:26 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-01-26 12:55 . 2015-01-26 12:55 4070576 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-01-22 12:07 . 2014-08-08 08:18 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-14 04:03 . 2013-07-07 17:34 627912 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-12-22 23:41 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-19 03:06 . 2015-01-14 08:56 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 08:56 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-06 04:17 . 2015-01-14 08:56 303616 ----a-w- c:\windows\system32\nlasvc.dll
2014-12-06 03:50 . 2015-01-14 08:56 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50 . 2015-01-14 08:56 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-07 17:40 222712 ----a-w- c:\users\Admin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-07 17:40 222712 ----a-w- c:\users\Admin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-07 17:40 222712 ----a-w- c:\users\Admin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-09 702768]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2015-01-19 126712]
.
c:\users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
An OneNote senden.lnk - c:\program files\Microsoft Office 15\root\office15\ONENOTEM.EXE /tsr [2014-9-24 195240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\nvinit.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ALSysIO;ALSysIO;c:\users\Admin\AppData\Local\Temp\ALSysIO64.sys;c:\users\Admin\AppData\Local\Temp\ALSysIO64.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam 250(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 ABBYY.Licensing.FineReader.Professional.12.0;ABBYY FineReader 12 PE Licensing Service;c:\program files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe;c:\program files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys;c:\windows\SYSNATIVE\DRIVERS\SGdrv64.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-23 22:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-07 17:40 261624 ----a-w- c:\users\Admin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-07 17:40 261624 ----a-w- c:\users\Admin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-07 17:40 261624 ----a-w- c:\users\Admin\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-14 07:20 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-14 07:20 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-14 07:20 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-12 12558440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Citavi Picker... - file://c:\program files (x86)\Internet Explorer\Citavi Picker\ShowContextMenu.html
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ldha8x22.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} - (no file)
c:\users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
c:\users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Timo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Timo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Timo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Timo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-SecureW2 EAP Suite - c:\program files (x86)\SecureW2\Uninstall.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\hxxp://schemas.microsoft.com/office/smartdocuments/2003\0]
"Key"="hxxp://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\hxxp://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-03-02 09:35:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-03-02 08:35
.
Vor Suchlauf: 13 Verzeichnis(se), 195.132.985.344 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 199.663.005.696 Bytes frei
.
- - End Of File - - AC16AD74B633E1DC47249DAA7DF8524C
Beste Grüße Elvis P. |
|
02.03.2015, 16:59
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7: Windows-Firewall blockiert Firefox-Anwendungen Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.03.2015, 21:17
| #9 |
| | Windows 7: Windows-Firewall blockiert Firefox-Anwendungen Hallo, anbei die Ergebnisse: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.03.02.05
rootkit: v2015.02.25.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17633
Admin :: TIMO-PC [administrator]
02.03.2015 18:47:29
mbar-log-2015-03-02 (18-47-29).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 425019
Time elapsed: 33 minute(s), 54 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter # AdwCleaner v4.111 - Bericht erstellt 02/03/2015 um 20:52:19
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-03-02.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Admin - TIMO-PC
# Gestarted von : C:\Users\Admin\Desktop\AdwCleaner_4.111.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Fighters
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Timo\AppData\Roaming\download Manager
Datei Gelöscht : C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\gmwm9fm1.default-1385935033880\foxydeal.sqlite
Datei Gelöscht : C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\x0i8jh9q.default\foxydeal.sqlite
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKCU\Software\OCS
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17631
-\\ Mozilla Firefox v36.0 (x86 de)
[gmwm9fm1.default-1385935033880\prefs.js] - Zeile Gelöscht : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
[gmwm9fm1.default-1385935033880\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"14a582454ed218-0ad92ab28344e2-47554136-0-14a582454ee31b\"");
[gmwm9fm1.default-1385935033880\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.SAUTH_expires_at", "1424709485");
[gmwm9fm1.default-1385935033880\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.SAUTH_rndsnr", "\"7c7d8fbe9cd9ca593bae30ac73c5741b1af39b33\"");
[gmwm9fm1.default-1385935033880\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.SAUTH_userid", "5720568893");
[gmwm9fm1.default-1385935033880\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.SAUTH_utoken", "\"ce0841b4e2d78327eb4f01a1f5eb0a0bfe89a053\"");
[gmwm9fm1.default-1385935033880\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.install", "1418817983734");
[gmwm9fm1.default-1385935033880\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.search_offer_disabled", "true");
*************************
AdwCleaner[R0].txt - [3854 Bytes] - [11/11/2013 11:54:53]
AdwCleaner[R1].txt - [3914 Bytes] - [11/11/2013 11:55:54]
AdwCleaner[R2].txt - [4394 Bytes] - [02/03/2015 20:50:53]
AdwCleaner[S0].txt - [3983 Bytes] - [11/11/2013 12:08:39]
AdwCleaner[S1].txt - [4334 Bytes] - [02/03/2015 20:52:19]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4393 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Home Premium x64
Ran by Admin on 02.03.2015 at 20:59:35,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\ldha8x22.default\minidumps [6 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.03.2015 at 21:03:18,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by Admin (administrator) on TIMO-PC on 02-03-2015 21:05:34
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available profiles: Timo & Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY Production LLC) C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2784552 2011-05-13] (Synaptics Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs: ,C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: ,C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
Startup: C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-819639659-4150350305-585420797-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-819639659-4150350305-585420797-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-819639659-4150350305-585420797-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} hxxp://ax.emsisoft.com/emsisoft_webscan.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ldha8x22.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll (Macromedia, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Computer, Inc.)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ldha8x22.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ldha8x22.default\searchplugins\google-maps.xml
