|
Plagegeister aller Art und deren Bekämpfung: bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinktWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.03.2015, 15:58 | #1 |
| bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt Hallo, ich brauche dringend Hilfe. Seit ein paar Tagen habe ich Probleme mit Mozilla Firefox. Beim Öffnen einer Seite werden im Hintergrund noch andere Werbeseiten geöffnet. Es erscheinen auf dem Bildschirm oben, unten überall Werbebanner. Klickt man eins weg, kommen 2 neue dazu. Verschiedene Wörter sind verlinkt. Ich habe schon versucht Mozilla zu deinstallieren und neu zu laden, bringt nichts. Auch Kaspersky sagt: "Alles in Ordnung" Ich hoffe, es kann mir jemand helfen. Ich arbeite mit Windows 7 Grüße von team |
13.03.2015, 16:08 | #2 |
/// the machine /// TB-Ausbilder | bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
13.03.2015, 16:41 | #3 |
| bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt FRST Logfile:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Zeeh (administrator) on ZEEH-PC on 13-03-2015 16:36:09 Running from C:\Users\Zeeh\Downloads Loaded Profiles: Zeeh (Available profiles: Zeeh) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser not detected!) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\stacsv64.exe (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (AMD) C:\Windows\System32\atieclxx.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\lexware\Update Service\Hmg.InstallationService.Service.exe () C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ATK) C:\Program Files\P4G\BatteryLife.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Windows\AsScrPro.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (syncables, LLC) C:\Program Files (x86)\syncables\syncables desktop\syncables.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Boingo Wireless, Inc.) C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\lexware\Update Manager\LxUpdateManager.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (AVM Berlin) C:\Users\Zeeh\AppData\Local\Apps\2.0\5H6GP0O6.A8T\ODMZ84MY.LH2\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE () C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\Zeeh\Downloads\FRST64 (1).exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-30] (ELAN Microelectronic Corp.) HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] () HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-11-27] (IDT, Inc.) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.) HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [391240 2010-12-06] (Acronis) HKLM-x32\...\Run: [Boingo Wi-Fi] => C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-08-10] () HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-11-11] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656 2009-10-27] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2009-08-20] (ASUS) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [SAOB Monitor] => C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2570688 2010-11-16] (Acronis) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5583056 2011-02-01] (Acronis) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [gmsd_de_100] => [X] HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [196648 2014-09-26] (Haufe-Lexware GmbH & Co. KG) HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\...\Run: [Syncables] => C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-04-05] (syncables, LLC) HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\...\Run: [AVMUSBFernanschluss] => C:\Users\Zeeh\AppData\Local\Apps\2.0\5H6GP0O6.A8T\ODMZ84MY.LH2\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe [139264 2012-12-30] (AVM Berlin) HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\...\MountPoints2: {57f77034-4961-11e0-a795-20cf3034dee3} - F:\pushinst.exe HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\...\MountPoints2: {5e559f93-2703-11e4-a630-20cf3034dee3} - F:\AutoRun.exe HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\...\MountPoints2: {5e559fa8-2703-11e4-a630-20cf3034dee3} - F:\AutoRun.exe HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\...\MountPoints2: {96a42350-32ce-11e4-b766-20cf3034dee3} - F:\AutoRun.exe HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\...\MountPoints2: {e545f6fa-82c3-11e0-9637-20cf3034dee3} - F:\unlock.exe autoplay=true Startup: C:\Users\Zeeh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.) ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1571306010-3709694829-1092883663-1000 -> {393DB63D-0E30-47F8-9F47-71AA303F4DE0} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} SearchScopes: HKU\S-1-5-21-1571306010-3709694829-1092883663-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = Toolbar: HKU\S-1-5-21-1571306010-3709694829-1092883663-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File DPF: HKLM-x32 {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{71D837ED-CC19-43D6-85CD-C31CF2544AFB}: [NameServer] 10.28.253.1 Tcpip\..\Interfaces\{7C558398-EC4A-4217-8340-B8175260889E}: [NameServer] 10.74.210.210 10.74.210.211 Tcpip\..\Interfaces\{EA51E0A4-6976-447B-9AFB-E271A9B20C96}: [NameServer] 10.74.210.210 10.74.210.211 FireFox: ======== FF ProfilePath: C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\3aglzgxk.default FF Homepage: google.de FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] () FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Windows\SysWOW64\npdeployJava1.dll [2014-07-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation) FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-01] () FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-01] () FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-01] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-12] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-12] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.) FF Extension: Zoom It - C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\3aglzgxk.default\Extensions\{0764a0ce-f1cd-bfde-f03f-927441535690} [2015-03-13] FF Extension: PageRank Client - C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\3aglzgxk.default\Extensions\pagerank-client@koeniglich.ch.xpi [2012-04-04] FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-05-10] FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-01] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-01] FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-01] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.de/" CHR Profile: C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-12] CHR Extension: (Google Docs) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-12] CHR Extension: (Google Drive) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-12] CHR Extension: (YouTube) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-12] CHR Extension: (Google Search) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-12] CHR Extension: (Kaspersky Protection) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-03-12] CHR Extension: (Google Sheets) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-12] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13] CHR Extension: (Google Wallet) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-12] CHR Extension: (Gmail) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-12] CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO) S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed] S2 c4791e60; c:\Program Files (x86)\PragmaInit\PragmaInit.dll [1682944 2015-02-06] () [File not signed] R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () S2 ICM_UpdaterService; C:\Program Files (x86)\SAMSUNG\Samsung Networking Wizard\ICM_Service.exe [204883 2011-03-18] () [File not signed] S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [671744 2013-02-05] () [File not signed] R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [64552 2014-10-02] (Haufe-Lexware GmbH & Co. KG) R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed] R2 MSSQL$JTLWAWI; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.exe [243712 2009-11-27] (IDT, Inc.) R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116480 2012-12-30] (AVM Berlin) R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd) R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [85048 2009-12-14] (Infowatch) R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66104 2009-12-14] (Infowatch) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [245248 2013-04-10] (Huawei Technologies Co., Ltd.) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-01-01] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [819896 2015-03-11] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-01-01] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-08-12] () S3 SoehnleComfort; C:\Windows\System32\Drivers\SoehnleComfort_x64.sys [38400 2011-04-20] () R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] () S3 cpuz134; \??\C:\Users\Zeeh\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] U3 tmlwf; No ImagePath U3 tmwfp; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-13 16:20 - 2015-03-13 16:20 - 02095616 _____ (Farbar) C:\Users\Zeeh\Downloads\FRST64 (1).exe 2015-03-13 16:19 - 2015-03-13 16:21 - 00000000 ____D () C:\ProgramData\TuneUp Software 2015-03-13 16:19 - 2015-03-13 16:19 - 28598072 _____ (TuneUp Software) C:\Users\Zeeh\Downloads\TuneUpUtilities2014_de-DE.exe 2015-03-13 16:19 - 2015-03-13 16:19 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2015-03-13 08:45 - 2015-03-13 08:45 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-03-13 08:45 - 2015-03-13 08:45 - 00001113 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-03-13 08:45 - 2015-03-13 08:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-13 08:44 - 2015-03-13 08:45 - 40824144 _____ () C:\Users\Zeeh\Downloads\Firefox_Setup_36.0.1.exe 2015-03-12 19:17 - 2015-03-12 19:17 - 00002213 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-03-12 19:15 - 2015-03-13 16:20 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-12 19:15 - 2015-03-13 07:37 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-12 19:15 - 2015-03-12 19:15 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-03-12 19:15 - 2015-03-12 19:15 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-03-12 19:11 - 2015-03-12 19:11 - 00880208 _____ (Google Inc.) C:\Users\Zeeh\Downloads\ChromeSetup (1).exe 2015-03-12 12:36 - 2015-03-12 12:36 - 02171392 _____ () C:\Users\Zeeh\Downloads\adwcleaner_4.112.exe 2015-03-11 20:23 - 2015-03-11 20:23 - 00032768 _____ () C:\Windows\SysWOW64\persistent_q.db-shm 2015-03-11 20:23 - 2015-03-11 20:23 - 00003176 _____ () C:\Windows\SysWOW64\persistent_q.db-wal 2015-03-11 20:23 - 2015-03-11 20:23 - 00001024 _____ () C:\Windows\SysWOW64\persistent_q.db 2015-03-11 15:12 - 2015-03-11 15:12 - 02367242 _____ () C:\Users\Zeeh\Desktop\froogle.txt 2015-03-11 08:17 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-03-11 08:17 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-03-11 08:17 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-11 08:17 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-03-11 08:17 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-03-11 08:17 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-03-11 08:17 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-03-11 08:17 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-03-11 08:17 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-11 08:17 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-03-11 08:17 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-11 08:17 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-03-11 08:17 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-03-11 08:17 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-03-11 08:17 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-03-11 08:17 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-03-11 08:17 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-03-11 08:17 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-03-11 08:17 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-03-11 08:17 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-11 08:17 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2015-03-11 08:17 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-03-11 08:17 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-03-11 08:17 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2015-03-11 08:17 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2015-03-11 08:17 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2015-03-11 08:17 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-03-11 08:17 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-03-11 08:17 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2015-03-11 08:17 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-03-11 08:17 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-03-11 08:17 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2015-03-11 08:17 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2015-03-11 08:17 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2015-03-11 08:17 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2015-03-11 08:17 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2015-03-11 08:17 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2015-03-11 08:17 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-03-11 08:17 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-03-11 08:17 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-03-11 08:16 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-11 08:16 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll 2015-03-11 08:15 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-03-11 08:15 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-03-11 08:15 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-11 08:15 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-03-11 08:15 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-03-11 08:15 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-03-11 08:15 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-03-11 08:15 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-03-11 08:15 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-03-11 08:15 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-03-11 08:15 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-03-11 08:15 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-03-11 08:15 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-03-11 08:15 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-03-11 08:15 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-03-11 08:15 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-03-11 08:15 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-03-11 08:15 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-03-11 08:15 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-03-11 08:15 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-03-11 08:15 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-03-11 08:15 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-11 08:15 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-11 08:15 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-03-11 08:15 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-11 08:15 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-03-11 08:15 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-03-11 08:15 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-03-11 08:15 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-03-11 08:15 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-11 08:15 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-03-11 08:15 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-11 08:15 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-03-11 08:15 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-03-11 08:15 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-11 08:15 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-03-11 08:15 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-11 08:15 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-11 08:15 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-11 08:15 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-03-11 08:15 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-11 08:15 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-11 08:15 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-03-11 08:15 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-03-11 08:15 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-11 08:15 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-03-11 08:15 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-03-11 08:15 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-11 08:15 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-03-11 08:15 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-03-11 08:15 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-03-11 08:15 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-03-11 08:15 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-03-11 08:15 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-03-11 08:15 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-11 08:15 