FF Extension: Cliqz Beta - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ldha8x22.default\Extensions\cliqz@cliqz.com.xpi [2015-03-01]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-07-15]
FF HKU\S-1-5-21-819639659-4150350305-585420797-1004\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF HKU\S-1-5-21-819639659-4150350305-585420797-1004\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ldha8x22.default\extensions\cliqz@cliqz.com
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
Opera:
=======
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ABBYY.Licensing.FineReader.Professional.12.0; C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe [961744 2014-07-13] (ABBYY Production LLC)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [183896 2013-07-08] (Sandboxie Holdings, LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-14] (Avira Operations GmbH & Co. KG)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-04-10] (Windows (R) 2003 DDK 3790 provider)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [199384 2013-07-08] (Sandboxie Holdings, LLC)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
S3 ALSysIO; \??\C:\Users\Admin\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-02 21:03 - 2015-03-02 21:03 - 00000756 _____ () C:\Users\Admin\Desktop\JRT.txt
2015-03-02 20:58 - 2015-03-02 20:58 - 01388333 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe
2015-03-02 20:50 - 2015-03-02 20:50 - 02126848 _____ () C:\Users\Admin\Desktop\AdwCleaner_4.111.exe
2015-03-02 18:44 - 2015-03-02 20:41 - 00000000 ____D () C:\Users\Admin\Desktop\mbar
2015-03-02 18:42 - 2015-03-02 18:42 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Admin\Desktop\mbar-1.09.1.1004.exe
2015-03-02 09:35 - 2015-03-02 09:35 - 00019302 _____ () C:\ComboFix.txt
2015-03-02 09:10 - 2015-03-02 09:36 - 00000000 ____D () C:\Qoobox
2015-03-02 09:10 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2015-03-02 09:10 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2015-03-02 09:10 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-03-02 09:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-03-02 09:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-03-02 09:10 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2015-03-02 09:10 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2015-03-02 09:10 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2015-03-02 09:09 - 2015-03-02 09:34 - 00000000 ____D () C:\windows\erdnt
2015-03-02 09:07 - 2015-03-02 09:07 - 05612482 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2015-03-01 17:25 - 2015-03-01 17:24 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Desktop\tdsskiller.exe
2015-03-01 17:24 - 2015-03-01 17:24 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Downloads\tdsskiller.exe
2015-03-01 16:30 - 2015-03-01 16:30 - 00000000 ____D () C:\Users\Admin\Desktop\mbar-1.09.1.1004 (alt)
2015-03-01 16:30 - 2015-03-01 16:30 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\WinRAR
2015-03-01 16:29 - 2015-03-02 18:45 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-03-01 11:45 - 2015-03-01 11:46 - 00042310 _____ () C:\Users\Admin\Desktop\Addition.txt
2015-03-01 11:44 - 2015-03-02 21:05 - 00017473 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-02-26 18:56 - 2015-02-26 18:56 - 00006631 _____ () C:\Users\Timo\Desktop\Gmer.zip
2015-02-26 18:54 - 2015-02-26 18:54 - 01182149 _____ () C:\Users\Timo\Desktop\7z936.exe
2015-02-26 15:24 - 2015-02-26 15:43 - 00131763 _____ () C:\Users\Timo\Desktop\Gmer.txt
2015-02-26 15:12 - 2015-02-26 15:12 - 00380416 _____ () C:\Users\Timo\Desktop\Gmer-19357.exe
2015-02-26 15:08 - 2015-03-01 11:46 - 00042310 _____ () C:\Users\Timo\Desktop\Addition.txt
2015-02-26 15:07 - 2015-03-01 11:46 - 00045399 _____ () C:\Users\Timo\Desktop\FRST.txt
2015-02-26 15:07 - 2015-02-26 15:07 - 02087936 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2015-02-26 15:05 - 2015-02-26 15:05 - 00000472 _____ () C:\Users\Timo\Desktop\defogger_disable.log
2015-02-26 15:05 - 2015-02-26 15:05 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2015-02-26 15:04 - 2015-02-26 15:04 - 00050477 _____ () C:\Users\Timo\Desktop\Defogger.exe
2015-02-26 15:00 - 2015-02-26 15:00 - 00050477 _____ () C:\Users\Timo\Downloads\SpotifySetup.exe
2015-02-26 10:14 - 2015-02-26 10:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-25 21:04 - 2015-01-09 00:44 - 00419936 _____ () C:\windows\SysWOW64\locale.nls
2015-02-25 21:04 - 2015-01-09 00:43 - 00419936 _____ () C:\windows\system32\locale.nls
2015-02-23 23:48 - 2015-02-28 09:52 - 00000000 ____D () C:\Users\Timo\AppData\Local\Spotify
2015-02-23 23:48 - 2015-02-23 23:48 - 00001799 _____ () C:\Users\Timo\Desktop\Spotify.lnk
2015-02-23 23:48 - 2015-02-23 23:48 - 00001785 _____ () C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-02-23 23:47 - 2015-02-28 11:16 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\Spotify
2015-02-23 23:38 - 2015-03-02 21:03 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-23 23:38 - 2015-02-23 23:38 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-23 23:38 - 2015-02-23 23:38 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-23 23:38 - 2015-02-23 23:38 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-17 22:04 - 2015-02-17 22:04 - 00447698 _____ () C:\Users\Timo\Desktop\WordPlaceholders_2015-02-17 22-04-54.bak
2015-02-17 21:49 - 2015-02-17 21:49 - 00038896 _____ () C:\Users\Timo\Desktop\WordPlaceholders_2015-02-17 21-49-02.bak
2015-02-14 14:40 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-02-14 14:40 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-02-14 14:40 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-02-14 14:40 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2015-02-13 17:53 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-13 17:53 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-13 17:53 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-02-13 17:53 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-02-11 14:43 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-02-11 14:43 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-02-11 14:43 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-02-11 14:43 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-02-11 14:43 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-02-11 14:43 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-02-11 14:43 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-02-11 14:43 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-02-11 14:43 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-11 14:43 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-02-11 14:43 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-11 14:43 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-02-11 14:43 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-02-11 14:43 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-02-11 14:43 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-02-11 14:43 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-02-11 14:43 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-02-11 14:43 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-02-11 14:43 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-02-11 14:43 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 14:43 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-02-11 14:43 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-02-11 14:43 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-02-11 14:43 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-11 14:43 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-02-11 14:43 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-02-11 14:43 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-02-11 14:43 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-02-11 14:43 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-02-11 14:43 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-11 14:43 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-11 14:43 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-02-11 14:43 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 14:43 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-02-11 14:43 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-02-11 14:43 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-02-11 14:43 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-02-11 14:43 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-02-11 14:43 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-11 14:43 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-11 14:43 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-02-11 14:43 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-02-11 14:43 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-02-11 14:43 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-11 14:43 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-02-11 14:43 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-02-11 14:43 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-02-11 14:43 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-02-11 14:43 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-02-11 14:43 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-02-11 14:43 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-02-11 14:43 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-02-11 14:43 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-02-11 14:43 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-02-11 14:43 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-02-11 14:43 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-02-11 14:43 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-02-11 14:43 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-02-11 14:43 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-02-11 14:43 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2015-02-11 14:42 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-11 14:42 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-11 14:42 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-11 14:42 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-11 14:42 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-11 14:42 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-11 14:42 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-11 14:42 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-11 14:42 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-11 14:42 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-11 14:42 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-11 14:42 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-02-11 14:42 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-02-11 14:42 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-02-11 14:42 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-02-11 14:42 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-02-11 14:42 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-02-11 14:42 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-11 14:42 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-11 14:42 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-02-11 14:42 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-11 14:42 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-11 14:42 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-11 14:42 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-11 14:42 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-11 14:42 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-11 14:42 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-11 14:42 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-11 14:42 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-02-11 14:42 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-02-11 14:42 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-11 14:42 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-11 14:42 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-02-11 14:42 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-11 14:42 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-02-11 14:42 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-11 14:42 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-02-11 14:42 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-02-11 14:41 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-02-11 14:41 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-02-11 14:41 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-11 14:41 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-02-11 14:40 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-11 14:40 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-02-11 14:40 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-02-11 14:40 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-02-11 14:40 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-02-11 14:40 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-02-11 14:40 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-02-11 14:40 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-11 14:40 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-02-11 14:39 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-02 18:20 - 2015-02-02 18:20 - 00004074 _____ () C:\Users\Timo\AppData\Local\recently-used.xbel
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-02 21:05 - 2013-11-11 02:00 - 00000000 ____D () C:\FRST
2015-03-02 21:01 - 2009-07-14 05:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-02 21:01 - 2009-07-14 05:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-02 20:53 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-02 20:53 - 2009-07-14 05:51 - 00165899 _____ () C:\windows\setupact.log
2015-03-02 20:52 - 2013-11-11 11:54 - 00000000 ____D () C:\AdwCleaner
2015-03-02 20:52 - 2012-01-10 04:42 - 01990000 _____ () C:\windows\WindowsUpdate.log
2015-03-02 20:41 - 2013-11-11 14:54 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-02 18:46 - 2013-11-11 14:54 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-02 17:24 - 2012-01-10 04:13 - 00699666 _____ () C:\windows\system32\perfh007.dat
2015-03-02 17:24 - 2012-01-10 04:13 - 00149774 _____ () C:\windows\system32\perfc007.dat
2015-03-02 17:24 - 2009-07-14 06:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-02 15:02 - 2014-01-29 23:24 - 00005126 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Timo-PC-Timo Timo-PC
2015-03-02 14:41 - 2013-04-09 15:17 - 00000000 ____D () C:\Users\Timo\Documents\Citavi 4
2015-03-02 14:40 - 2013-02-23 22:04 - 00001618 _____ () C:\windows\Sandboxie.ini
2015-03-02 09:36 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-03-02 09:29 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2015-03-02 09:26 - 2010-11-21 04:47 - 00615652 _____ () C:\windows\PFRO.log
2015-03-02 00:14 - 2012-10-26 18:46 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\Swiss Academic Software
2015-03-01 18:03 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2015-03-01 17:38 - 2014-02-05 12:40 - 00000000 ___RD () C:\Users\Timo\Dropbox
2015-03-01 17:38 - 2014-02-05 12:38 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\Dropbox
2015-02-26 15:27 - 2012-10-12 19:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-26 15:05 - 2013-02-12 20:59 - 00000000 ____D () C:\Users\Admin
2015-02-24 20:28 - 2013-07-07 18:27 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-23 23:38 - 2014-10-17 14:35 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2015-02-23 02:13 - 2013-09-10 09:31 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\tor