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-03-11 08:15 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-03-11 08:15 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-03-11 08:15 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-03-11 08:15 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-03-11 08:15 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-03-11 08:15 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-11 08:15 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-03-11 08:15 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-03-11 08:15 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-11 08:15 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-11 08:15 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-03-11 08:15 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-03-11 08:15 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-03-11 08:15 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-11 08:15 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-03-11 08:15 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-03-11 08:15 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-03-11 08:15 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-11 08:15 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-11 08:15 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-03-11 08:15 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-03-11 08:15 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-03-11 08:15 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-03-11 08:15 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-11 08:15 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-11 08:15 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2015-03-11 08:15 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-11 08:15 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-03-11 08:15 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-03-11 08:15 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-11 08:15 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-03-08 16:25 - 2015-03-08 16:25 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-03-08 16:24 - 2015-03-08 16:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Zeeh\Downloads\revosetup95.exe 2015-03-08 16:20 - 2015-03-13 16:36 - 00023714 _____ () C:\Users\Zeeh\Downloads\FRST.txt 2015-03-08 16:19 - 2015-03-13 16:36 - 00000000 ____D () C:\FRST 2015-03-08 16:19 - 2015-03-08 16:19 - 02095104 _____ (Farbar) C:\Users\Zeeh\Downloads\FRST64.exe 2015-03-07 22:41 - 2015-03-07 22:41 - 00093359 _____ () C:\Users\Zeeh\Downloads\Invoice_Jan-16-15_Feb-15-15.csv 2015-03-06 17:33 - 2015-03-12 15:29 - 00000000 ____D () C:\AdwCleaner 2015-03-06 09:25 - 2015-03-13 08:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-02 11:58 - 2015-03-02 11:58 - 00029696 _____ () C:\Users\Zeeh\Documents\froogle.xls 2015-03-01 13:15 - 2015-03-13 09:02 - 00017869 _____ () C:\Users\Zeeh\Desktop\Artesano-Wollliste.xlsx 2015-03-01 13:15 - 2015-03-02 12:01 - 00018899 _____ () C:\Users\Zeeh\Documents\Artesano-Wollliste.xlsx 2015-02-26 07:40 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll 2015-02-26 07:40 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-02-26 07:40 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll 2015-02-26 07:40 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll 2015-02-26 07:36 - 2015-02-26 07:38 - 00000000 ____D () C:\Program Files (x86)\Bookmark Search 2015-02-25 19:50 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls 2015-02-25 19:50 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls 2015-02-16 08:35 - 2015-03-11 16:41 - 00000000 ____D () C:\Users\Zeeh\Documents\DHL-Reklamationen 2015-02-12 18:35 - 2015-02-19 11:15 - 00025921 _____ () C:\Windows\system32\ScanResults.xml 2015-02-12 18:31 - 2015-02-19 11:12 - 00000464 _____ () C:\Windows\system32\ScannerSettings 2015-02-11 08:49 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-02-11 08:49 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-02-11 08:49 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-02-11 08:49 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-02-11 08:49 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-02-11 08:49 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-02-11 08:49 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-02-11 08:49 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2015-02-11 08:47 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-11 08:47 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2015-02-11 08:47 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-11 08:47 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2015-02-11 08:47 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-02-11 08:47 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2015-02-11 08:47 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-13 16:31 - 2015-01-20 14:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-13 15:42 - 2010-08-10 22:48 - 01479133 _____ () C:\Windows\WindowsUpdate.log 2015-03-13 11:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2015-03-13 10:23 - 2011-01-01 17:18 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-03-13 09:23 - 2011-01-03 04:41 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1B35FCC2-2D8D-4E4D-A77B-606E14FE5BEB} 2015-03-13 09:01 - 2014-01-14 14:21 - 00258149 _____ () C:\Users\Zeeh\Desktop\Bestandsliste Perfect Petzzz.xlsx 2015-03-13 08:21 - 2010-12-30 23:10 - 00000000 ____D () C:\Users\Zeeh\AppData\Roaming\SoftGrid Client 2015-03-13 08:16 - 2013-07-19 08:51 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine Kaden 2015-03-13 07:42 - 2009-07-14 05:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-13 07:42 - 2009-07-14 05:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-13 07:38 - 2015-01-23 08:59 - 00082910 _____ () C:\Windows\avmacc.log 2015-03-13 07:37 - 2011-01-01 14:23 - 00045056 _____ () C:\Windows\system32\acovcnt.exe 2015-03-13 07:33 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-13 07:32 - 2015-01-23 08:57 - 00005499 _____ () C:\Windows\setupact.log 2015-03-13 07:32 - 2015-01-23 08:56 - 00016406 _____ () C:\Windows\PFRO.log 2015-03-12 19:17 - 2010-08-10 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-03-12 19:17 - 2010-08-10 23:12 - 00000000 ____D () C:\Program Files (x86)\Google 2015-03-12 18:26 - 2010-12-31 14:43 - 00000000 ____D () C:\ProgramData\Lexware 2015-03-12 15:52 - 2010-12-30 22:33 - 00000000 ____D () C:\Users\Zeeh\AppData\Local\Google 2015-03-12 15:50 - 2011-03-09 08:42 - 00000000 ____D () C:\Users\Zeeh\AppData\Local\Deployment 2015-03-12 11:55 - 2010-08-10 23:45 - 00002476 _____ () C:\Windows\system32\AutoRunFilter.ini 2015-03-12 11:49 - 2010-08-10 23:09 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-03-12 11:22 - 2010-12-31 14:44 - 00000000 ____D () C:\Program Files (x86)\lexware 2015-03-12 11:22 - 2010-12-31 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware 2015-03-12 11:15 - 2010-08-10 23:08 - 00000000 ____D () C:\ProgramData\CyberLink 2015-03-12 10:42 - 2010-08-10 23:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility 2015-03-12 10:42 - 2010-08-10 23:13 - 00000000 ____D () C:\Program Files (x86)\ASUS 2015-03-12 08:31 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-03-12 08:29 - 2015-01-23 08:56 - 00307104 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-12 08:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2015-03-12 08:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism 2015-03-11 20:17 - 2013-07-14 10:08 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-11 20:01 - 2011-01-09 17:52 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-11 15:23 - 2013-12-08 08:49 - 00017082 _____ () C:\Users\Zeeh\Desktop\monatliche Kosten.xlsx 2015-03-11 13:11 - 2014-05-26 10:47 - 00015671 _____ () C:\Users\Zeeh\Desktop\Bestellschein PerfectPetzzz EUR.xlsx 2015-03-11 13:07 - 2013-11-06 14:20 - 00036720 _____ () C:\Users\Zeeh\Desktop\Bestellformular Beleduc.xlsx 2015-03-11 07:55 - 2014-08-20 18:04 - 00819896 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2015-03-10 10:31 - 2009-08-04 10:51 - 00715658 _____ () C:\Windows\system32\perfh007.dat 2015-03-10 10:31 - 2009-08-04 10:51 - 00156312 _____ () C:\Windows\system32\perfc007.dat 2015-03-10 10:31 - 2009-07-14 06:13 - 01660372 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-10 10:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-03-09 18:41 - 2013-05-10 16:31 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine SUN 2015-03-08 16:40 - 2012-04-29 20:52 - 00000000 ____D () C:\Program Files (x86)\CEWE COLOR 2015-03-06 17:36 - 2011-01-01 15:11 - 00000000 ____D () C:\Windows\system32\log 2015-03-04 17:29 - 2015-01-22 11:05 - 00012247 _____ () C:\Users\Zeeh\Documents\Antje-Lohn.xlsx 2015-02-27 07:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2015-02-26 08:49 - 2011-01-01 17:17 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-02-26 08:30 - 2013-05-10 16:33 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine Rülke 2015-02-25 07:49 - 2013-05-10 16:33 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine SINA 2015-02-24 17:15 - 2013-03-16 21:20 - 00000000 ____D () C:\Users\Zeeh\Desktop\Bilder 2015-02-23 17:41 - 2011-05-20 21:20 - 00068744 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT 2015-02-23 13:47 - 2011-03-05 18:38 - 00017150 _____ () C:\Users\Zeeh\Documents\Darlehen.xlsx 2015-02-23 12:06 - 2011-02-14 08:52 - 00000000 __RSD () C:\Users\Zeeh\Documents\My Stationery 2015-02-23 08:56 - 2013-06-03 08:47 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine Uniwood 2015-02-18 16:06 - 2012-07-10 07:57 - 00000000 ____D () C:\Users\Zeeh\AppData\Roaming\FileZilla 2015-02-16 11:02 - 2010-08-10 23:45 - 00001728 _____ () C:\Windows\system32\ServiceFilter.ini 2015-02-16 11:01 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-02-13 21:05 - 2015-01-27 09:26 - 00032768 _____ () C:\Windows\system32\persistent_q.db-shm 2015-02-13 21:05 - 2015-01-27 09:26 - 00012608 _____ () C:\Windows\system32\persistent_q.db-wal 2015-02-12 10:03 - 2015-01-15 18:29 - 00262144 _____ () C:\Windows\system32\config\elam 2015-02-11 20:12 - 2014-12-11 05:19 - 00000000 ____D () C:\Windows\system32\appraiser 2015-02-11 20:12 - 2014-05-06 19:58 - 00000000 ___SD () C:\Windows\system32\CompatTel ==================== Files in the root of some directories ======= 2015-02-06 09:17 - 2015-02-06 09:17 - 0000020 _____ () C:\Users\Zeeh\AppData\Roaming\appdataFr3.bin 2012-12-30 13:11 - 2012-12-30 13:11 - 0017408 _____ () C:\Users\Zeeh\AppData\Local\WebpageIcons.db 2010-08-10 23:16 - 2009-12-24 13:38 - 0131368 _____ () C:\ProgramData\FullRemove.exe 2010-08-10 23:09 - 2010-08-10 23:10 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2010-08-10 23:09 - 2010-08-10 23:09 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Some content of TEMP: ==================== C:\Users\Zeeh\AppData\Local\Temp\Quarantine.exe C:\Users\Zeeh\AppData\Local\Temp\ReimagePackage.exe C:\Users\Zeeh\AppData\Local\Temp\sqlite3.dll C:\Users\Zeeh\AppData\Local\Temp\System.Data.SQLite.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-05 12:19 ==================== End Of Log ============================ --- --- --- Leider kann ich die addition.txt nicht finden |
14.03.2015, 09:29 | #4 |
/// the machine /// TB-Ausbilder | bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt FRST öffnen, Haken setzen bei Addition und scannen, poste bitte nur die Addition.txt.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
14.03.2015, 19:05 | #5 |
| bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinktCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015 Ran by Zeeh at 2015-03-14 19:01:57 Running from C:\Users\Zeeh\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Acronis*True*Image*Home 2011 (HKLM-x32\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6696 - Acronis) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.) Adobe Flash Player 14 ActiveX (HKLM-x32\...\{1F5E5F2E-5E61-431D-B796-58CCC6B68E28}) (Version: 14.0.0.125 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader X (10.1.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated) Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.8 - ASUS) ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK) ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS) ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS) ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.27 - ASUS) ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS) ASUS USB2.0 UVC VGA WebCam (HKLM\...\ASUS USB2.0 UVC VGA WebCam) (Version: 5.8.53120.202 - Sonix) ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus) ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.) ATI Catalyst Install Manager (HKLM\...\{80AB4395-42E3-D0B3-A310-6F0A6BD9709B}) (Version: 3.0.750.0 - ATI Technologies, Inc.) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0001 - ASUS) Body Balance Comfort Select Software (HKLM-x32\...\{74B92B80-C11A-4DD0-884C-A532B788C2D4}) (Version: 1.0.0 - Leifheit AG) Boingo Wi-Fi (HKLM-x32\...\{B653A2EC-D816-4498-A4FD-651047AB9DC9}) (Version: 1.7.0048 - Boingo Wireless, Inc.) Brother MFL-Pro Suite DCP-9055CDN (HKLM-x32\...\{979742CC-2CBB-49D8-9BEE-C2F7875F5393}) (Version: 1.1.5.0 - Brother Industries, Ltd.) ccc-core-static (x32 Version: 2009.1111.1543.28169 - ATI) Hidden Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS) DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden ETDWare PS/2-x64 7.0.5.9_WHQL (HKLM\...\Elantech) (Version: - ) Express Rip (HKLM-x32\...\ExpressRip) (Version: 1.94 - NCH Software) Fahrtenbuch.net 1.5.12 (HKLM-x32\...\Fahrtenbuch.net_is1) (Version: - COMputer.INTernet.SOftware Tobias Schiek) Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS) FileZilla Client 3.2.7.1 (HKLM-x32\...\FileZilla Client) (Version: 3.2.7.1 - ) FRITZ!Box USB-Fernanschluss (HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\...\f018cf21c0452c64) (Version: 2.3.0.2 - AVM Berlin) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.) Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6259.0 - IDT) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation) Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel) Internet Manager (HKLM-x32\...\Internet Manager) (Version: 22.001.18.76.55 - Huawei Technologies Co.,Ltd) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.670 - Oracle) Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden K_Series_ScreenSaver_EN (HKLM-x32\...\K_Series_ScreenSaver_EN) (Version: - ) Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden Lexware Abschreibungsrechner (x32 Version: 14.00.00.0004 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware büro easy 2015 (x32 Version: 28.02.00.0197 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware büro easy plus 2015 (HKLM-x32\...\{3eadd447-88bd-45e6-8410-0b31dcad2556}) (Version: 28.0.0.132 - Haufe-Lexware GmbH & Co.KG) Lexware Elster (x32 Version: 15.00.00.0056 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Info Service (x32 Version: 5.00.00.0044 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Installations Dienst (x32 Version: 4.00.00.0008 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware online banking (x32 Version: 22.02.00.0040 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware PDF-Export 5 (x32 Version: 5.00.00.0005 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Sepa Check (x32 Version: 1.00.00.0003 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Zeiterfassung (x32 Version: 28.00.00.0003 - Haufe-Lexware GmbH & Co.KG) Hidden Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{7C39E0D1-E138-42B1-B083-213EC2CF7692}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation) Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA) PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge) QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Samsung Networking Wizard (HKLM-x32\...\{0C485220-4029-48E7-9F27-965DA4A78D5E}) (Version: 1.1.11052.2 - Samsung Electronics Co., Ltd. ) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2000.0 - SAMSUNG Electronics Co., Ltd.) Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Hidden SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) SolidWorks eDrawings 2011 (HKLM-x32\...\{9402DAC1-447E-49C9-979D-BD5838E709D7}) (Version: 11.4.113 - Dassault Systèmes SolidWorks Corp.) syncables desktop SE (HKLM-x32\...\{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}) (Version: 5.5.615.9518 - syncables) Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.) Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM-x32\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation) Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies) Windows Live Anmelde-Assistent (HKLM-x32\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation) Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS) Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 06-03-2015 08:59:42 Geplanter Prüfpunkt 08-03-2015 16:28:02 Revo Uninstaller's restore point - Smileyville FREE 08-03-2015 16:31:40 Revo Uninstaller's restore point - Piggly FREE 08-03-2015 16:32:25 Revo Uninstaller's restore point - Alice Greenfingers 08-03-2015 16:33:20 Revo Uninstaller's restore point - Chicken Invaders 2 08-03-2015 16:34:25 Revo Uninstaller's restore point - Dream Day Wedding Married in Manhattan 08-03-2015 16:36:19 Revo Uninstaller's restore point - Game Park Console 08-03-2015 16:37:30 Revo Uninstaller's restore point - JTL-Wawi 08-03-2015 16:38:51 Revo Uninstaller's restore point - Mein CEWE FOTOBUCH 08-03-2015 16:41:01 Revo Uninstaller's restore point - Preispilot für Firefox 11-03-2015 19:59:02 Windows Update 12-03-2015 10:18:32 Revo Uninstaller's restore point - ASUS FancyStart 12-03-2015 10:42:26 Removed ASUS FancyStart 12-03-2015 10:46:59 Revo Uninstaller's restore point - Bing Bar 12-03-2015 11:07:01 Revo Uninstaller's restore point - CyberLink LabelPrint 12-03-2015 11:07:37 Konfiguriert LabelPrint 12-03-2015 11:13:30 Revo Uninstaller's restore point - CyberLink Power2Go 12-03-2015 11:13:53 Konfiguriert Power2Go 12-03-2015 11:16:10 Revo Uninstaller's restore point - Lexware lohnauskunft 2009 12-03-2015 11:16:25 Konfiguriert Lexware lohnauskunft 2009 12-03-2015 11:18:01 Revo Uninstaller's restore point - Lexware lohnauskunft 2009 12-03-2015 11:18:21 Revo Uninstaller's restore point - Lexware lohnauskunft 2014 12-03-2015 11:18:55 Removed Lexware lohnauskunft 2014. 12-03-2015 11:21:34 Revo Uninstaller's restore point - Lexware reisekosten 2009 12-03-2015 11:21:47 Konfiguriert Lexware reisekosten 2009 12-03-2015 11:23:13 Revo Uninstaller's restore point - Mozilla Firefox 36.0.1 (x86 de) 12-03-2015 11:27:02 Revo Uninstaller's restore point - Mozilla Firefox 36.0.1 (x86 de) 12-03-2015 11:48:31 Entfernt DELISprint 12-03-2015 11:52:20 Removed RENESIS® Player Browser Plugins 13-03-2015 16:19:53 TuneUp Utilities 2014 wird installiert 13-03-2015 16:20:57 TuneUp Utilities 2014 (de-DE) wird entfernt ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {342CD102-1DE5-49AE-A53A-D33ABD85E7BC} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK) Task: {3A775123-7BDC-4E16-A8B7-6845A96A4083} - System32\Tasks\{1EDF6135-BB20-413E-8288-BC728394B876} => pcalua.exe -a E:\LxSetup.exe -d E:\ Task: {40721C3F-0996-4274-98ED-E888934C6B43} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-12] (Google Inc.) Task: {429C9858-F46A-408D-87D6-64BC0F0C99B0} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-11-24] () Task: {474683AA-2C5B-46A0-9C72-919F9FB1CBE7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-12] (Google Inc.) Task: {53997FEA-15D2-4E30-B519-F00330284647} - System32\Tasks\{C4D39608-1BDD-4FDC-94D6-2EDA5B93ECA0} => pcalua.exe -a C:\Users\Zeeh\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=cvs <==== ATTENTION Task: {661E3F48-5794-4F49-9DDE-351E8CF265E6} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-18] (ASUS) Task: {89E5C935-498B-489D-801A-3E66D5249F0A} - System32\Tasks\SQAKP => C:\ProgramData\9a57dd4bfbdc41d9a41d3b8b62f45107\9a57dd4bfbdc41d9a41d3b8b62f45107.exe Task: {8EAA276A-C2F3-409E-8546-11C58E4FA00B} - System32\Tasks\{01B8A7C3-9EE9-4DFA-80E2-0171A0BB415D} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2013-07-23] (Microsoft Corporation) Task: {8F20AF64-5623-47D4-84BD-6771C9B8432C} - System32\Tasks\{1EC1DF85-2F18-4E6E-98F2-7C1D92E46BBA} => pcalua.exe -a F:\aomwin200ea24.exe -d F:\ Task: {9C50DFC0-DC4F-4E99-B900-E921C5344D29} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {A3D57154-76E9-41EB-B88A-431B82727931} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {C2301F3D-2E4A-4C92-AF9D-A1600BCC6EA2} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-12-24] (ATK) Task: {EBA787D0-3184-4EAB-9004-F21185C8620B} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] () Task: {ECA98A70-61E5-4054-8BC5-BBC2BB7E9950} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated) Task: {F4080C3B-FFD2-4ACA-852D-23B954EBF2C3} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-05] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\P4GIntlCtrl.job => C:\Program Files\P4G\IntlDPST.exe ==================== Loaded Modules (whitelisted) ============== 2011-03-14 16:27 - 2011-03-14 16:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe 2014-08-18 19:25 - 2013-02-05 08:24 - 00671744 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe 2014-08-18 19:29 - 2013-02-05 08:25 - 01541120 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe 2010-03-16 02:48 - 2010-03-16 02:48 - 01754448 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe 2008-10-23 18:21 - 2008-10-23 18:21 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2010-08-10 23:32 - 2010-08-10 23:32 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2010-02-28 02:33 - 2010-02-28 02:33 - 00077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe 2014-08-30 17:12 - 2014-08-30 17:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll 2014-08-18 19:25 - 2009-01-10 11:32 - 00011362 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll 2014-08-18 19:25 - 2009-06-22 19:42 - 00043008 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll 2014-08-18 19:25 - 2012-10-31 10:11 - 02417152 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll 2014-08-18 19:25 - 2012-10-31 10:14 - 01148416 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll 2014-08-18 19:25 - 2012-10-31 10:33 - 09562624 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtGui4.dll 2014-08-18 19:29 - 2012-10-31 12:14 - 00082944 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\plugins\imageformats\qgif4.dll 2014-08-18 19:29 - 2012-10-31 12:16 - 00081920 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\plugins\imageformats\qico4.dll 2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll 2011-02-01 20:52 - 2011-02-01 20:52 - 11195512 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll 2014-09-11 14:09 - 2014-09-11 14:09 - 00176168 _____ () C:\Program Files (x86)\lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll 2014-09-11 14:09 - 2014-09-11 14:09 - 00043048 _____ () C:\Program Files (x86)\lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll 2013-01-17 13:32 - 2013-01-17 13:32 - 01433600 _____ () C:\Program Files (x86)\lexware\bueroeasy\PrintEng.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:63F29B08 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" ==================== Accounts: ============================= Administrator (S-1-5-21-1571306010-3709694829-1092883663-500 - Administrator - Disabled) Gast (S-1-5-21-1571306010-3709694829-1092883663-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1571306010-3709694829-1092883663-1009 - Limited - Enabled) Zeeh (S-1-5-21-1571306010-3709694829-1092883663-1000 - Administrator - Enabled) => C:\Users\Zeeh ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (03/11/2015 08:32:55 AM) (Source: ESENT) (EventID: 215) (User: ) Description: wlmail (4312) WindowsLiveMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde. Error: (03/06/2015 06:15:08 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm QBW32.exe, Version 28.2.0.197 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 19f4 Startzeit: 01d0583040803f95 Endzeit: 16 Anwendungspfad: C:\Program Files (x86)\lexware\bueroeasy\QBW32.exe Berichts-ID: 4963e47b-c424-11e4-bb04-20cf3034dee3 Error: (03/06/2015 05:46:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: TrueImage.exe, Version: 14.0.0.6696, Zeitstempel: 0x4d4857e3 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00038e19 ID des fehlerhaften Prozesses: 0x1bec Startzeit der fehlerhaften Anwendung: 0xTrueImage.exe0 Pfad der fehlerhaften Anwendung: TrueImage.exe1 Pfad des fehlerhaften Moduls: TrueImage.exe2 Berichtskennung: TrueImage.exe3 Error: (02/26/2015 07:37:33 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3 Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224 Ausnahmecode: 0x80000003 Fehleroffset: 0x00001425 ID des fehlerhaften Prozesses: 0x1494 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (02/26/2015 07:37:32 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3 Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224 Ausnahmecode: 0x80000003 Fehleroffset: 0x00001425 ID des fehlerhaften Prozesses: 0x850 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (02/26/2015 07:37:32 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3 Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224 Ausnahmecode: 0x80000003 Fehleroffset: 0x00001425 ID des fehlerhaften Prozesses: 0xc40 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (02/26/2015 07:37:21 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3 Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224 Ausnahmecode: 0x80000003 Fehleroffset: 0x00001425 ID des fehlerhaften Prozesses: 0x1e3c Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (02/26/2015 07:33:47 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm QBW32.exe, Version 28.2.0.197 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: af0 Startzeit: 01d0518cfce5f097 Endzeit: 15 Anwendungspfad: C:\Program Files (x86)\lexware\bueroeasy\QBW32.exe Berichts-ID: 51bfa22e-bd81-11e4-9a0d-20cf3034dee3 Error: (02/16/2015 11:32:01 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3 Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224 Ausnahmecode: 0x80000003 Fehleroffset: 0x00001425 ID des fehlerhaften Prozesses: 0x1534 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (02/16/2015 10:59:11 AM) (Source: Winlogon) (EventID: 4004) (User: ) Description: Fehler beim Beenden der Prozesse des aktuell angemeldeten Benutzers durch den Windows-Anmeldeprozess. System errors: ============= Error: (03/14/2015 01:42:53 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error: (03/14/2015 01:42:53 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error: (03/14/2015 01:41:54 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Server" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error: (03/14/2015 01:41:01 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (03/14/2015 01:40:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error: (03/14/2015 01:40:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Designs" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (03/14/2015 01:40:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Shellhardwareerkennung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (03/14/2015 01:40:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Benachrichtigungsdienst für Systemereignisse" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error: (03/14/2015 01:40:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Aufgabenplanung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (03/14/2015 01:40:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Benutzerprofildienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Microsoft Office Sessions: ========================= Error: (03/11/2015 08:32:55 AM) (Source: ESENT) (EventID: 215) (User: ) Description: wlmail4312WindowsLiveMail0: Error: (03/06/2015 06:15:08 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: QBW32.exe28.2.0.19719f401d0583040803f9516C:\Program Files (x86)\lexware\bueroeasy\QBW32.exe4963e47b-c424-11e4-bb04-20cf3034dee3 Error: (03/06/2015 05:46:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: TrueImage.exe14.0.0.66964d4857e3ntdll.dll6.1.7601.18247521ea8e7c000000500038e191bec01d0582ccc67203cC:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exeC:\Windows\SysWOW64\ntdll.dll6285e87c-c420-11e4-bb04-20cf3034dee3 Error: (02/26/2015 07:37:33 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425149401d0518ea545a0b3C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllf1055d48-bd81-11e4-9a0d-20cf3034dee3 Error: (02/26/2015 07:37:32 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f224800000030000142585001d0518cfc22bfc1C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllf103d6a8-bd81-11e4-9a0d-20cf3034dee3 Error: (02/26/2015 07:37:32 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425c4001d0518cfba6f833C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllf1025008-bd81-11e4-9a0d-20cf3034dee3 Error: (02/26/2015 07:37:21 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f22480000003000014251e3c01d0518cfc4ff9e6C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllea190d9c-bd81-11e4-9a0d-20cf3034dee3 Error: (02/26/2015 07:33:47 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: QBW32.exe28.2.0.197af001d0518cfce5f09715C:\Program Files (x86)\lexware\bueroeasy\QBW32.exe51bfa22e-bd81-11e4-9a0d-20cf3034dee3 Error: (02/16/2015 11:32:01 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425153401d049d265298d50C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll0a3e9428-b5c7-11e4-bb73-20cf3034dee3 Error: (02/16/2015 10:59:11 AM) (Source: Winlogon) (EventID: 4004) (User: ) Description: ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5 CPU M 450 @ 2.40GHz Percentage of memory in use: 54% Total physical RAM: 3948.54 MB Available physical RAM: 1791.26 MB Total Pagefile: 9946.73 MB Available Pagefile: 7128.82 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:149.04 GB) (Free:93.54 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (DATA) (Fixed) (Total:427.59 GB) (Free:427.23 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: E0C5913D) Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C) Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=427.6 GB) - (Type=OF Extended) ==================== End Of Log ============================ |
15.03.2015, 07:55 | #6 |
/// the machine /// TB-Ausbilder | bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt hi, Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt |
17.03.2015, 20:20 | #7 |
| bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt Ich war jetzt "fleißig": Teil 1 ist hier: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004 www.malwarebytes.org Database version: main: v2015.03.17.06 rootkit: v2015.02.25.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.17691 Zeeh :: ZEEH-PC [administrator] 17.03.2015 18:59:10 mbar-log-2015-03-17 (18-59-10).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 375417 Time elapsed: 28 minute(s), 57 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\ProgramData\2355320829 (Rogue.Multiple) -> Delete on reboot. [c7d361e5fb8f7bbba66e2d33e22138c8] Files Detected: 1 C:\Users\Zeeh\Downloads\yet_another_cleaner_cdls_setup_19230.exe (FraudTool.YAC) -> Delete on reboot. [d9c15ee839510531c39958da39c97789] Physical Sectors Detected: 0 (No malicious items detected) (end) Code:
ATTFilter 20:15:29.0801 0x0ba0 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04 20:15:37.0211 0x0ba0 ============================================================ 20:15:37.0211 0x0ba0 Current date / time: 2015/03/17 20:15:37.0211 20:15:37.0211 0x0ba0 SystemInfo: 20:15:37.0212 0x0ba0 20:15:37.0212 0x0ba0 OS Version: 6.1.7601 ServicePack: 1.0 20:15:37.0212 0x0ba0 Product type: Workstation 20:15:37.0212 0x0ba0 ComputerName: ZEEH-PC 20:15:37.0212 0x0ba0 UserName: Zeeh 20:15:37.0212 0x0ba0 Windows directory: C:\Windows 20:15:37.0212 0x0ba0 System windows directory: C:\Windows 20:15:37.0212 0x0ba0 Running under WOW64 20:15:37.0212 0x0ba0 Processor architecture: Intel x64 20:15:37.0212 0x0ba0 Number of processors: 4 20:15:37.0212 0x0ba0 Page size: 0x1000 20:15:37.0212 0x0ba0 Boot type: Normal boot 20:15:37.0212 0x0ba0 ============================================================ 20:15:37.0835 0x0ba0 KLMD registered as C:\Windows\system32\drivers\98714250.sys 20:15:38.0938 0x0ba0 System UUID: {A12E0C5D-011C-B5E0-7139-F7C5D85CF17E} 20:15:41.0029 0x0ba0 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 20:15:41.0037 0x0ba0 Drive \Device\Harddisk1\DR1 - Size: 0xF0000000 ( 3.75 Gb ), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 20:15:41.0041 0x0ba0 ============================================================ 20:15:41.0041 0x0ba0 \Device\Harddisk0\DR0: 20:15:41.0041 0x0ba0 MBR partitions: 20:15:41.0041 0x0ba0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0x12A14A08 20:15:41.0058 0x0ba0 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x15127000, BlocksNum 0x35730800 20:15:41.0059 0x0ba0 \Device\Harddisk1\DR1: 20:15:41.0060 0x0ba0 MBR partitions: 20:15:41.0060 0x0ba0 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x77E000 20:15:41.0060 0x0ba0 ============================================================ 20:15:41.0119 0x0ba0 C: <-> \Device\Harddisk0\DR0\Partition1 20:15:41.0176 0x0ba0 D: <-> \Device\Harddisk0\DR0\Partition2 20:15:41.0176 0x0ba0 ============================================================ 20:15:41.0176 0x0ba0 Initialize success 20:15:41.0176 0x0ba0 ============================================================ 20:15:53.0796 0x067c ============================================================ 20:15:53.0796 0x067c Scan started 20:15:53.0796 0x067c Mode: Manual; SigCheck; TDLFS; 20:15:53.0796 0x067c ============================================================ 20:15:53.0796 0x067c KSN ping started 20:16:07.0115 0x067c KSN ping finished: true 20:16:08.0600 0x067c ================ Scan system memory ======================== 20:16:08.0601 0x067c System memory - ok 20:16:08.0601 0x067c ================ Scan services ============================= 20:16:08.0801 0x067c [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 20:16:09.0036 0x067c 1394ohci - ok 20:16:09.0105 0x067c [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys 20:16:09.0126 0x067c ACPI - ok 20:16:09.0181 0x067c [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 20:16:09.0284 0x067c AcpiPmi - ok 20:16:09.0463 0x067c [ 3DD353A5BF7AF6DB7AFF1166435D4AE0, 8D9EE5369D8208BF6E37A2B1F54DE087F564812045B92309054CE89EA70D7600 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe 20:16:09.0500 0x067c AcrSch2Svc - ok 20:16:09.0596 0x067c [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 20:16:09.0610 0x067c AdobeARMservice - ok 20:16:09.0762 0x067c [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 20:16:09.0807 0x067c AdobeFlashPlayerUpdateSvc - ok 20:16:09.0895 0x067c [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 20:16:09.0961 0x067c adp94xx - ok 20:16:10.0029 0x067c [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 20:16:10.0066 0x067c adpahci - ok 20:16:10.0128 0x067c [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 20:16:10.0159 0x067c adpu320 - ok 20:16:10.0205 0x067c [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 20:16:10.0339 0x067c AeLookupSvc - ok 20:16:10.0402 0x067c [ 2D00D3DADC1D3326BA788EB071F2726E, 559048C0A15BBA83367D0F2969F48042FB1D11C9862A0BA4DF69FB15DECB8761 ] AFBAgent C:\Windows\system32\FBAgent.exe 20:16:10.0429 0x067c AFBAgent - ok 20:16:10.0485 0x067c [ AE1FCE2CD1E99BEA89183BA8CD320872, 96F14BCA0C2479F39A5027A71922907D0F35CAD8E9A5037674DF7995BBDB2B51 ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys 20:16:10.0501 0x067c afcdp - ok 20:16:10.0636 0x067c [ AF44F7E027037628F1FAC3C13CDE73E6, 56A95EBF2241C275FD401487C5F0E86859F8637D8B1BD01B7157EE9BC22B1907 ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe 20:16:10.0718 0x067c afcdpsrv - ok 20:16:10.0800 0x067c [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys 20:16:10.0866 0x067c AFD - ok 20:16:10.0933 0x067c [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys 20:16:10.0955 0x067c agp440 - ok 20:16:11.0000 0x067c [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe 20:16:11.0054 0x067c ALG - ok 20:16:11.0122 0x067c [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys 20:16:11.0145 0x067c aliide - ok 20:16:11.0192 0x067c [ 46693222FCDB3175AAAED017EAA6FCC7, 901484FCD4C59BA2480EE6A26F5A9AA163DA2AA412B68FF7C97F4285F0DC593D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 20:16:11.0241 0x067c AMD External Events Utility - ok 20:16:11.0304 0x067c [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys 20:16:11.0325 0x067c amdide - ok 20:16:11.0361 0x067c [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 20:16:11.0427 0x067c AmdK8 - ok 20:16:11.0451 0x067c [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 20:16:11.0504 0x067c AmdPPM - ok 20:16:11.0551 0x067c [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys 20:16:11.0571 0x067c amdsata - ok 20:16:11.0605 0x067c [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 20:16:11.0621 0x067c amdsbs - ok 20:16:11.0633 0x067c [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys 20:16:11.0644 0x067c amdxata - ok 20:16:11.0678 0x067c [ 9C7F164B49CADC658D1B3C575782F346, 7C5FD203735041B6AEB2E551A63CE5F46DB41044BC72E7E77A72F316197C80DA ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS 20:16:11.0711 0x067c AmUStor - ok 20:16:11.0751 0x067c [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys 20:16:11.0783 0x067c AppID - ok 20:16:11.0812 0x067c [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll 20:16:11.0846 0x067c AppIDSvc - ok 20:16:11.0907 0x067c [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll 20:16:11.0961 0x067c Appinfo - ok 20:16:12.0003 0x067c [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys 20:16:12.0025 0x067c arc - ok 20:16:12.0050 0x067c [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 20:16:12.0071 0x067c arcsas - ok 20:16:12.0134 0x067c [ 18E5C2F937F9DEB8C282DF66A3761925, 30294C381F8C7DCB45EF9BCF572F410FF47630E12D5AA02259C6C80F07BEF495 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe 20:16:12.0148 0x067c ASLDRService - ok 20:16:12.0163 0x067c [ 4C016FD76ED5C05E84CA8CAB77993961, 025E7BE9FCEFD6A83F4471BBA0C11F1C11BD5047047D26626DA24EE9A419CDC4 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 20:16:12.0173 0x067c ASMMAP64 - ok 20:16:12.0195 0x067c [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 20:16:12.0252 0x067c AsyncMac - ok 20:16:12.0308 0x067c [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys 20:16:12.0320 0x067c atapi - ok 20:16:12.0390 0x067c [ 0ACC06FCF46F64ED4F11E57EE461C1F4, F2AB7198C7F7D36AB1D6D03C1FEFD929ED402002AC835B909FC14938BC0EE24B ] athr C:\Windows\system32\DRIVERS\athrx.sys 20:16:12.0485 0x067c athr - ok 20:16:12.0540 0x067c [ FB7602C5C508BE281368AAE0B61B51C6, 81FB4ABFA006974C20CA0E9FEB279A51CC4A9F0C1DA67075AA0EAD13F43B3782 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys 20:16:12.0553 0x067c AtiHdmiService - ok 20:16:12.0782 0x067c [ 99C262242A279976206ECE1D3C74DF27, B0E35CF7F9C820C4D7300183CC4401ABEB1AA439959563E8513DDE00947ABA23 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 20:16:13.0074 0x067c atikmdag - ok 20:16:13.0117 0x067c [ 63F1212FFE13E62CA1E8D8EE19ABD9A7, A552CAF830CD1D01C077EDDEC95832F5826631D2DFA8747E0E393E32ACED2A57 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe 20:16:13.0127 0x067c ATKGFNEXSrv - ok 20:16:13.0174 0x067c [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 20:16:13.0238 0x067c AudioEndpointBuilder - ok 20:16:13.0258 0x067c [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll 20:16:13.0285 0x067c AudioSrv - ok 20:16:13.0328 0x067c [ 6A300AD0E23A155B2C3A7FAB0D4AABD1, AD283CC530482C0C155727C3234BFA4773C8C80B4C9912448196F83407C3CFD4 ] avmaudio C:\Windows\system32\DRIVERS\avmaudio.sys 20:16:13.0370 0x067c avmaudio - ok 20:16:13.0464 0x067c [ AB1AF0BA03DCB6A879BC22F472EACEEA, A75B73D0B1FE885F6DC2C7A0B755A6E12F9DC54CE702A1FFC3F283196793627A ] AVP15.0.1 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe 20:16:13.0492 0x067c AVP15.0.1 - ok 20:16:13.0549 0x067c [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll 20:16:13.0619 0x067c AxInstSV - ok 20:16:13.0689 0x067c [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 20:16:13.0756 0x067c b06bdrv - ok 20:16:13.0830 0x067c [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 20:16:13.0880 0x067c b57nd60a - ok 20:16:13.0933 0x067c [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll 20:16:13.0976 0x067c BDESVC - ok 20:16:14.0006 0x067c [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys 20:16:14.0112 0x067c Beep - ok 20:16:14.0203 0x067c [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll 20:16:14.0285 0x067c BFE - ok 20:16:14.0338 0x067c [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll 20:16:14.0445 0x067c BITS - ok 20:16:14.0477 0x067c [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 20:16:14.0510 0x067c blbdrive - ok 20:16:14.0559 0x067c [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 20:16:14.0602 0x067c bowser - ok 20:16:14.0654 0x067c [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 20:16:14.0693 0x067c BrFiltLo - ok 20:16:14.0713 0x067c [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 20:16:14.0788 0x067c BrFiltUp - ok 20:16:14.0851 0x067c [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll 20:16:14.0885 0x067c Browser - ok 20:16:14.0926 0x067c [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys 20:16:15.0005 0x067c Brserid - ok 20:16:15.0042 0x067c [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 20:16:15.0079 0x067c BrSerWdm - ok 20:16:15.0114 0x067c [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 20:16:15.0191 0x067c BrUsbMdm - ok 20:16:15.0228 0x067c [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 20:16:15.0259 0x067c BrUsbSer - ok 20:16:15.0313 0x067c [ DB109DA005B6FE2A350C5DD7CA768DFD, 241A0BFAEFB1B165C00EE75E8CA382B5935F5DF447DAD5AE9022B2B78317668E ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe 20:16:15.0338 0x067c BrYNSvc - detected UnsignedFile.Multi.Generic ( 1 ) 20:16:25.0416 0x067c BrYNSvc ( UnsignedFile.Multi.Generic ) - warning 20:16:25.0416 0x067c Force sending object to P2P due to detect: BrYNSvc 20:16:37.0796 0x067c Object send P2P result: true 20:16:57.0039 0x067c [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 20:16:57.0088 0x067c BTHMODEM - ok 20:16:57.0133 0x067c [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll 20:16:57.0216 0x067c bthserv - ok 20:16:57.0257 0x067c [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] c4791e60 C:\Windows\system32\rundll32.exe 20:16:57.0319 0x067c c4791e60 - ok 20:16:57.0358 0x067c [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 20:16:57.0435 0x067c cdfs - ok 20:16:57.0517 0x067c [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 20:16:57.0550 0x067c cdrom - ok 20:16:57.0602 0x067c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll 20:16:57.0655 0x067c CertPropSvc - ok 20:16:57.0693 0x067c [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 20:16:57.0720 0x067c circlass - ok 20:16:57.0856 0x067c [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys 20:16:57.0908 0x067c CLFS - ok 20:16:57.0995 0x067c [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:16:58.0022 0x067c clr_optimization_v2.0.50727_32 - ok 20:16:58.0118 0x067c [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 20:16:58.0144 0x067c clr_optimization_v2.0.50727_64 - ok 20:16:58.0275 0x067c [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:16:58.0307 0x067c clr_optimization_v4.0.30319_32 - ok 20:16:58.0432 0x067c [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 20:16:58.0547 0x067c clr_optimization_v4.0.30319_64 - ok 20:16:58.0579 0x067c [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 20:16:58.0630 0x067c CmBatt - ok 20:16:58.0670 0x067c [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys 20:16:58.0693 0x067c cmdide - ok 20:16:58.0736 0x067c [ AFA1BFF926592FD0C3AB97D838652EF9, C38BC4BBD4EDF779993B2FECF96C1FD55B085F3FBEB3E1AE3C892DFD369D611D ] cm_km_w C:\Windows\system32\DRIVERS\cm_km_w.sys 20:16:58.0756 0x067c cm_km_w - ok 20:16:58.0816 0x067c [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys 20:16:58.0908 0x067c CNG - ok 20:16:58.0941 0x067c [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 20:16:58.0960 0x067c Compbatt - ok 20:16:59.0008 0x067c [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 20:16:59.0066 0x067c CompositeBus - ok 20:16:59.0080 0x067c COMSysApp - ok 20:16:59.0198 0x067c cpuz134 - ok 20:16:59.0260 0x067c [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 20:16:59.0284 0x067c crcdisk - ok 20:16:59.0351 0x067c [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll 20:16:59.0425 0x067c CryptSvc - ok 20:16:59.0480 0x067c [ AB1201F8DE199E764DA9A32ABF71049C, 63961E0B7DC449CAD080E6566A643D682C92125649724DCFB18D4BD9C924DEAA ] CSCrySec C:\Windows\system32\DRIVERS\CSCrySec.sys 20:16:59.0501 0x067c CSCrySec - ok 20:16:59.0543 0x067c [ A6EED705BB510FA6B0F9F097165A3395, 2393B8ED240373F836C6C9053BFC0D3B7AC2AE4B9D5B4C35B8BADAC9ED78991C ] CSVirtualDiskDrv C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys 20:16:59.0556 0x067c CSVirtualDiskDrv - ok 20:16:59.0811 0x067c [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 20:16:59.0846 0x067c cvhsvc - ok 20:16:59.0924 0x067c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll 20:17:00.0010 0x067c DcomLaunch - ok 20:17:00.0051 0x067c [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll 20:17:00.0120 0x067c defragsvc - ok 20:17:00.0165 0x067c [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys 20:17:00.0240 0x067c DfsC - ok 20:17:00.0302 0x067c [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys 20:17:00.0323 0x067c dg_ssudbus - ok 20:17:00.0394 0x067c [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll 20:17:00.0449 0x067c Dhcp - ok 20:17:00.0478 0x067c [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys 20:17:00.0545 0x067c discache - ok 20:17:00.0584 0x067c [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys 20:17:00.0596 0x067c Disk - ok 20:17:00.0700 0x067c [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll 20:17:00.0765 0x067c Dnscache - ok 20:17:00.0823 0x067c [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll 20:17:00.0915 0x067c dot3svc - ok 20:17:01.0008 0x067c [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll 20:17:01.0107 0x067c DPS - ok 20:17:01.0160 0x067c [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 20:17:01.0201 0x067c drmkaud - ok 20:17:01.0302 0x067c [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 20:17:01.0374 0x067c DXGKrnl - ok 20:17:01.0415 0x067c [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll 20:17:01.0470 0x067c EapHost - ok 20:17:01.0671 0x067c [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 20:17:01.0833 0x067c ebdrv - ok 20:17:01.0876 0x067c [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] EFS C:\Windows\System32\lsass.exe 20:17:01.0910 0x067c EFS - ok 20:17:02.0041 0x067c [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 20:17:02.0128 0x067c ehRecvr - ok 20:17:02.0157 0x067c [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe 20:17:02.0198 0x067c ehSched - ok 20:17:02.0271 0x067c [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 20:17:02.0320 0x067c elxstor - ok 20:17:02.0361 0x067c [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys 20:17:02.0426 0x067c ErrDev - ok 20:17:02.0475 0x067c [ 3C38648375B7F3988691F53A7AAE10A9, 2423EE67C8E9ACEA3526E5221177F5C63665820ED8A82F6DE0A9997389687C03 ] ETD C:\Windows\system32\DRIVERS\ETD.sys 20:17:02.0492 0x067c ETD - ok 20:17:02.0543 0x067c [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll 20:17:02.0632 0x067c EventSystem - ok 20:17:02.0703 0x067c [ 7230F4CF9F20DCD1DBF4BB3296EEED68, 0B9EAA411271AAB9C84680AAF8910854124D8A318A7388E0E356869126BE533D ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys 20:17:02.0765 0x067c ew_hwusbdev - ok 20:17:02.0803 0x067c [ 5222D99C7E3245882E864D2EA7011387, 184E36074C765243783F69B7073FB2FAFC53BB18209ECD5030514CC513A47C8B ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys 20:17:02.0862 0x067c ew_usbenumfilter - ok 20:17:02.0896 0x067c [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys 20:17:02.0991 0x067c exfat - ok 20:17:03.0018 0x067c [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys 20:17:03.0092 0x067c fastfat - ok 20:17:03.0165 0x067c [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe 20:17:03.0275 0x067c Fax - ok 20:17:03.0296 0x067c [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys 20:17:03.0313 0x067c fdc - ok 20:17:03.0358 0x067c [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll 20:17:03.0422 0x067c fdPHost - ok 20:17:03.0463 0x067c [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll 20:17:03.0529 0x067c FDResPub - ok 20:17:03.0575 0x067c [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 20:17:03.0589 0x067c FileInfo - ok 20:17:03.0604 0x067c [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 20:17:03.0661 0x067c Filetrace - ok 20:17:03.0683 0x067c [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 20:17:03.0729 0x067c flpydisk - ok 20:17:03.0778 0x067c [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 20:17:03.0801 0x067c FltMgr - ok 20:17:03.0869 0x067c [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll 20:17:03.0979 0x067c FontCache - ok 20:17:04.0042 0x067c [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 20:17:04.0064 0x067c FontCache3.0.0.0 - ok 20:17:04.0091 0x067c [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 20:17:04.0103 0x067c FsDepends - ok 20:17:04.0163 0x067c [ 5814011B2F6E088E29D689B5FCD49B8F, 15C09FB9A80FDDB65FB831944BEC1B81743E0B7E4469F35E9FD4142FBB673C0E ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 20:17:04.0184 0x067c fssfltr - ok 20:17:04.0271 0x067c [ F6717211C1EC2CDDAA81B97B0727C2E9, C1FD5A389167A826C002E28339BFCF7DC8851652647016D0DCF8585EB0B8FB28 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 20:17:04.0295 0x067c fsssvc - ok 20:17:04.0326 0x067c [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 20:17:04.0337 0x067c Fs_Rec - ok 20:17:04.0370 0x067c [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 20:17:04.0392 0x067c fvevol - ok 20:17:04.0435 0x067c [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 20:17:04.0460 0x067c gagp30kx - ok 20:17:04.0519 0x067c [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll 20:17:04.0641 0x067c gpsvc - ok 20:17:04.0754 0x067c [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 20:17:04.0778 0x067c gupdate - ok 20:17:04.0826 0x067c [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 20:17:04.0847 0x067c gupdatem - ok 20:17:04.0871 0x067c [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 20:17:04.0891 0x067c hcw85cir - ok 20:17:04.0952 0x067c [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 20:17:04.0998 0x067c HdAudAddService - ok 20:17:05.0050 0x067c [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 20:17:05.0087 0x067c HDAudBus - ok 20:17:05.0133 0x067c [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 20:17:05.0145 0x067c HECIx64 - ok 20:17:05.0168 0x067c [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 20:17:05.0197 0x067c HidBatt - ok 20:17:05.0233 0x067c [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 20:17:05.0265 0x067c HidBth - ok 20:17:05.0306 0x067c [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 20:17:05.0349 