2015-02-15 00:55 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2015-02-14 13:26 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-02-13 20:31 - 2014-02-05 12:40 - 00001013 _____ () C:\Users\Timo\Desktop\Dropbox.lnk
2015-02-13 20:31 - 2014-02-05 12:39 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-13 19:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-12 14:41 - 2009-07-14 05:45 - 00394776 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-12 14:38 - 2014-12-10 03:21 - 00000000 ____D () C:\windows\system32\appraiser
2015-02-12 14:38 - 2014-05-06 22:34 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-02-12 14:37 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\tracing
2015-02-12 08:03 - 2013-08-05 12:47 - 00000000 ____D () C:\windows\system32\MRT
2015-02-12 07:59 - 2012-10-13 07:26 - 116773704 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-02-10 22:46 - 2014-08-17 10:48 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-10 22:46 - 2012-10-12 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-10 22:46 - 2012-10-12 14:25 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-05 15:28 - 2009-07-14 06:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-02-02 18:32 - 2012-12-29 14:04 - 00000000 ____D () C:\Users\Timo\.gimp-2.8
2015-02-02 18:20 - 2014-08-05 15:24 - 00000000 ____D () C:\Users\Timo\AppData\Local\gtk-2.0
==================== Files in the root of some directories =======
2013-07-30 08:21 - 2013-07-30 08:21 - 0001424 _____ () C:\Users\Admin\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
2013-04-21 23:29 - 2013-08-02 15:15 - 0007641 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2012-01-09 13:08 - 2012-01-09 13:09 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-01-09 13:01 - 2012-01-09 13:03 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2012-01-09 13:06 - 2012-01-09 13:07 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-01-09 13:03 - 2012-01-09 13:06 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2012-01-09 13:07 - 2012-01-09 13:08 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
Files to move or delete:
====================
C:\Users\Timo\gimp-2.8.10-setup.exe
C:\Users\Timo\ImageMagick-6.8.9-6-Q16-x64-dll.exe
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\avgnt.exe
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll
C:\Users\Timo\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-23 01:34
==================== End Of Log ============================
--- --- --- Besten Dank und herzliche Grüße Elvis |
|
03.03.2015, 08:27
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7: Windows-Firewall blockiert Firefox-AnwendungenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.03.2015, 10:16
| #11 |
| | Windows 7: Windows-Firewall blockiert Firefox-Anwendungen Hallo, anbei die Ergebnisse: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e77bfab1b93cd644b39be495057de5df
# engine=22755
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-05 01:22:40
# local_time=2015-03-05 02:22:40 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 33730 290941850 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 155998 177148410 0 0
# scanned=291053
# found=11
# cleaned=0
# scan_time=9932
sh=55B6FA8649AD64F5373EC01B5E379C3210384A1C ft=0 fh=0000000000000000 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.12\PriceGong.crx.vir"
sh=76322659687EE34CDF6C5241ECC052697A1ABBC3 ft=1 fh=9efc01faa4e2088e vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.12\PriceGongIE.dll.vir"
sh=FBB49ECDC756250223E906548D687989242B755E ft=1 fh=21d8b5198eebce7e vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ldha8x22.default\Extensions\{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}\plugins\npPriceGong_FF.dll.vir"
sh=D40447CA1DDA860D23F8C7BE4F628650249ABE83 ft=1 fh=9ad6d6791b5fcfb2 vn="Variante von Win32/InstallShare.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Timo\Downloads\AdbeRdr1013_de_DE.exe"
sh=009EB47B6F88F2D2E5DFD84A103915307E2B729D ft=1 fh=ef595f6de1b3d387 vn="Variante von Win32/InstallIQ.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Timo\Downloads\coretemp_1236.exe"
sh=4985EEDDEDF7D5C34C94AD17025EF73B32ED5A0E ft=1 fh=f444df2be6c5f78d vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Timo\Downloads\Excel Haushaltsbuch - CHIP-Installer.exe"
sh=DBE0500E22321B309668CEDDC4E071DD15B235AC ft=1 fh=62f0d058ce161ef6 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Timo\Downloads\GPL Ghostscript 32 Bit - CHIP-Installer.exe"
sh=12F39B67C9C592FC99C08F070F18103F3793335B ft=1 fh=68f52bceaa31cca2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Timo\Downloads\Java Runtime Environment 32 Bit - CHIP-Installer.exe"
sh=CB2944AE1A1977A899538F1065F9D1211C2AEA03 ft=1 fh=013aeab0cb55a839 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Timo\Downloads\MyPhoneExplorer_Setup_1.8.5_pcwelt.exe"
sh=6771C6407C777561491C7DA17B977A0C36FEE440 ft=1 fh=33584fe17173779f vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Timo\Downloads\UNetbootin - CHIP-Installer.exe"
sh=BDBE423961F9AF37521672246D63F875E69E0FB0 ft=1 fh=421534aadbf545a0 vn="MSIL/Soft32Downloader.C evtl. unerwünschte Anwendung" ac=I fn="D:\Gaby\Alle\Eigene Dateien\Downloads\openoffice setup.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.96
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 31
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Adobe Reader XI
Mozilla Firefox (36.0)
Mozilla Thunderbird 17.0.3 Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01
Ran by Admin (administrator) on TIMO-PC on 05-03-2015 10:06:42
Running from C:\Users\Admin\Desktop
Loaded Profiles: Timo & Admin (Available profiles: Timo & Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY Production LLC) C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2784552 2011-05-13] (Synaptics Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-819639659-4150350305-585420797-1001\...\Run: [feedreader.exe] => C:\Program Files (x86)\FeedReader30\feedreader.exe [2058240 2009-03-29] ()
HKU\S-1-5-21-819639659-4150350305-585420797-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [759384 2013-07-08] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-819639659-4150350305-585420797-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Timo\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-819639659-4150350305-585420797-1001\...\Run: [icq] => C:\Users\Timo\AppData\Roaming\ICQM\icq.exe [35239432 2014-12-12] (ICQ)
HKU\S-1-5-21-819639659-4150350305-585420797-1001\...\Run: [Spotify Web Helper] => C:\Users\Timo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-02-23] (Spotify Ltd)
HKU\S-1-5-21-819639659-4150350305-585420797-1001\...\MountPoints2: {68b47204-083e-11e4-b31e-e8039aa11699} - G:\Startme.exe
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs: ,C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [166568 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
AppInit_DLLs-x32: ,C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [146480 2014-07-02] (NVIDIA Corporation)
Startup: C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-819639659-4150350305-585420797-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-819639659-4150350305-585420797-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
HKU\S-1-5-21-819639659-4150350305-585420797-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
HKU\S-1-5-21-819639659-4150350305-585420797-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-819639659-4150350305-585420797-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} hxxp://ax.emsisoft.com/emsisoft_webscan.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ldha8x22.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-819639659-4150350305-585420797-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll (Macromedia, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Computer, Inc.)
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ldha8x22.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ldha8x22.default\searchplugins\google-maps.xml
FF Extension: Cliqz Beta - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ldha8x22.default\Extensions\cliqz@cliqz.com.xpi [2015-03-01]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-07-15]
FF HKU\S-1-5-21-819639659-4150350305-585420797-1004\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF HKU\S-1-5-21-819639659-4150350305-585420797-1004\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ldha8x22.default\extensions\cliqz@cliqz.com
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
Opera:
=======
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ABBYY.Licensing.FineReader.Professional.12.0; C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe [961744 2014-07-13] (ABBYY Production LLC)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [183896 2013-07-08] (Sandboxie Holdings, LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-14] (Avira Operations GmbH & Co. KG)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-04-10] (Windows (R) 2003 DDK 3790 provider)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [199384 2013-07-08] (Sandboxie Holdings, LLC)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
S3 ALSysIO; \??\C:\Users\Admin\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-05 10:06 - 2015-03-05 10:06 - 00000000 ____D () C:\Users\Admin\Desktop\FRST-OlderVersion
2015-03-05 10:02 - 2015-03-05 10:02 - 00000922 _____ () C:\Users\Admin\Desktop\checkup.txt
2015-03-05 08:11 - 2015-03-05 08:11 - 00852594 _____ () C:\Users\Admin\Desktop\SecurityCheck.exe
2015-03-03 12:36 - 2015-03-03 12:36 - 00000000 ____D () C:\Users\Admin\AppData\Local\Swiss Academic Software
2015-03-03 08:38 - 2015-03-03 08:38 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-03 08:37 - 2015-03-03 08:37 - 02347384 _____ (ESET) C:\Users\Admin\Desktop\esetsmartinstaller_deu.exe
2015-03-03 08:33 - 2015-03-03 08:33 - 02347384 _____ (ESET) C:\Users\Timo\Desktop\esetsmartinstaller_deu.exe
2015-03-02 21:03 - 2015-03-02 21:03 - 00000756 _____ () C:\Users\Admin\Desktop\JRT.txt
2015-03-02 20:58 - 2015-03-02 20:58 - 01388333 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe
2015-03-02 20:50 - 2015-03-02 20:50 - 02126848 _____ () C:\Users\Admin\Desktop\AdwCleaner_4.111.exe
2015-03-02 18:44 - 2015-03-02 20:41 - 00000000 ____D () C:\Users\Admin\Desktop\mbar
2015-03-02 18:42 - 2015-03-02 18:42 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Admin\Desktop\mbar-1.09.1.1004.exe
2015-03-02 09:35 - 2015-03-02 09:35 - 00019302 _____ () C:\ComboFix.txt
2015-03-02 09:10 - 2015-03-02 09:36 - 00000000 ____D () C:\Qoobox
2015-03-02 09:10 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2015-03-02 09:10 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2015-03-02 09:10 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-03-02 09:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-03-02 09:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-03-02 09:10 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2015-03-02 09:10 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2015-03-02 09:10 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2015-03-02 09:09 - 2015-03-02 09:34 - 00000000 ____D () C:\windows\erdnt
2015-03-02 09:07 - 2015-03-02 09:07 - 05612482 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe
2015-03-01 17:25 - 2015-03-01 17:24 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Desktop\tdsskiller.exe
2015-03-01 17:24 - 2015-03-01 17:24 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Downloads\tdsskiller.exe
2015-03-01 16:30 - 2015-03-01 16:30 - 00000000 ____D () C:\Users\Admin\Desktop\mbar-1.09.1.1004 (alt)
2015-03-01 16:30 - 2015-03-01 16:30 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\WinRAR
2015-03-01 16:29 - 2015-03-02 21:13 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-03-01 11:45 - 2015-03-01 11:46 - 00042310 _____ () C:\Users\Admin\Desktop\Addition.txt
2015-03-01 11:44 - 2015-03-05 10:06 - 00019128 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-02-26 18:56 - 2015-02-26 18:56 - 00006631 _____ () C:\Users\Timo\Desktop\Gmer.zip
2015-02-26 18:54 - 2015-02-26 18:54 - 01182149 _____ () C:\Users\Timo\Desktop\7z936.exe
2015-02-26 15:24 - 2015-02-26 15:43 - 00131763 _____ () C:\Users\Timo\Desktop\Gmer.txt
2015-02-26 15:12 - 2015-02-26 15:12 - 00380416 _____ () C:\Users\Timo\Desktop\Gmer-19357.exe
2015-02-26 15:08 - 2015-03-01 11:46 - 00042310 _____ () C:\Users\Timo\Desktop\Addition.txt
2015-02-26 15:07 - 2015-03-05 10:06 - 02092544 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2015-02-26 15:07 - 2015-03-01 11:46 - 00045399 _____ () C:\Users\Timo\Desktop\FRST.txt
2015-02-26 15:05 - 2015-02-26 15:05 - 00000472 _____ () C:\Users\Timo\Desktop\defogger_disable.log
2015-02-26 15:05 - 2015-02-26 15:05 - 00000000 _____ () C:\Users\Admin\defogger_reenable
2015-02-26 15:04 - 2015-02-26 15:04 - 00050477 _____ () C:\Users\Timo\Desktop\Defogger.exe
2015-02-26 15:00 - 2015-02-26 15:00 - 00050477 _____ () C:\Users\Timo\Downloads\SpotifySetup.exe
2015-02-26 10:14 - 2015-02-26 10:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-25 21:04 - 2015-01-09 00:44 - 00419936 _____ () C:\windows\SysWOW64\locale.nls
2015-02-25 21:04 - 2015-01-09 00:43 - 00419936 _____ () C:\windows\system32\locale.nls
2015-02-23 23:48 - 2015-02-28 09:52 - 00000000 ____D () C:\Users\Timo\AppData\Local\Spotify
2015-02-23 23:48 - 2015-02-23 23:48 - 00001799 _____ () C:\Users\Timo\Desktop\Spotify.lnk
2015-02-23 23:48 - 2015-02-23 23:48 - 00001785 _____ () C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-02-23 23:47 - 2015-02-28 11:16 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\Spotify
2015-02-23 23:38 - 2015-03-05 10:03 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-23 23:38 - 2015-02-23 23:38 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-23 23:38 - 2015-02-23 23:38 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-23 23:38 - 2015-02-23 23:38 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-17 22:04 - 2015-02-17 22:04 - 00447698 _____ () C:\Users\Timo\Desktop\WordPlaceholders_2015-02-17 22-04-54.bak
2015-02-17 21:49 - 2015-02-17 21:49 - 00038896 _____ () C:\Users\Timo\Desktop\WordPlaceholders_2015-02-17 21-49-02.bak