0x067c HidIr - ok 20:17:05.0399 0x067c [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll 20:17:05.0476 0x067c hidserv - ok 20:17:05.0534 0x067c [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys 20:17:05.0549 0x067c HidUsb - ok 20:17:05.0594 0x067c [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll 20:17:05.0645 0x067c hkmsvc - ok 20:17:05.0687 0x067c [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 20:17:05.0736 0x067c HomeGroupListener - ok 20:17:05.0791 0x067c [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 20:17:05.0832 0x067c HomeGroupProvider - ok 20:17:05.0888 0x067c [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 20:17:05.0904 0x067c HpSAMD - ok 20:17:05.0969 0x067c [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys 20:17:06.0096 0x067c HTTP - ok 20:17:06.0149 0x067c [ 73E0BB3F22FD486458D89DC469225DD0, 5431D33D33D54D3045B307C16C3DF7BAEED5EDB10F1C426CAF2CE24837562577 ] huawei_cdcacm C:\Windows\system32\DRIVERS\ew_jucdcacm.sys 20:17:06.0188 0x067c huawei_cdcacm - ok 20:17:06.0217 0x067c [ 6196072AB259D45261619FA1230D6E1A, 22ABE79B3A2C05BB90531B4BD4230CEC313D8B1D12B790C87741526E41EACDAB ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys 20:17:06.0262 0x067c huawei_enumerator - ok 20:17:06.0342 0x067c [ 4565D7B2738BA36D7B723A9E46D5C32E, BB5B43429B9A0A5A3E813A5D6101139F8B1E63E006EBAB9001D4B2E406769C41 ] huawei_ext_ctrl C:\Windows\system32\DRIVERS\ew_juextctrl.sys 20:17:06.0388 0x067c huawei_ext_ctrl - ok 20:17:06.0444 0x067c [ 7C46C0A04634F3059B9729EADB62FA15, 980C2D1CF187E20A9F92D18B64EA28330A0E983E2D48F4A6EC33ADCF288D7874 ] huawei_wwanecm C:\Windows\system32\DRIVERS\ew_juwwanecm.sys 20:17:06.0492 0x067c huawei_wwanecm - ok 20:17:06.0621 0x067c [ E90DA42B87D684DEBFB73B38A718A006, BB18C63C1982F5CB99C9B65D2B801E8C1909AD7CD0171326DC0015D6B781B451 ] HWDeviceService64.exe C:\ProgramData\DatacardService\HWDeviceService64.exe 20:17:06.0638 0x067c HWDeviceService64.exe - ok 20:17:06.0671 0x067c [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 20:17:06.0682 0x067c hwpolicy - ok 20:17:06.0742 0x067c [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 20:17:06.0794 0x067c i8042prt - ok 20:17:06.0842 0x067c [ BBB3B6DF1ABB0FE35802EDE85CC1C011, 6E1FA8519A7D417969244E807D2863B39656169A925966045036A989A5EB611D ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 20:17:06.0865 0x067c iaStor - ok 20:17:06.0932 0x067c [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 20:17:06.0983 0x067c iaStorV - ok 20:17:07.0056 0x067c [ 99730C456C8FF7A544D23445C7EEDA4A, C04EFDB14018B362146EDD74A429A088DFB7836E5EF315AF7521BEBEF538B192 ] ICM_UpdaterService C:\Program Files (x86)\SAMSUNG\Samsung Networking Wizard\ICM_Service.exe 20:17:07.0073 0x067c ICM_UpdaterService - detected UnsignedFile.Multi.Generic ( 1 ) 20:17:17.0075 0x067c ICM_UpdaterService ( UnsignedFile.Multi.Generic ) - warning 20:17:27.0397 0x067c [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 20:17:27.0447 0x067c idsvc - ok 20:17:27.0486 0x067c IEEtwCollectorService - ok 20:17:27.0524 0x067c [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 20:17:27.0538 0x067c iirsp - ok 20:17:27.0588 0x067c [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll 20:17:27.0670 0x067c IKEEXT - ok 20:17:27.0715 0x067c [ 36FDF367A1DABFF903E2214023D71368, 60468692C1D048428AF25ED87DE23DAE756C7BA2B6CF6AF5EFD2E53C80F5FC68 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys 20:17:27.0756 0x067c Impcd - ok 20:17:27.0796 0x067c [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys 20:17:27.0816 0x067c intelide - ok 20:17:27.0847 0x067c [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 20:17:27.0891 0x067c intelppm - ok 20:17:28.0014 0x067c [ C5678CCEB3E9E03639C0A0E67B132E92, 3997C2F0410C7211C32730D3D80CDE18EABAAC9F244282008490351B9A4057EB ] Internet Manager. RunOuc C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe 20:17:28.0051 0x067c Internet Manager. RunOuc - detected UnsignedFile.Multi.Generic ( 1 ) 20:17:28.0051 0x067c Internet Manager. RunOuc ( UnsignedFile.Multi.Generic ) - warning 20:17:28.0051 0x067c Force sending object to P2P due to detect: Internet Manager. RunOuc 20:17:28.0056 0x067c Object send P2P result: false 20:17:28.0111 0x067c [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll 20:17:28.0155 0x067c IPBusEnum - ok 20:17:28.0194 0x067c [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:17:28.0242 0x067c IpFilterDriver - ok 20:17:28.0486 0x067c [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 20:17:28.0528 0x067c iphlpsvc - ok 20:17:28.0572 0x067c [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 20:17:28.0614 0x067c IPMIDRV - ok 20:17:28.0638 0x067c [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys 20:17:28.0689 0x067c IPNAT - ok 20:17:28.0733 0x067c [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys 20:17:28.0778 0x067c IRENUM - ok 20:17:28.0822 0x067c [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys 20:17:28.0845 0x067c isapnp - ok 20:17:28.0883 0x067c [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 20:17:28.0905 0x067c iScsiPrt - ok 20:17:28.0921 0x067c [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 20:17:28.0934 0x067c kbdclass - ok 20:17:28.0982 0x067c [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 20:17:29.0036 0x067c kbdhid - ok 20:17:29.0077 0x067c [ E63EF8C3271D014F14E2469CE75FECB4, 3A8DFA4B446AFDC35F01FD5218D0BEBC510A1E3DE9976210F00D19767D0F9069 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys 20:17:29.0090 0x067c kbfiltr - ok 20:17:29.0099 0x067c [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] KeyIso C:\Windows\system32\lsass.exe 20:17:29.0118 0x067c KeyIso - ok 20:17:29.0198 0x067c [ D93E72DCC2A99E67931BB79485563146, 7EF496A82E69A53465ED7D45E890275E44C979AD5E9C5E482E0DBE5DC9AD9AD3 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys 20:17:29.0241 0x067c KL1 - ok 20:17:29.0263 0x067c [ CEF0410B784E8CEB0175103CDE52E7FA, 729A45D76D1886E5ECDF23F96925CEBB90A31EFA5A798D69D9C5A684380B6E36 ] kldisk C:\Windows\system32\DRIVERS\kldisk.sys 20:17:29.0274 0x067c kldisk - ok 20:17:29.0306 0x067c [ 09F851161CB4B3D92CDE85B3845DCECC, C86EE26F13DB904CD0CB92BEE282188D5E56ECE071F4D6E53F9AAB6D911C5DE0 ] klflt C:\Windows\system32\DRIVERS\klflt.sys 20:17:29.0320 0x067c klflt - ok 20:17:29.0381 0x067c [ 7A64190934B66C17F41D3921353BAEDD, D212A6ECB1CBCC665336DF982B5061A72CD88CB5BF6B2EB14B11B8BE756A670E ] klhk C:\Windows\system32\DRIVERS\klhk.sys 20:17:29.0399 0x067c klhk - ok 20:17:29.0502 0x067c [ B8B20727DD8B9753614E089682473563, CA39E9A517CC8B1E04860E0AFB03B0CD7FBDE66143B6CA26FB9DC0EBF80F8F48 ] KLIF C:\Windows\system32\DRIVERS\klif.sys 20:17:29.0547 0x067c KLIF - ok 20:17:29.0596 0x067c [ FEAD1F401CBE9383A642877A6EA1398F, 0529A96D406DAB1C0715692441BDBC1C05123EB62005B806A8EFF5B0B6DCD5DB ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys 20:17:29.0606 0x067c KLIM6 - ok 20:17:29.0636 0x067c [ 3FAE739F2AFEA18BCBB9C5E7DC6E889D, 5990C074BCB8E2172AE0A2AC0A31E6636B3C3EF0A5BB1F593E62D22D53FC5BF0 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys 20:17:29.0646 0x067c klkbdflt - ok 20:17:29.0685 0x067c [ 72CF64FBF38CD681FA7F37176047E967, BE5683C119DCEF7E678EE477D6CADF873E32D42372A253B7E86B8C335DF28E1C ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys 20:17:29.0696 0x067c klmouflt - ok 20:17:29.0713 0x067c [ 8C0EC95AD65A0DE3D6C040591D02BF02, 272FB83752B73684FA7BDBE256FAFD56138E4755AAEFED9E7EF8F0E3D0ACFAF2 ] klpd C:\Windows\system32\DRIVERS\klpd.sys 20:17:29.0724 0x067c klpd - ok 20:17:29.0740 0x067c [ 43957361D346A4263873932D572613F2, 719E61CADF6FB49C24370899329BDE198E55DEB175F5701382EE16311D8576D9 ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys 20:17:29.0752 0x067c kltdi - ok 20:17:29.0784 0x067c [ 926BA68DA79545EB6D99BB009B781E5E, EB1DB801044EB4228D38D85A8B6853EFE887B7D4E1EA1F0B8F75DD4886C96467 ] Klwtp C:\Windows\system32\DRIVERS\klwtp.sys 20:17:29.0798 0x067c Klwtp - ok 20:17:29.0813 0x067c [ D4CEEAC11C65F49D0F42E74440E829BF, 7E289BB5E400326BADDD61CBB99CB268A3E99103CF16968E1D9141C205EE309C ] kneps C:\Windows\system32\DRIVERS\kneps.sys 20:17:29.0829 0x067c kneps - ok 20:17:29.0857 0x067c [ 56ED3EE5FED6BF2FC1305CF872042868, 44F77AE3CD83284800FF106156ABCB63047327855E2535EE278289AF6F05579C ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 20:17:29.0872 0x067c KSecDD - ok 20:17:29.0962 0x067c [ 8BA90F480705D7153AD0060CCA62222A, B3E610DFAB382368114D026947084A72AFC4F5BF9C28317F411D4ED91E0B3192 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 20:17:29.0988 0x067c KSecPkg - ok 20:17:30.0047 0x067c [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 20:17:30.0099 0x067c ksthunk - ok 20:17:30.0139 0x067c [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll 20:17:30.0208 0x067c KtmRm - ok 20:17:30.0251 0x067c [ 9C46A5421DE9D116C47155317CABB522, 276ECDAA08EADF2F2B572415637A58FC33097ED6A026580DAA1868AAC90064A7 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys 20:17:30.0291 0x067c L1C - ok 20:17:30.0350 0x067c [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll 20:17:30.0420 0x067c LanmanServer - ok 20:17:30.0466 0x067c [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 20:17:30.0529 0x067c LanmanWorkstation - ok 20:17:30.0615 0x067c [ 466DB8076C33774745AC04FA55F875E1, 861FB68ABB273C81AC3FBE00843A6CD830187DC8E4B3A7C3E3C7EFE589628A60 ] Lexware_Update_Service C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe 20:17:30.0625 0x067c Lexware_Update_Service - ok 20:17:30.0660 0x067c [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 20:17:30.0721 0x067c lltdio - ok 20:17:30.0770 0x067c [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll 20:17:30.0854 0x067c lltdsvc - ok 20:17:30.0885 0x067c [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll 20:17:30.0924 0x067c lmhosts - ok 20:17:30.0999 0x067c [ A1C148801B4AF64847AEB9F3AD9594EF, FF6ED89EA47DF74C33CD8BFAC48FAED1B979348ABA6B6D94EE07CBD21810F37B ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 20:17:31.0037 0x067c LMS - detected UnsignedFile.Multi.Generic ( 1 ) 20:17:31.0037 0x067c LMS ( UnsignedFile.Multi.Generic ) - warning 20:17:31.0037 0x067c Force sending object to P2P due to detect: LMS 20:17:31.0041 0x067c Object send P2P result: false 20:17:31.0089 0x067c [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 20:17:31.0108 0x067c LSI_FC - ok 20:17:31.0126 0x067c [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 20:17:31.0145 0x067c LSI_SAS - ok 20:17:31.0155 0x067c [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 20:17:31.0169 0x067c LSI_SAS2 - ok 20:17:31.0192 0x067c [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 20:17:31.0206 0x067c LSI_SCSI - ok 20:17:31.0227 0x067c [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys 20:17:31.0267 0x067c luafv - ok 20:17:31.0311 0x067c [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 20:17:31.0329 0x067c Mcx2Svc - ok 20:17:31.0339 0x067c [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 20:17:31.0352 0x067c megasas - ok 20:17:31.0376 0x067c [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 20:17:31.0396 0x067c MegaSR - ok 20:17:31.0433 0x067c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll 20:17:31.0512 0x067c MMCSS - ok 20:17:31.0559 0x067c [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys 20:17:31.0625 0x067c Modem - ok 20:17:31.0659 0x067c [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 20:17:31.0690 0x067c monitor - ok 20:17:31.0722 0x067c [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 20:17:31.0736 0x067c mouclass - ok 20:17:31.0769 0x067c [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 20:17:31.0806 0x067c mouhid - ok 20:17:31.0843 0x067c [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 20:17:31.0860 0x067c mountmgr - ok 20:17:31.0909 0x067c [ 81E8AF6407EC3F41908FE37F054353EA, 756C7656ED68AEAE4225E952ED1CED0717264D3378DB8DF0B2D70B6EBC67C62F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 20:17:31.0931 0x067c MozillaMaintenance - ok 20:17:32.0006 0x067c [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys 20:17:32.0033 0x067c mpio - ok 20:17:32.0072 0x067c [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 20:17:32.0150 0x067c mpsdrv - ok 20:17:32.0241 0x067c [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll 20:17:32.0366 0x067c MpsSvc - ok 20:17:32.0397 0x067c [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 20:17:32.0440 0x067c MRxDAV - ok 20:17:32.0502 0x067c [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 20:17:32.0558 0x067c mrxsmb - ok 20:17:32.0591 0x067c [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:17:32.0627 0x067c mrxsmb10 - ok 20:17:32.0655 0x067c [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:17:32.0682 0x067c mrxsmb20 - ok 20:17:32.0715 0x067c [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys 20:17:32.0727 0x067c msahci - ok 20:17:32.0787 0x067c [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys 20:17:32.0814 0x067c msdsm - ok 20:17:32.0869 0x067c [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe 20:17:32.0903 0x067c MSDTC - ok 20:17:32.0937 0x067c [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys 20:17:32.0998 0x067c Msfs - ok 20:17:33.0005 0x067c [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 20:17:33.0059 0x067c mshidkmdf - ok 20:17:33.0098 0x067c [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 20:17:33.0109 0x067c msisadrv - ok 20:17:33.0162 0x067c [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 20:17:33.0247 0x067c MSiSCSI - ok 20:17:33.0251 0x067c msiserver - ok 20:17:33.0289 0x067c [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 20:17:33.0329 0x067c MSKSSRV - ok 20:17:33.0361 0x067c [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 20:17:33.0427 0x067c MSPCLOCK - ok 20:17:33.0459 0x067c [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 20:17:33.0541 0x067c MSPQM - ok 20:17:33.0591 0x067c [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 20:17:33.0612 0x067c MsRPC - ok 20:17:33.0644 0x067c [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 20:17:33.0657 0x067c mssmbios - ok 20:17:33.0750 0x067c MSSQL$JTLWAWI - ok 20:17:33.0794 0x067c [ 1D89EB4E2A99CABD4E81225F4F4C4B25, B9C4D956E3F74CB463A1A14287F4B550381FBB3E4B2DF9418E041E02A159E31E ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe 20:17:33.0813 0x067c MSSQLServerADHelper - ok 20:17:33.0840 0x067c [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 20:17:33.0880 0x067c MSTEE - ok 20:17:33.0897 0x067c [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 20:17:33.0925 0x067c MTConfig - ok 20:17:33.0975 0x067c [ 032D35C996F21D19A205A7C8F0B76F3C, 1A1C5BD7204BB937A05E201BCC0840B2C8E4B273D8E1D6D9407264FB4C57F014 ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys 20:17:33.0986 0x067c MTsensor - ok 20:17:34.0030 0x067c [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys 20:17:34.0046 0x067c Mup - ok 20:17:34.0099 0x067c [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll 20:17:34.0205 0x067c napagent - ok 20:17:34.0257 0x067c [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 20:17:34.0301 0x067c NativeWifiP - ok 20:17:34.0403 0x067c [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys 20:17:34.0475 0x067c NDIS - ok 20:17:34.0525 0x067c [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 20:17:34.0587 0x067c NdisCap - ok 20:17:34.0624 0x067c [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 20:17:34.0678 0x067c NdisTapi - ok 20:17:34.0722 0x067c [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 20:17:34.0776 0x067c Ndisuio - ok 20:17:34.0826 0x067c [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 20:17:34.0883 0x067c NdisWan - ok 20:17:34.0908 0x067c [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 20:17:34.0956 0x067c NDProxy - ok 20:17:34.0992 0x067c [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 20:17:35.0082 0x067c NetBIOS - ok 20:17:35.0133 0x067c [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 20:17:35.0187 0x067c NetBT - ok 20:17:35.0199 0x067c [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] Netlogon C:\Windows\system32\lsass.exe 20:17:35.0211 0x067c Netlogon - ok 20:17:35.0244 0x067c [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll 20:17:35.0306 0x067c Netman - ok 20:17:35.0360 0x067c [ 9D0157074866FCF3EA2A07185D93FC72, C4107EE60ADA7E326DF7B27602166E9D57CB9982717605730BF7C7D2401E30A9 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:17:35.0377 0x067c NetMsmqActivator - ok 20:17:35.0407 0x067c [ 9D0157074866FCF3EA2A07185D93FC72, C4107EE60ADA7E326DF7B27602166E9D57CB9982717605730BF7C7D2401E30A9 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:17:35.0421 0x067c NetPipeActivator - ok 20:17:35.0463 0x067c [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll 20:17:35.0545 0x067c netprofm - ok 20:17:35.0593 0x067c [ 9D0157074866FCF3EA2A07185D93FC72, C4107EE60ADA7E326DF7B27602166E9D57CB9982717605730BF7C7D2401E30A9 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:17:35.0606 0x067c NetTcpActivator - ok 20:17:35.0611 0x067c [ 9D0157074866FCF3EA2A07185D93FC72, C4107EE60ADA7E326DF7B27602166E9D57CB9982717605730BF7C7D2401E30A9 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:17:35.0624 0x067c NetTcpPortSharing - ok 20:17:35.0652 0x067c [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 