2015-02-14 14:40 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-02-14 14:40 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-02-14 14:40 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-02-14 14:40 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2015-02-13 17:53 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-13 17:53 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-13 17:53 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-02-13 17:53 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-02-11 14:43 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-02-11 14:43 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-02-11 14:43 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-02-11 14:43 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-02-11 14:43 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-02-11 14:43 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-02-11 14:43 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-02-11 14:43 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-02-11 14:43 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-11 14:43 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-02-11 14:43 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-11 14:43 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-02-11 14:43 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-02-11 14:43 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-02-11 14:43 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-02-11 14:43 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-02-11 14:43 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-02-11 14:43 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-02-11 14:43 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-02-11 14:43 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 14:43 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-02-11 14:43 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-02-11 14:43 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-02-11 14:43 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-11 14:43 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-02-11 14:43 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-02-11 14:43 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-02-11 14:43 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-02-11 14:43 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-02-11 14:43 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-11 14:43 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-11 14:43 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-02-11 14:43 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 14:43 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-02-11 14:43 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-02-11 14:43 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-02-11 14:43 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-02-11 14:43 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-02-11 14:43 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-11 14:43 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-11 14:43 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-02-11 14:43 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-02-11 14:43 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-02-11 14:43 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-11 14:43 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-02-11 14:43 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-02-11 14:43 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-02-11 14:43 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-02-11 14:43 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-02-11 14:43 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-02-11 14:43 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-02-11 14:43 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-02-11 14:43 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-02-11 14:43 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-02-11 14:43 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-02-11 14:43 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-02-11 14:43 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-02-11 14:43 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-02-11 14:43 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-02-11 14:43 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2015-02-11 14:42 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-11 14:42 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-11 14:42 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-11 14:42 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-11 14:42 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-11 14:42 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-11 14:42 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-11 14:42 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-11 14:42 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-11 14:42 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-11 14:42 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-11 14:42 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-02-11 14:42 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-02-11 14:42 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-02-11 14:42 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-02-11 14:42 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-02-11 14:42 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-02-11 14:42 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-11 14:42 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-11 14:42 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-02-11 14:42 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-11 14:42 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-11 14:42 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-11 14:42 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-11 14:42 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-11 14:42 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-11 14:42 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-11 14:42 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-11 14:42 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-02-11 14:42 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-02-11 14:42 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-11 14:42 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-11 14:42 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-02-11 14:42 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-11 14:42 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-02-11 14:42 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-11 14:42 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-02-11 14:42 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-02-11 14:41 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-02-11 14:41 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-02-11 14:41 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-11 14:41 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-02-11 14:40 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-11 14:40 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-02-11 14:40 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-02-11 14:40 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-02-11 14:40 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-02-11 14:40 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-02-11 14:40 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-02-11 14:40 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-11 14:40 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-02-11 14:39 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-05 10:06 - 2013-11-11 02:00 - 00000000 ____D () C:\FRST
2015-03-05 07:54 - 2012-01-10 04:42 - 01107587 _____ () C:\windows\WindowsUpdate.log
2015-03-04 18:02 - 2009-07-14 05:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-04 18:02 - 2009-07-14 05:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-04 17:58 - 2013-04-09 15:17 - 00000000 ____D () C:\Users\Timo\Documents\Citavi 4
2015-03-04 17:54 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-03-04 17:54 - 2009-07-14 05:51 - 00166179 _____ () C:\windows\setupact.log
2015-03-03 21:01 - 2010-11-21 04:47 - 00616180 _____ () C:\windows\PFRO.log
2015-03-03 20:57 - 2013-07-04 17:44 - 00000000 ____D () C:\Users\Admin\Documents\Citavi 4
2015-03-03 00:55 - 2014-01-29 23:24 - 00005128 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Timo-PC-Timo Timo-PC
2015-03-02 21:13 - 2013-11-11 14:54 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-02 20:52 - 2013-11-11 11:54 - 00000000 ____D () C:\AdwCleaner
2015-03-02 18:46 - 2013-11-11 14:54 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-02 17:24 - 2012-01-10 04:13 - 00699666 _____ () C:\windows\system32\perfh007.dat
2015-03-02 17:24 - 2012-01-10 04:13 - 00149774 _____ () C:\windows\system32\perfc007.dat
2015-03-02 17:24 - 2009-07-14 06:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI
2015-03-02 14:40 - 2013-02-23 22:04 - 00001618 _____ () C:\windows\Sandboxie.ini
2015-03-02 09:36 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-03-02 09:29 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2015-03-02 00:14 - 2012-10-26 18:46 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\Swiss Academic Software
2015-03-01 18:03 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2015-03-01 17:38 - 2014-02-05 12:40 - 00000000 ___RD () C:\Users\Timo\Dropbox
2015-03-01 17:38 - 2014-02-05 12:38 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\Dropbox
2015-02-26 15:27 - 2012-10-12 19:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-26 15:05 - 2013-02-12 20:59 - 00000000 ____D () C:\Users\Admin
2015-02-24 20:28 - 2013-07-07 18:27 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-23 23:38 - 2014-10-17 14:35 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2015-02-23 02:13 - 2013-09-10 09:31 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\tor
2015-02-15 00:55 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2015-02-14 13:26 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-02-13 20:31 - 2014-02-05 12:40 - 00001013 _____ () C:\Users\Timo\Desktop\Dropbox.lnk
2015-02-13 20:31 - 2014-02-05 12:39 - 00000000 ____D () C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-13 19:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-12 14:41 - 2009-07-14 05:45 - 00394776 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-12 14:38 - 2014-12-10 03:21 - 00000000 ____D () C:\windows\system32\appraiser
2015-02-12 14:38 - 2014-05-06 22:34 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-02-12 14:37 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\tracing
2015-02-12 08:03 - 2013-08-05 12:47 - 00000000 ____D () C:\windows\system32\MRT
2015-02-12 07:59 - 2012-10-13 07:26 - 116773704 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-02-10 22:46 - 2014-08-17 10:48 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-10 22:46 - 2012-10-12 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-10 22:46 - 2012-10-12 14:25 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-05 15:28 - 2009-07-14 06:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
==================== Files in the root of some directories =======
2013-07-30 08:21 - 2013-07-30 08:21 - 0001424 _____ () C:\Users\Admin\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
2013-04-21 23:29 - 2013-08-02 15:15 - 0007641 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2012-01-09 13:08 - 2012-01-09 13:09 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-01-09 13:01 - 2012-01-09 13:03 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2012-01-09 13:06 - 2012-01-09 13:07 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-01-09 13:03 - 2012-01-09 13:06 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2012-01-09 13:07 - 2012-01-09 13:08 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
Files to move or delete:
====================
C:\Users\Timo\gimp-2.8.10-setup.exe
C:\Users\Timo\ImageMagick-6.8.9-6-Q16-x64-dll.exe
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\avgnt.exe
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll
C:\Users\Timo\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-05 02:44
==================== End Of Log ============================
Beste Grüße Elvis |
|
05.03.2015, 17:01
| #12 |
| /// the machine /// TB-Ausbilder | Windows 7: Windows-Firewall blockiert Firefox-Anwendungen Java und thunderbird updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.12\PriceGong.crx.vir
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.12\PriceGongIE.dll.vir
C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ldha8x22.default\Extensions\{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}\plugins\npPriceGong_FF.dll.vir
C:\Users\Timo\Downloads\AdbeRdr1013_de_DE.exe
C:\Users\Timo\Downloads\coretemp_1236.exe
C:\Users\Timo\Downloads\Excel Haushaltsbuch - CHIP-Installer.exe
C:\Users\Timo\Downloads\GPL Ghostscript 32 Bit - CHIP-Installer.exe
C:\Users\Timo\Downloads\Java Runtime Environment 32 Bit - CHIP-Installer.exe
C:\Users\Timo\Downloads\MyPhoneExplorer_Setup_1.8.5_pcwelt.exe
C:\Users\Timo\Downloads\UNetbootin - CHIP-Installer.exe
D:\Gaby\Alle\Eigene Dateien\Downloads\openoffice setup.exe
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.03.2015, 16:34
| #13 |
| | Windows 7: Windows-Firewall blockiert Firefox-Anwendungen Hallo, es folgt Fixlog.txt: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-03-2015 01
Ran by Admin at 2015-03-07 16:19:01 Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Timo & Admin (Available profiles: Timo & Admin)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.12\PriceGong.crx.vir
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.12\PriceGongIE.dll.vir
C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ldha8x22.default\Extensions\{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}\plugins\npPriceGong_FF.dll.vir
C:\Users\Timo\Downloads\AdbeRdr1013_de_DE.exe
C:\Users\Timo\Downloads\coretemp_1236.exe
C:\Users\Timo\Downloads\Excel Haushaltsbuch - CHIP-Installer.exe
C:\Users\Timo\Downloads\GPL Ghostscript 32 Bit - CHIP-Installer.exe
C:\Users\Timo\Downloads\Java Runtime Environment 32 Bit - CHIP-Installer.exe
C:\Users\Timo\Downloads\MyPhoneExplorer_Setup_1.8.5_pcwelt.exe
C:\Users\Timo\Downloads\UNetbootin - CHIP-Installer.exe
D:\Gaby\Alle\Eigene Dateien\Downloads\openoffice setup.exe
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
Emptytemp:
*****************
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.12\PriceGong.crx.vir => Moved successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.12\PriceGongIE.dll.vir => Moved successfully.