20:17:35.0664 0x067c nfrd960 - ok 20:17:35.0702 0x067c [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll 20:17:35.0767 0x067c NlaSvc - ok 20:17:35.0792 0x067c [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys 20:17:35.0871 0x067c Npfs - ok 20:17:35.0902 0x067c [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll 20:17:35.0966 0x067c nsi - ok 20:17:35.0989 0x067c [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 20:17:36.0045 0x067c nsiproxy - ok 20:17:36.0149 0x067c [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 20:17:36.0241 0x067c Ntfs - ok 20:17:36.0259 0x067c [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys 20:17:36.0341 0x067c Null - ok 20:17:36.0391 0x067c [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys 20:17:36.0408 0x067c nvraid - ok 20:17:36.0448 0x067c [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys 20:17:36.0467 0x067c nvstor - ok 20:17:36.0515 0x067c [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 20:17:36.0531 0x067c nv_agp - ok 20:17:36.0581 0x067c [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 20:17:36.0618 0x067c ohci1394 - ok 20:17:36.0668 0x067c [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:17:36.0682 0x067c ose - ok 20:17:36.0898 0x067c [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 20:17:37.0114 0x067c osppsvc - ok 20:17:37.0172 0x067c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 20:17:37.0264 0x067c p2pimsvc - ok 20:17:37.0311 0x067c [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll 20:17:37.0374 0x067c p2psvc - ok 20:17:37.0419 0x067c [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys 20:17:37.0463 0x067c Parport - ok 20:17:37.0497 0x067c [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys 20:17:37.0513 0x067c partmgr - ok 20:17:37.0564 0x067c [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll 20:17:37.0594 0x067c PcaSvc - ok 20:17:37.0638 0x067c [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys 20:17:37.0654 0x067c pci - ok 20:17:37.0684 0x067c [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys 20:17:37.0695 0x067c pciide - ok 20:17:37.0729 0x067c [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 20:17:37.0747 0x067c pcmcia - ok 20:17:37.0775 0x067c [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys 20:17:37.0788 0x067c pcw - ok 20:17:37.0919 0x067c [ 20372BE109FEE1C37E2D5216680DB9EB, 2C3737FB3C6BCF81D0A7293667412DDEA649A8AEA40B7ADCFCB9893E8B3C4AF3 ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe 20:17:37.0959 0x067c PDF Architect Helper Service - ok 20:17:38.0005 0x067c [ B90A279073A815A4AA2C45A09EE004FA, 9EA27630C47F5FF99CBBE513C113F3ED01FABA0D59B9D9637764027BCC6EA24A ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe 20:17:38.0032 0x067c PDF Architect Service - ok 20:17:38.0083 0x067c [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys 20:17:38.0142 0x067c PEAUTH - ok 20:17:38.0225 0x067c [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe 20:17:38.0264 0x067c PerfHost - ok 20:17:38.0348 0x067c [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll 20:17:38.0469 0x067c pla - ok 20:17:38.0509 0x067c [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 20:17:38.0545 0x067c PlugPlay - ok 20:17:38.0569 0x067c [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 20:17:38.0603 0x067c PNRPAutoReg - ok 20:17:38.0631 0x067c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 20:17:38.0650 0x067c PNRPsvc - ok 20:17:38.0713 0x067c [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 20:17:38.0795 0x067c PolicyAgent - ok 20:17:38.0826 0x067c [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll 20:17:38.0882 0x067c Power - ok 20:17:38.0921 0x067c [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 20:17:38.0974 0x067c PptpMiniport - ok 20:17:39.0005 0x067c [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys 20:17:39.0031 0x067c Processor - ok 20:17:39.0059 0x067c [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll 20:17:39.0080 0x067c ProfSvc - ok 20:17:39.0087 0x067c [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] ProtectedStorage C:\Windows\system32\lsass.exe 20:17:39.0101 0x067c ProtectedStorage - ok 20:17:39.0153 0x067c [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 20:17:39.0200 0x067c Psched - ok 20:17:39.0259 0x067c [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 20:17:39.0344 0x067c ql2300 - ok 20:17:39.0372 0x067c [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 20:17:39.0386 0x067c ql40xx - ok 20:17:39.0425 0x067c [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll 20:17:39.0451 0x067c QWAVE - ok 20:17:39.0468 0x067c [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 20:17:39.0505 0x067c QWAVEdrv - ok 20:17:39.0556 0x067c [ A55E7D0D873B2C97585B3B5926AC6ADE, 3BE3895DA7F0888E85B1941525878BA0846A8F215AD39ED8138BB39615468E32 ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll 20:17:39.0574 0x067c RapiMgr - ok 20:17:39.0597 0x067c [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 20:17:39.0647 0x067c RasAcd - ok 20:17:39.0687 0x067c [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 20:17:39.0742 0x067c RasAgileVpn - ok 20:17:39.0781 0x067c [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll 20:17:39.0837 0x067c RasAuto - ok 20:17:39.0885 0x067c [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 20:17:39.0928 0x067c Rasl2tp - ok 20:17:39.0977 0x067c [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll 20:17:40.0038 0x067c RasMan - ok 20:17:40.0088 0x067c [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 20:17:40.0173 0x067c RasPppoe - ok 20:17:40.0202 0x067c [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 20:17:40.0265 0x067c RasSstp - ok 20:17:40.0323 0x067c [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 20:17:40.0404 0x067c rdbss - ok 20:17:40.0429 0x067c [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 20:17:40.0463 0x067c rdpbus - ok 20:17:40.0502 0x067c [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 20:17:40.0540 0x067c RDPCDD - ok 20:17:40.0554 0x067c [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 20:17:40.0591 0x067c RDPENCDD - ok 20:17:40.0624 0x067c [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 20:17:40.0675 0x067c RDPREFMP - ok 20:17:40.0711 0x067c [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 20:17:40.0742 0x067c RDPWD - ok 20:17:40.0794 0x067c [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 20:17:40.0825 0x067c rdyboost - ok 20:17:40.0849 0x067c [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll 20:17:40.0892 0x067c RemoteAccess - ok 20:17:40.0939 0x067c [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll 20:17:41.0010 0x067c RemoteRegistry - ok 20:17:41.0071 0x067c [ CAF88D6573D21CD2AA27001DDBFDC74D, 8256B93E586953F1B594BFFA1F005DB08325CAF1729A93820B09F60DAA998C97 ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys 20:17:41.0139 0x067c RMCAST - ok 20:17:41.0171 0x067c [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 20:17:41.0234 0x067c RpcEptMapper - ok 20:17:41.0273 0x067c [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe 20:17:41.0286 0x067c RpcLocator - ok 20:17:41.0324 0x067c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll 20:17:41.0375 0x067c RpcSs - ok 20:17:41.0407 0x067c [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 20:17:41.0462 0x067c rspndr - ok 20:17:41.0487 0x067c [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] SamSs C:\Windows\system32\lsass.exe 20:17:41.0499 0x067c SamSs - ok 20:17:41.0549 0x067c [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 20:17:41.0573 0x067c sbp2port - ok 20:17:41.0593 0x067c [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll 20:17:41.0652 0x067c SCardSvr - ok 20:17:41.0675 0x067c [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 20:17:41.0740 0x067c scfilter - ok 20:17:41.0803 0x067c [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll 20:17:41.0930 0x067c Schedule - ok 20:17:41.0967 0x067c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll 20:17:42.0005 0x067c SCPolicySvc - ok 20:17:42.0060 0x067c [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll 20:17:42.0120 0x067c SDRSVC - ok 20:17:42.0163 0x067c [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys 20:17:42.0220 0x067c secdrv - ok 20:17:42.0250 0x067c [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll 20:17:42.0317 0x067c seclogon - ok 20:17:42.0349 0x067c [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll 20:17:42.0415 0x067c SENS - ok 20:17:42.0420 0x067c [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll 20:17:42.0433 0x067c SensrSvc - ok 20:17:42.0463 0x067c [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 20:17:42.0494 0x067c Serenum - ok 20:17:42.0542 0x067c [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys 20:17:42.0582 0x067c Serial - ok 20:17:42.0638 0x067c [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 20:17:42.0678 0x067c sermouse - ok 20:17:42.0713 0x067c [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll 20:17:42.0773 0x067c SessionEnv - ok 20:17:42.0810 0x067c [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 20:17:42.0847 0x067c sffdisk - ok 20:17:42.0867 0x067c [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 20:17:42.0912 0x067c sffp_mmc - ok 20:17:42.0934 0x067c [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 20:17:42.0953 0x067c sffp_sd - ok 20:17:42.0982 0x067c [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 20:17:42.0998 0x067c sfloppy - ok 20:17:43.0095 0x067c [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys 20:17:43.0129 0x067c Sftfs - ok 20:17:43.0235 0x067c [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 20:17:43.0266 0x067c sftlist - ok 20:17:43.0309 0x067c [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys 20:17:43.0327 0x067c Sftplay - ok 20:17:43.0364 0x067c [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys 20:17:43.0377 0x067c Sftredir - ok 20:17:43.0395 0x067c [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys 20:17:43.0416 0x067c Sftvol - ok 20:17:43.0461 0x067c [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 20:17:43.0491 0x067c sftvsa - ok 20:17:43.0540 0x067c [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll 20:17:43.0588 0x067c SharedAccess - ok 20:17:43.0624 0x067c [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 20:17:43.0712 0x067c ShellHWDetection - ok 20:17:43.0738 0x067c [ 1BC348CF6BAA90EC8E533EF6E6A69933, 2B26F6EB701F48E092DED6A7B888F24736F2899EE81D54DD4B1E9DF7CFD36E7A ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys 20:17:43.0753 0x067c SiSGbeLH - ok 20:17:43.0793 0x067c [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 20:17:43.0806 0x067c SiSRaid2 - ok 20:17:43.0823 0x067c [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 20:17:43.0837 0x067c SiSRaid4 - ok 20:17:43.0880 0x067c [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 20:17:43.0913 0x067c SkypeUpdate - ok 20:17:43.0942 0x067c [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys 20:17:43.0981 0x067c Smb - ok 20:17:44.0050 0x067c [ 10450F432811D7FDA60A97FCC674D7B2, FD6245B06DD81C6E287DA47173D622357D86D84E3A5444CD34645973FE2E8BF5 ] snapman C:\Windows\system32\DRIVERS\snapman.sys 20:17:44.0066 0x067c snapman - ok 20:17:44.0085 0x067c [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 20:17:44.0100 0x067c SNMPTRAP - ok 20:17:44.0197 0x067c [ F06A6DE8438F7446BFF9E61F31356521, 6F8819013B4362A83793914282878047B3C3A42D2E978438AF47A7E9F12AA81C ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys 20:17:44.0304 0x067c SNP2UVC - ok 20:17:44.0349 0x067c [ B785BC959F7B0514971A317CA86A2628, A282E67035D024D08C9F70D19B17A3CA5FC0424AD37C8FA0912DEFBF340A8FB0 ] SoehnleComfort C:\Windows\system32\Drivers\SoehnleComfort_x64.sys 20:17:44.0378 0x067c SoehnleComfort - ok 20:17:44.0402 0x067c [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys 20:17:44.0416 0x067c spldr - ok 20:17:44.0468 0x067c [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe 20:17:44.0531 0x067c Spooler - ok 20:17:44.0672 0x067c [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe 20:17:44.0916 0x067c sppsvc - ok 20:17:44.0956 0x067c [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll 20:17:45.0042 0x067c sppuinotify - ok 20:17:45.0115 0x067c [ 86EBD8B1F23E743AAD21F4D5B4D40985, 8FA4DFDAE15712266B878C364FEFDB63CB30A3DCC25F83CDFE8C8AB3AE864BE6 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe 20:17:45.0142 0x067c SQLBrowser - ok 20:17:45.0216 0x067c [ 3C432A96363097870995E2A3C8B66ABD, AA0AE0935FC5317FE93D7D3C3B9A6B2E026915D07704AF3E36F14FEA8595F4A6 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 20:17:45.0236 0x067c SQLWriter - ok 20:17:45.0290 0x067c [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys 20:17:45.0347 0x067c srv - ok 20:17:45.0387 0x067c [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 20:17:45.0436 0x067c srv2 - ok 20:17:45.0490 0x067c [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 20:17:45.0508 0x067c srvnet - ok 20:17:45.0542 0x067c [ F74634F46692C8315E7F37F698AF3225, 9518BC2A330B1908C4EE9762A91AD40B7A38F8A048ED966D40129479FE1D4080 ] sscebus C:\Windows\system32\DRIVERS\sscebus.sys 20:17:45.0557 0x067c sscebus - ok 20:17:45.0569 0x067c [ 82732B391EFD69B0548044BE9CB37BFC, 047E7C3420434D778C20194742F52E9CCAA6D680426F66757C6465CB8BF4DC3C ] sscemdfl C:\Windows\system32\DRIVERS\sscemdfl.sys 20:17:45.0580 0x067c sscemdfl - ok 20:17:45.0616 0x067c [ 43D56ACE4469D90F9790E8352D87D9B5, 946DA7F37197B9AFA2369E21583F1E554613C8D035AC98A03B5E72E253D7C21A ] sscemdm C:\Windows\system32\DRIVERS\sscemdm.sys 20:17:45.0629 0x067c sscemdm - ok 20:17:45.0659 0x067c [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 20:17:45.0711 0x067c SSDPSRV - ok 20:17:45.0732 0x067c [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll 20:17:45.0791 0x067c SstpSvc - ok 20:17:45.0847 0x067c [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys 20:17:45.0863 0x067c ssudmdm - ok 20:17:46.0006 0x067c [ 94A6522AC9F3E05FD039AD105ADE96D0, 50E62BDE650B55980F9166E4A1555D61E4652BF7C442A402A39F4DAD9119B0EE ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.exe 20:17:46.0055 0x067c STacSV - ok 20:17:46.0085 0x067c [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 20:17:46.0101 0x067c stexstor - ok 20:17:46.0154 0x067c [ DDB811B13D827081E7C1DDFF302AB334, D2C86644ECD6DC20815766874FF15CAF3DEEBBD2E452E146492719518CECC5CE ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys 20:17:46.0206 0x067c STHDA - ok 20:17:46.0269 0x067c [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll 20:17:46.0342 0x067c stisvc - ok 20:17:46.0381 0x067c [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys 20:17:46.0392 0x067c swenum - ok 20:17:46.0430 0x067c [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll 20:17:46.0532 0x067c swprv - ok 20:17:46.0616 0x067c [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll 20:17:46.0714 0x067c SysMain - ok 20:17:46.0752 0x067c [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll 20:17:46.0794 0x067c TabletInputService - ok 20:17:46.0836 0x067c [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll 20:17:46.0894 0x067c TapiSrv - ok 20:17:46.0923 0x067c [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll 20:17:46.0989 0x067c TBS - ok 20:17:47.0082 0x067c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 20:17:47.0191 0x067c Tcpip - ok 20:17:47.0249 0x067c [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 20:17:47.0304 0x067c TCPIP6 - ok 20:17:47.0344 0x067c [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 20:17:47.0375 0x067c tcpipreg - ok 20:17:47.0417 0x067c [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 20:17:47.0453 0x067c TDPIPE - ok 20:17:47.0553 0x067c [ 99527D49EE0A96FC25537C61B270A372, 519E23F86EC86349F92C4A88DBD19C097AEE0A6E152776B32B45D293ED14946B ] tdrpman273 C:\Windows\system32\DRIVERS\tdrpm273.sys 20:17:47.0624 0x067c tdrpman273 - ok 20:17:47.0659 0x067c [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 20:17:47.0688 0x067c TDTCP - ok 20:17:47.0729 0x067c [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys 20:17:47.0761 0x067c tdx - ok 20:17:47.0814 0x067c [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys 20:17:47.0830 0x067c TermDD - ok 20:17:47.0898 0x067c [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll 20:17:47.0972 0x067c TermService - ok 20:17:47.0994 0x067c [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll 20:17:48.0026 0x067c Themes - ok 20:17:48.0055 0x067c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll 20:17:48.0100 0x067c THREADORDER - ok 20:17:48.0174 0x067c [ EBBAEA02F0095A798000C7E06B16D41B, CBEAC6CBF0F8D5B72ACCBADA6BD1DF1EB31F84B0D973DA955337991D4DBBDF7E ] timounter C:\Windows\system32\DRIVERS\timntr.sys 20:17:48.0243 0x067c timounter - ok 20:17:48.0292 0x067c [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll 20:17:48.0355 0x067c TrkWks - ok 20:17:48.0429 0x067c [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 20:17:48.0482 0x067c TrustedInstaller - ok 20:17:48.0516 0x067c [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 20:17:48.0570 0x067c tssecsrv - ok 20:17:48.0630 0x067c [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 20:17:48.0658 