C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ldha8x22.default\Extensions\{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}\plugins\npPriceGong_FF.dll.vir => Moved successfully.
C:\Users\Timo\Downloads\AdbeRdr1013_de_DE.exe => Moved successfully.
C:\Users\Timo\Downloads\coretemp_1236.exe => Moved successfully.
C:\Users\Timo\Downloads\Excel Haushaltsbuch - CHIP-Installer.exe => Moved successfully.
C:\Users\Timo\Downloads\GPL Ghostscript 32 Bit - CHIP-Installer.exe => Moved successfully.
"C:\Users\Timo\Downloads\Java Runtime Environment 32 Bit - CHIP-Installer.exe" => File/Directory not found.
C:\Users\Timo\Downloads\MyPhoneExplorer_Setup_1.8.5_pcwelt.exe => Moved successfully.
C:\Users\Timo\Downloads\UNetbootin - CHIP-Installer.exe => Moved successfully.
D:\Gaby\Alle\Eigene Dateien\Downloads\openoffice setup.exe => Moved successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt1"" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt2"" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt3"" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt4"" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt5"" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt6"" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt7"" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt8"" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
EmptyTemp: => Removed 551.9 MB temporary data.
The system needed a reboot.
==== End of Fixlog 16:19:48 ====
Tatsächlich habe ich noch Probleme: Mein Antivir hat heute Nachmittag eine ganze Reihe an Funden gemeldet: Code:
ATTFilter Exportierte Ereignisse:
07.03.2015 16:33 [System-Scanner] Malware gefunden
Die Datei 'C:\FRST\Quarantine\C\Users\Timo\Downloads\UNetbootin -
CHIP-Installer.exe.xBAD'
enthielt einen Virus oder unerwünschtes Programm 'PUA/DownloadSponsor.Gen'
[riskware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48609485.qua'
verschoben!
07.03.2015 16:26 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\FRST\Quarantine\C\Users\Timo\Downloads\UNetbootin -
CHIP-Installer.exe.xBAD'
wurde ein Virus oder unerwünschtes Programm 'PUA/DownloadSponsor.Gen'
[riskware] gefunden.
Ausgeführte Aktion: Zugriff verweigern
07.03.2015 16:19 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\FRST\Quarantine\C\Users\Timo\Downloads\GPL Ghostscript 32 Bit
- CHIP-Installer.exe.xBAD'
wurde ein Virus oder unerwünschtes Programm 'PUA/DownloadSponsor.Gen'
[riskware] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
07.03.2015 16:19 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\FRST\Quarantine\C\Users\Timo\Downloads\Excel Haushaltsbuch -
CHIP-Installer.exe.xBAD'
wurde ein Virus oder unerwünschtes Programm 'PUA/DownloadSponsor.Gen'
[riskware] gefunden.
Ausgeführte Aktion: Zugriff verweigern
07.03.2015 16:19 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\FRST\Quarantine\C\Users\Timo\Downloads\GPL Ghostscript 32 Bit
- CHIP-Installer.exe.xBAD'
wurde ein Virus oder unerwünschtes Programm 'PUA/DownloadSponsor.Gen'
[riskware] gefunden.
Ausgeführte Aktion: Zugriff verweigern
07.03.2015 16:07 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Timo\Downloads\Java Runtime Environment 32 Bit -
CHIP-Installer.exe'
enthielt einen Virus oder unerwünschtes Programm 'PUA/DownloadSponsor.Gen'
[riskware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5331b9dd.qua'
verschoben!
07.03.2015 16:05 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Timo\Downloads\Java Runtime Environment 32 Bit -
CHIP-Installer.exe'
wurde ein Virus oder unerwünschtes Programm 'PUA/DownloadSponsor.Gen'
[riskware] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Vielen lieben Dank für die umfangreiche Hilfe Elvis P. |
|
08.03.2015, 08:41
| #14 |
| /// the machine /// TB-Ausbilder | Windows 7: Windows-Firewall blockiert Firefox-Anwendungen Die Funde sind in Quarantäne bei FRST, wie Du ja selbst siehst. Ausser 2. Code:
ATTFilter 07.03.2015 16:07 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Timo\Downloads\Java Runtime Environment 32 Bit -
CHIP-Installer.exe'
enthielt einen Virus oder unerwünschtes Programm 'PUA/DownloadSponsor.Gen'
[riskware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5331b9dd.qua'
verschoben!
07.03.2015 16:05 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Timo\Downloads\Java Runtime Environment 32 Bit -
CHIP-Installer.exe'
wurde ein Virus oder unerwünschtes Programm 'PUA/DownloadSponsor.Gen'
[riskware] gefunden.
Ausgeführte Aktion: Zugriff verweigern
CHIP-Installer - was ist das? - Anleitungen Fertig  Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7: Windows-Firewall blockiert Firefox-Anwendungen |
| abstürzen, adware, antivirus, ausgelastet, avira, blockiert, computer, converter, defender, device driver, downloader, dvdvideosoft ltd., fehler, firefox, flash player, help, home, installation, lightning, malware, mp3, onedrive, scan, security, server, software, temp, tracker, usb, windows |
WARNUNG an die MITLESER: 
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