0x067c TsUsbFlt - ok 20:17:48.0722 0x067c [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 20:17:48.0781 0x067c tunnel - ok 20:17:48.0836 0x067c [ C45A3E051C65106A28982CAED125F855, 9164708ABC6B1BA804B8297AA4EEBC65C4BDD4D399AD6CBAB9C66BB7AA9020E8 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys 20:17:48.0848 0x067c TurboB - ok 20:17:48.0885 0x067c [ BAEF86EBEAECE76573FA822DEA256F6C, B845AB0AACCCF4C2D4A8DD152C57C52416C5938FB3FEB670DB5434FA95620F3B ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe 20:17:48.0906 0x067c TurboBoost - ok 20:17:48.0928 0x067c [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 20:17:48.0943 0x067c uagp35 - ok 20:17:48.0994 0x067c [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 20:17:49.0081 0x067c udfs - ok 20:17:49.0117 0x067c [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe 20:17:49.0159 0x067c UI0Detect - ok 20:17:49.0228 0x067c [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 20:17:49.0246 0x067c uliagpkx - ok 20:17:49.0291 0x067c [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys 20:17:49.0318 0x067c umbus - ok 20:17:49.0349 0x067c [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 20:17:49.0394 0x067c UmPass - ok 20:17:49.0533 0x067c [ 41118D920B2B268C0ADC36421248CDCF, 4F99C4913DCFE02B0783FD97F02558E4DD4D7C98553D95A8E26FAAA0C0D67616 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 20:17:49.0659 0x067c UNS - detected UnsignedFile.Multi.Generic ( 1 ) 20:17:49.0659 0x067c UNS ( UnsignedFile.Multi.Generic ) - warning 20:17:49.0705 0x067c [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll 20:17:49.0789 0x067c upnphost - ok 20:17:49.0855 0x067c [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 20:17:49.0910 0x067c usbaudio - ok 20:17:49.0943 0x067c [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 20:17:49.0975 0x067c usbccgp - ok 20:17:50.0020 0x067c [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys 20:17:50.0057 0x067c usbcir - ok 20:17:50.0085 0x067c [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys 20:17:50.0104 0x067c usbehci - ok 20:17:50.0134 0x067c [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 20:17:50.0160 0x067c usbhub - ok 20:17:50.0192 0x067c [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys 20:17:50.0232 0x067c usbohci - ok 20:17:50.0279 0x067c [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 20:17:50.0300 0x067c usbprint - ok 20:17:50.0341 0x067c [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:17:50.0359 0x067c USBSTOR - ok 20:17:50.0398 0x067c [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 20:17:50.0434 0x067c usbuhci - ok 20:17:50.0476 0x067c [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 20:17:50.0513 0x067c usbvideo - ok 20:17:50.0562 0x067c [ 7B28E2FBE75115660FAB31079C0A9F29, 81BB5A3E64B652A672A0782A88ABF6DDD729D38712D0706CE0FB9DE6D1EE1515 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys 20:17:50.0596 0x067c usb_rndisx - ok 20:17:50.0624 0x067c [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll 20:17:50.0689 0x067c UxSms - ok 20:17:50.0710 0x067c [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] VaultSvc C:\Windows\system32\lsass.exe 20:17:50.0722 0x067c VaultSvc - ok 20:17:50.0797 0x067c [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 20:17:50.0811 0x067c vdrvroot - ok 20:17:50.0853 0x067c [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe 20:17:50.0948 0x067c vds - ok 20:17:50.0991 0x067c [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 20:17:51.0020 0x067c vga - ok 20:17:51.0032 0x067c [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys 20:17:51.0071 0x067c VgaSave - ok 20:17:51.0099 0x067c [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 20:17:51.0115 0x067c vhdmp - ok 20:17:51.0138 0x067c [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys 20:17:51.0149 0x067c viaide - ok 20:17:51.0200 0x067c [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys 20:17:51.0215 0x067c volmgr - ok 20:17:51.0255 0x067c [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 20:17:51.0279 0x067c volmgrx - ok 20:17:51.0329 0x067c [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys 20:17:51.0358 0x067c volsnap - ok 20:17:51.0388 0x067c [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 20:17:51.0403 0x067c vsmraid - ok 20:17:51.0508 0x067c [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe 20:17:51.0637 0x067c VSS - ok 20:17:51.0658 0x067c [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 20:17:51.0692 0x067c vwifibus - ok 20:17:51.0713 0x067c [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 20:17:51.0756 0x067c vwififlt - ok 20:17:51.0795 0x067c [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 20:17:51.0831 0x067c vwifimp - ok 20:17:51.0869 0x067c [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll 20:17:51.0920 0x067c W32Time - ok 20:17:51.0940 0x067c [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 20:17:52.0059 0x067c WacomPen - ok 20:17:52.0132 0x067c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 20:17:52.0181 0x067c WANARP - ok 20:17:52.0212 0x067c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 20:17:52.0252 0x067c Wanarpv6 - ok 20:17:52.0324 0x067c [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 20:17:52.0398 0x067c WatAdminSvc - ok 20:17:52.0500 0x067c [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe 20:17:52.0588 0x067c wbengine - ok 20:17:52.0620 0x067c [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 20:17:52.0668 0x067c WbioSrvc - ok 20:17:52.0697 0x067c [ 8BDA6DB43AA54E8BB5E0794541DDC209, 8753C507BE77B019A3403AF5252434A01DB9F9332E58AC3783ABCE3D21AD9DD4 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll 20:17:52.0720 0x067c WcesComm - ok 20:17:52.0782 0x067c [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll 20:17:52.0879 0x067c wcncsvc - ok 20:17:52.0909 0x067c [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 20:17:52.0940 0x067c WcsPlugInService - ok 20:17:52.0981 0x067c [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys 20:17:52.0993 0x067c Wd - ok 20:17:53.0022 0x067c [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys 20:17:53.0062 0x067c WDC_SAM - ok 20:17:53.0133 0x067c [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 20:17:53.0175 0x067c Wdf01000 - ok 20:17:53.0217 0x067c [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll 20:17:53.0248 0x067c WdiServiceHost - ok 20:17:53.0253 0x067c [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll 20:17:53.0268 0x067c WdiSystemHost - ok 20:17:53.0332 0x067c [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll 20:17:53.0370 0x067c WebClient - ok 20:17:53.0417 0x067c [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll 20:17:53.0468 0x067c Wecsvc - ok 20:17:53.0488 0x067c [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll 20:17:53.0529 0x067c wercplsupport - ok 20:17:53.0562 0x067c [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll 20:17:53.0615 0x067c WerSvc - ok 20:17:53.0643 0x067c [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 20:17:53.0680 0x067c WfpLwf - ok 20:17:53.0720 0x067c [ 52DED146E4797E6CCF94799E8E22BB2A, 57A29260D81AA3AD3F8C29E9CFA7CE3970D7A8BF673ADD9B256EE76C7DEC080E ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys 20:17:53.0736 0x067c WimFltr - ok 20:17:53.0772 0x067c [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys 20:17:53.0785 0x067c WIMMount - ok 20:17:53.0800 0x067c WinDefend - ok 20:17:53.0807 0x067c WinHttpAutoProxySvc - ok 20:17:53.0874 0x067c [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 20:17:53.0929 0x067c Winmgmt - ok 20:17:54.0039 0x067c [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll 20:17:54.0131 0x067c WinRM - ok 20:17:54.0192 0x067c [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 20:17:54.0209 0x067c WinUsb - ok 20:17:54.0267 0x067c [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll 20:17:54.0354 0x067c Wlansvc - ok 20:17:54.0384 0x067c [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 20:17:54.0430 0x067c WmiAcpi - ok 20:17:54.0464 0x067c [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 20:17:54.0508 0x067c wmiApSrv - ok 20:17:54.0547 0x067c WMPNetworkSvc - ok 20:17:54.0572 0x067c [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll 20:17:54.0589 0x067c WPCSvc - ok 20:17:54.0634 0x067c [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 20:17:54.0651 0x067c WPDBusEnum - ok 20:17:54.0680 0x067c [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 20:17:54.0727 0x067c ws2ifsl - ok 20:17:54.0744 0x067c [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll 20:17:54.0787 0x067c wscsvc - ok 20:17:54.0836 0x067c [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys 20:17:54.0865 0x067c WSDPrintDevice - ok 20:17:54.0869 0x067c WSearch - ok 20:17:54.0989 0x067c [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll 20:17:55.0129 0x067c wuauserv - ok 20:17:55.0165 0x067c [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 20:17:55.0179 0x067c WudfPf - ok 20:17:55.0238 0x067c [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 20:17:55.0274 0x067c WUDFRd - ok 20:17:55.0312 0x067c [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 20:17:55.0361 0x067c wudfsvc - ok 20:17:55.0414 0x067c [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll 20:17:55.0477 0x067c WwanSvc - ok 20:17:55.0530 0x067c ================ Scan global =============================== 20:17:55.0552 0x067c [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll 20:17:55.0601 0x067c [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll 20:17:55.0631 0x067c [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll 20:17:55.0659 0x067c [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll 20:17:55.0711 0x067c [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe 20:17:55.0739 0x067c [ Global ] - ok 20:17:55.0739 0x067c ================ Scan MBR ================================== 20:17:55.0752 0x067c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 20:17:56.0219 0x067c \Device\Harddisk0\DR0 - ok 20:17:56.0225 0x067c [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR1 20:17:56.0442 0x067c \Device\Harddisk1\DR1 - ok 20:17:56.0442 0x067c ================ Scan VBR ================================== 20:17:56.0548 0x067c [ A4E23AA947AB71247B0A928A0E4337BE ] \Device\Harddisk0\DR0\Partition1 20:17:56.0551 0x067c \Device\Harddisk0\DR0\Partition1 - ok 20:17:56.0572 0x067c [ D1997FEB3D36FF5794962119413C6BDA ] \Device\Harddisk0\DR0\Partition2 20:17:56.0577 0x067c \Device\Harddisk0\DR0\Partition2 - ok 20:17:56.0583 0x067c [ DEB214E75DA68178B41BE4346E7E138A ] \Device\Harddisk1\DR1\Partition1 20:17:56.0586 0x067c \Device\Harddisk1\DR1\Partition1 - ok 20:17:56.0587 0x067c ================ Scan generic autorun ====================== 20:17:56.0667 0x067c [ 68161603C58407CBE4099D9CD739E0D1, CAA67722A810DC9165950399A0C15D2D7B3472AC0AA0EB5D0904ECC4D5BD7B8E ] C:\Program Files\Elantech\ETDCtrl.exe 20:17:56.0718 0x067c ETDWare - ok 20:17:56.0836 0x067c [ 9DEA654E4D9820958D6B4D1EBAF2F31E, 526599AE6A3949AC43EAFA3A5F881A50BBC6549F3F3A0F00E2309E210ABFF40C ] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe 20:17:56.0884 0x067c ASUS WebStorage - ok 20:17:56.0998 0x067c [ 06C2C34EA4C666835C6AB492976C0BA1, E47662ED93191B425709F2221BB3C776D06506C120DC94562896A5463188F2E8 ] C:\Program Files\IDT\WDM\sttray64.exe 20:17:57.0077 0x067c SysTrayApp - ok 20:17:57.0154 0x067c [ DFAC78508DEFE8841DA4CDD1FA472C1A, A9055BD9C27E53F89E847C66FF73E090419CFDBFB51CA59645800E426476097E ] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe 20:17:57.0204 0x067c AmIcoSinglun64 - detected UnsignedFile.Multi.Generic ( 1 ) 20:17:57.0204 0x067c AmIcoSinglun64 ( UnsignedFile.Multi.Generic ) - warning 20:17:57.0254 0x067c [ 233A10D4B3F6897899112E4EC60F1906, 1F7E768E57064938114DF2EFC5B219EB0D30A7D9E574924E9CED054462505AF0 ] C:\Windows\WindowsMobile\wmdcBase.exe 20:17:57.0286 0x067c Windows Mobile-based device management - ok 20:17:57.0369 0x067c [ 0289E88293C2E6C6CF5FF8514F5FE37F, 042B8041095E2858AC48CF8035F525DE46077EB05EBF7A530448BF0AC29D7D1F ] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe 20:17:57.0403 0x067c Acronis Scheduler2 Service - ok 20:17:57.0442 0x067c [ 617565F33BDFCC355C727D1570E88488, 19E1DCAE69D1A378295EC9D70ABD36597C96438C0A3724FF0ED38D6DB359E000 ] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk 20:17:57.0476 0x067c Boingo Wi-Fi - detected UnsignedFile.Multi.Generic ( 1 ) 20:17:57.0477 0x067c Boingo Wi-Fi ( UnsignedFile.Multi.Generic ) - warning 20:17:57.0540 0x067c [ E96857D927626076104CFC5A9D237F91, B5B50B144E24DE29E03FB913B3A5A7553448FEB75607798EFE4A4B8B272FA31F ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe 20:17:57.0555 0x067c StartCCC - detected UnsignedFile.Multi.Generic ( 1 ) 20:17:57.0556 0x067c StartCCC ( UnsignedFile.Multi.Generic ) - warning 20:17:57.0819 0x067c [ 6529C89512CE4498919BDC512572F82C, DFF9BB4BFAFE8BA2E1F13B668C6E010FD18591B0CECF65574EA5E14143C79A83 ] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe 20:17:57.0985 0x067c ATKOSD2 - ok 20:17:58.0019 0x067c [ 5666955DC9FD455A003D86A21E0483A9, 359E2B5857269EDCE395D6171642EAC8B23170AA5266932B2BAE1E5955E8FE77 ] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe 20:17:58.0030 0x067c ATKMEDIA - ok 20:17:58.0047 0x067c [ 5AEBF6FA9805C9101220AA4FB4FA17E7, A9B2FC41380211A6C44E839A95676A5BA868CEEBB56D83A780230434C2A20836 ] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe 20:17:58.0057 0x067c HControlUser - ok 20:17:58.0215 0x067c [ 9141D57AC63F8A69216852E9A697DE8F, C3828B077C88A71E9F8C4AB5A446CA65E0A3EE2BE7546A9160F53E45D7B23713 ] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe 20:17:58.0280 0x067c SAOB Monitor - ok 20:17:58.0496 0x067c [ 96BC5E41BF5102F343B92ACE49D6940D, D5308A2D873785CE7C8BC21D08D30B4DF21F80B69B181B8546B3D1824223E3B4 ] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe 20:17:58.0638 0x067c TrueImageMonitor.exe - ok 20:17:58.0851 0x067c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 20:17:58.0961 0x067c Sidebar - ok 20:17:59.0003 0x067c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe 20:17:59.0063 0x067c mctadmin - ok 20:17:59.0098 0x067c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 20:17:59.0137 0x067c Sidebar - ok 20:17:59.0144 0x067c [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe 20:17:59.0163 0x067c mctadmin - ok 20:17:59.0240 0x067c [ AC43952EA7D028BD35099391DB2FF599, 1D688F98C3158D91F873421663B7BD60DA3A35DCF793792B9D398D5DFC9050F0 ] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe 20:17:59.0262 0x067c Syncables - ok 20:17:59.0412 0x067c [ 40F7401928355A1515199676A5D00CDC, 4F16DE77F0BD7D1F9F61AE5712B3FD7BD53D19DCCEF88925E10180EF040A8E0B ] C:\Users\Zeeh\AppData\Local\Apps\2.0\5H6GP0O6.A8T\ODMZ84MY.LH2\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe 20:17:59.0458 0x067c AVMUSBFernanschluss - detected UnsignedFile.Multi.Generic ( 1 ) 20:17:59.0458 0x067c AVMUSBFernanschluss ( UnsignedFile.Multi.Generic ) - warning 20:17:59.0525 0x067c AV detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\wmiav.exe ( 15.0.1.415 ), 0x41000 ( enabled : updated ) 20:17:59.0548 0x067c FW detected via SS2: Kaspersky Internet Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\wmifw.exe ( 15.0.1.415 ), 0x41010 ( enabled ) 20:17:59.0549 0x067c ============================================================ 20:17:59.0549 0x067c Scan finished 20:17:59.0549 0x067c ============================================================ 20:17:59.0565 0x1af0 Detected object count: 9 20:17:59.0565 0x1af0 Actual detected object count: 9 20:18:27.0941 0x1af0 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user 20:18:27.0941 0x1af0 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:18:27.0944 0x1af0 ICM_UpdaterService ( UnsignedFile.Multi.Generic ) - skipped by user 20:18:27.0944 0x1af0 ICM_UpdaterService ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:18:27.0946 0x1af0 Internet Manager. RunOuc ( UnsignedFile.Multi.Generic ) - skipped by user 20:18:27.0946 0x1af0 Internet Manager. RunOuc ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:18:27.0948 0x1af0 LMS ( UnsignedFile.Multi.Generic ) - skipped by user 20:18:27.0949 0x1af0 LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:18:27.0950 0x1af0 UNS ( UnsignedFile.Multi.Generic ) - skipped by user 20:18:27.0950 0x1af0 UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:18:27.0951 0x1af0 AmIcoSinglun64 ( UnsignedFile.Multi.Generic ) - skipped by user 20:18:27.0951 0x1af0 AmIcoSinglun64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:18:27.0952 0x1af0 Boingo Wi-Fi ( UnsignedFile.Multi.Generic ) - skipped by user 20:18:27.0952 0x1af0 Boingo Wi-Fi ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:18:27.0954 0x1af0 StartCCC ( UnsignedFile.Multi.Generic ) - skipped by user 20:18:27.0954 0x1af0 StartCCC ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:18:27.0955 0x1af0 AVMUSBFernanschluss ( UnsignedFile.Multi.Generic ) - skipped by user 20:18:27.0955 0x1af0 AVMUSBFernanschluss ( UnsignedFile.Multi.Generic ) - User select action: Skip |
18.03.2015, 11:49 | #8 |
/// the machine /// TB-Ausbilder | bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
18.03.2015, 16:34 | #9 |
| bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinktCode:
ATTFilter ComboFix 15-03-14.03 - Zeeh 18.03.2015 16:20:35.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3949.1868 [GMT 1:00] ausgeführt von:: c:\users\Zeeh\Desktop\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886} FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Zeeh\AppData\Local\Clean Browser c:\users\Zeeh\AppData\Local\Clean Browser\firefox\background.html c:\users\Zeeh\AppData\Local\Clean Browser\firefox\chrome.manifest c:\users\Zeeh\AppData\Local\Clean Browser\firefox\extension_info.json c:\users\Zeeh\AppData\Local\Clean Browser\firefox\framework-ui\contentNotification.tmpl c:\users\Zeeh\AppData\Local\Clean Browser\firefox\framework-ui\contentNotificationStyle.tmpl c:\users\Zeeh\AppData\Local\Clean Browser\firefox\icons\button.png c:\users\Zeeh\AppData\Local\Clean Browser\firefox\icons\icon100.png c:\users\Zeeh\AppData\Local\Clean Browser\firefox\icons\icon128.png c:\users\Zeeh\AppData\Local\Clean Browser\firefox\icons\icon32.png c:\users\Zeeh\AppData\Local\Clean Browser\firefox\icons\icon48.png c:\users\Zeeh\AppData\Local\Clean Browser\firefox\install.rdf c:\users\Zeeh\AppData\Local\Clean Browser\icon.ico c:\users\Zeeh\AppData\Local\Clean Browser\info.xml c:\windows\msvcr71.dll c:\windows\security\Database\tmp.edb . . ((((((((((((((((((((((( Dateien erstellt von 2015-02-18 bis 2015-03-18 )))))))))))))))))))))))))))))) . . 2015-03-18 15:29 . 2015-03-18 15:29 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2015-03-18 15:29 . 2015-03-18 15:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-03-17 17:59 . 2015-03-17 17:59 -------- d-----w- c:\programdata\Malwarebytes 2015-03-17 17:59 . 2015-03-18 06:44 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2015-03-17 17:58 . 2015-03-17 18:42 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-03-17 17:57 . 2015-03-17 18:36 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-03-13 15:19 . 2015-03-13 15:21 -------- d-----w- c:\programdata\TuneUp Software 2015-03-13 15:19 . 2015-03-13 15:19 -------- d-sh--w- c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2015-03-13 07:45 . 2015-03-13 07:45 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2015-03-11 07:16 . 2015-02-03 03:31 215552 ----a-w- c:\windows\system32\ubpm.dll 2015-03-11 07:16 . 2015-02-03 03:12 171520 ----a-w- c:\windows\SysWow64\ubpm.dll 2015-03-08 15:25 . 2015-03-08 15:25 -------- d-----w- c:\program files (x86)\VS Revo Group 2015-03-08 15:19 . 2015-03-14 18:03 -------- d-----w- C:\FRST 2015-03-06 16:33 . 2015-03-12 14:29 -------- d-----w- C:\AdwCleaner 2015-02-26 06:40 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll 2015-02-26 06:40 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll 2015-02-26 06:40 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll 2015-02-26 06:40 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll 2015-02-26 06:36 . 2015-02-26 06:38 -------- d-----w- c:\program files (x86)\Bookmark Search . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-03-17 08:05 . 2011-01-01 13:23 45056 ----a-w- c:\windows\system32\acovcnt.exe 2015-03-11 19:01 . 2011-01-09 16:52 122905848 ----a-w- c:\windows\system32\MRT.exe 2015-03-11 06:55 . 2014-08-20 17:04 819896 ----a-w- c:\windows\system32\drivers\klif.sys 2015-02-06 13:59 . 2015-01-20 13:21 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-02-06 13:59 . 2015-01-20 13:21 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-02-06 08:17 . 2015-02-06 08:17 20 ----a-w- c:\users\Zeeh\AppData\Roaming\appdataFr3.bin 2015-02-04 03:16 . 2015-02-11 07:49 609280 ----a-w- c:\windows\system32\generaltel.dll 2015-02-04 03:16 . 2015-02-11 07:49 762368 ----a-w- c:\windows\system32\invagent.dll 2015-02-04 03:16 . 2015-02-11 07:49 414720 ----a-w- c:\windows\system32\devinv.dll 2015-02-04 03:16 . 2015-02-11 07:49 894976 ----a-w- c:\windows\system32\appraiser.dll 2015-02-04 03:16 . 2015-02-11 07:49 227328 ----a-w- c:\windows\system32\aepdu.dll 2015-02-04 03:16 . 2015-02-11 07:49 192000 ----a-w- c:\windows\system32\aepic.dll 2015-02-04 03:13 . 2015-02-11 07:49 1098752 ----a-w- c:\windows\system32\aeinv.dll 2015-01-27 23:36 . 2015-02-11 07:49 1239720 ----a-w- c:\windows\system32\aitstatic.exe 2015-01-07 19:54 . 2015-01-15 17:18 370688 ----a-w- c:\windows\system32\ColorMedia64.dll 2015-01-01 09:52 . 2014-08-13 18:34 77512 ----a-w- c:\windows\system32\drivers\klwtp.sys 2015-01-01 09:52 . 2014-08-18 13:43 150536 ----a-w- c:\windows\system32\drivers\klflt.sys 2014-12-19 03:06 . 2015-01-14 07:36 210432 ----a-w- c:\windows\system32\profsvc.dll 2014-12-19 01:46 . 2015-01-14 07:36 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-04-05 370480] "AVMUSBFernanschluss"="c:\users\Zeeh\AppData\Local\Apps\2.0\5H6GP0O6.A8T\ODMZ84MY.LH2\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe" [2012-12-30 139264] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-08-10 2429] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-11 98304] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "SAOB Monitor"="c:\program files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-11-16 2570688] "TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-02-01 5583056] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "LexwareInfoService"="c:\program files (x86)\Lexware\Update Manager\LxUpdateManager.exe" [2014-09-26 196648] . c:\users\Zeeh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R2 c4791e60;PragmaInit;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 ICM_UpdaterService;ICM_UpdaterService Disp;c:\program files (x86)\SAMSUNG\Samsung Networking Wizard\ICM_Service.exe;c:\program files (x86)\SAMSUNG\Samsung Networking Wizard\ICM_Service.exe [x] R2 Internet Manager. RunOuc;Internet Manager. OUC;c:\program files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe;c:\program files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [x] R2 Lexware_Update_Service;Lexware Update Service;c:\program files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe;c:\program files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [x] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x] R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x] R3 cpuz134;cpuz134;c:\users\Zeeh\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Zeeh\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x] R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x] R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x] R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x] R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x] R3 SoehnleComfort;SoehnleComfort;c:\windows\system32\Drivers\SoehnleComfort_x64.sys;c:\windows\SYSNATIVE\Drivers\SoehnleComfort_x64.sys [x] R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys;c:\windows\SYSNATIVE\DRIVERS\sscebus.sys [x] R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys;c:\windows\SYSNATIVE\DRIVERS\sscemdfl.sys [x] R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys;c:\windows\SYSNATIVE\DRIVERS\sscemdm.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x] R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] S0 cm_km_w;Kaspersky Lab Crypto Module (FDE PDK);c:\windows\system32\DRIVERS\cm_km_w.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km_w.sys [x] S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys;c:\windows\SYSNATIVE\DRIVERS\CSCrySec.sys [x] S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys;c:\windows\SYSNATIVE\DRIVERS\tdrpm273.sys [x] S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys;c:\windows\SYSNATIVE\DRIVERS\CSVirtualDiskDrv.sys [x] S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x] S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x] S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x] S1 Klwtp;Klwtp;c:\windows\system32\DRIVERS\klwtp.sys;c:\windows\SYSNATIVE\DRIVERS\klwtp.sys [x] S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x] S2 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x] S2 AVP15.0.1;Kaspersky Anti-Virus Service 15.0.1;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x] S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\kldisk.sys [x] S2 MSSQL$JTLWAWI;SQL Server (JTLWAWI);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x] S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x] S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x] S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys;c:\windows\SYSNATIVE\DRIVERS\avmaudio.sys [x] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x] S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x] S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] . . Inhalt des "geplante Tasks" Ordners . 2015-03-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-20 13:59] . 2015-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-03-12 18:15] . 2015-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-03-12 18:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440] "ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-11-27 487424] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360] "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-06 391240] . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://google.de/ uLocal Page = c:\windows\system32\blank.htm mDefault_Search_URL = hxxp://www.google.com mDefault_Page_URL = hxxp://www.google.com mStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = hxxp://www.google.com IE: {{09A10376-994C-4BBF-9121-F50CF7BA237E} - {F2A56BFE-7911-451A-BC74-A9C3C2E95126} - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 TCP: Interfaces\{71D837ED-CC19-43D6-85CD-C31CF2544AFB}: NameServer = 10.28.253.1 TCP: Interfaces\{7C558398-EC4A-4217-8340-B8175260889E}: NameServer = 10.74.210.210 10.74.210.211 TCP: Interfaces\{C0663D1D-BDC9-4584-9089-F11218133256}\4586F6D6F54403034343331363: NameServer = 10.28.253.1 TCP: Interfaces\{EA51E0A4-6976-447B-9AFB-E271A9B20C96}: NameServer = 10.74.210.210 10.74.210.211 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\3aglzgxk.default\ FF - prefs.js: browser.startup.homepage - google.de FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: !HIDDEN! 2012-10-22 21:20; 64ffxtbr@TelevisionFanatic.com; c:\program files (x86)\TelevisionFanatic\bar\1.bin . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) Wow6432Node-HKLM-Run-gmsd_de_100 - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.14" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2015-03-18 16:33:04 ComboFix-quarantined-files.txt 2015-03-18 15:33 . Vor Suchlauf: 14 Verzeichnis(se), 100.350.279.680 Bytes frei Nach Suchlauf: 19 Verzeichnis(se), 100.269.625.344 Bytes frei . - - End Of File - - 83091ADDFA58EEDCBDF6611332DA156C A36C5E4F47E84449FF07ED3517B43A31 |
19.03.2015, 09:26 | #10 |
/// the machine /// TB-Ausbilder | bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
19.03.2015, 17:17 | #11 |
| bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt Hallo, Teil 1 mbam: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 19.03.2015 Suchlauf-Zeit: 16:00:56 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.03.19.04 Rootkit Datenbank: v2015.02.25.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Zeeh Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 371031 Verstrichene Zeit: 30 Min, 48 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 5 PUP.Optional.CleanBrowser.A, HKLM\SOFTWARE\WOW6432NODE\Clean Browser, In Quarantäne, [0f5163e45c2e1f176289ad26867dee12], PUP.Optional.Shopperz.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, In Quarantäne, [c49c56f10783cd6949633778877c56aa], PUP.Optional.Spigot.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Settings, In Quarantäne, [0957bc8b0684082e82005fd68c79eb15], PUP.Optional.Shopperz.A, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, In Quarantäne, [17495ee98ffb46f0bbf1208fad56de22], PUP.Optional.Shopperz.A, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, In Quarantäne, [d48c33142a60280e64488e2152b153ad], Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 8 PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser, In Quarantäne, [2a360047741655e12b0a9df39073e11f], PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\AppFramework, In Quarantäne, [2a360047741655e12b0a9df39073e11f], PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\CanvasFramework, In Quarantäne, [2a360047741655e12b0a9df39073e11f], PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework, In Quarantäne, [2a360047741655e12b0a9df39073e11f], PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework-ui, In Quarantäne, [2a360047741655e12b0a9df39073e11f], PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework-ui\theme, In Quarantäne, [2a360047741655e12b0a9df39073e11f], PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework-ui\theme\bubble, In Quarantäne, [2a360047741655e12b0a9df39073e11f], PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\icons, In Quarantäne, [2a360047741655e12b0a9df39073e11f], Dateien: 28 PUP.Optional.ZombieInvasion.A, C:\ProgramData\HDAcSOJgH\dat\kDdtoAN.dll, In Quarantäne, [adb3d077157588ae87de00dd32d343bd], PUP.Optional.ZombieNews.A, C:\ProgramData\HDAcSOJgH\dat\lFKBEXLHD.exe, In Quarantäne, [f07079cee2a81323c56a6f56c53c966a], PUP.Optional.Multiplug, C:\Program Files (x86)\PragmaInit\PragmaInit.dll, In Quarantäne, [8ad6a0a76f1bc96de02755d947bbe818], PUP.Optional.Spigot.A, C:\Windows\Installer\68419.msi, In Quarantäne, [ca9643042c5e83b31c881abdd52c4bb5], PUP.Optional.ColorMedia.A, C:\Windows\SysWOW64\ColorMedia.ini, In Quarantäne, [0e52ad9adab053e3b40c1f1b80858e72], PUP.Optional.Winsock.Hijack, C:\Windows\System32\ColorMedia64.dll, In Quarantäne, [acb472d5f89276c09d00b88b16ef05fb], PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\background.html, In Quarantäne, [2a360047741655e12b0a9df39073e11f], PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\config.xml, In Quarantäne, [2a360047741655e12b0a9df39073e11f], PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\extension_info.json, In Quarantäne, [2a360047741655e12b0a9df39073e11f], PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework-ui\context_menu_item_handler.html, In Quarantäne, [2a360047741655e12b0a9df39073e11f], PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework-ui\notification.html, In Quarantäne, [2a360047741655e12b0a9df39073e11f], PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework-ui\theme\bubble\bottom-left.png, In Quarantäne, [2a360047741655e12b0a9df39073e11f], PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework-ui\theme\bubble\bottom-middle.png, In Quarantäne, [2a360047741655e12b0a9df39073e11f], PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework-ui\theme\bubble\bottom-right.png, In Quarantäne, [2a360047741655e12b0a9df39073e11f], PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework-ui\theme\bubble\middle-left.png, In Quarantäne, [2a360047741655e12b0a9df39073e11f], PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework-ui\theme\bubble\middle-right.png, In Quarantäne, [2a360047741655e12b0a9df39073e11f], PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework-ui\theme\bubble\tail-bottom.png, In Quarantäne, [2a360047741655e12b0a9df39073e11f], PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework-ui\theme\bubble\tail-left.png, In Quarantäne, [2a360047741655e12b0a9df39073e11f], PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework-ui\theme\bubble\tail-right.png, In Quarantäne, [2a360047741655e12b0a9df39073e11f], PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework-ui\theme\bubble\tail-top.png, In Quarantäne, [2a360047741655e12b0a9df39073e11f], PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework-ui\theme\bubble\top-left.png, In Quarantäne, [2a360047741655e12b0a9df39073e11f], PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework-ui\theme\bubble\top-middle.png, In Quarantäne, [2a360047741655e12b0a9df39073e11f], PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\framework-ui\theme\bubble\top-right.png, In Quarantäne, [2a360047741655e12b0a9df39073e11f], PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\icons\button.png, In Quarantäne, [2a360047741655e12b0a9df39073e11f], PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\icons\icon100.png, In Quarantäne, [2a360047741655e12b0a9df39073e11f], PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\icons\icon128.png, In Quarantäne, [2a360047741655e12b0a9df39073e11f], PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\icons\icon32.png, In Quarantäne, [2a360047741655e12b0a9df39073e11f], PUP.Optional.CleanBrowser.A, C:\Program Files (x86)\Clean Browser\icons\icon48.png, In Quarantäne, [2a360047741655e12b0a9df39073e11f], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Teil 2 Adwcleaner: Code:
ATTFilter # AdwCleaner v4.112 - Bericht erstellt 19/03/2015 um 16:49:45 # Aktualisiert 09/03/2015 von Xplode # Datenbank : 2015-03-15.1 [Server] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64) # Benutzername : Zeeh - ZEEH-PC # Gestarted von : C:\Users\Zeeh\Desktop\AdwCleaner_4.112.exe # Option : Löschen ***** [ Dienste ] ***** [#] Dienst Gelöscht : c4791e60 ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Program Files (x86)\PragmaInit ***** [ Geplante Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17689 -\\ Mozilla Firefox v36.0.1 (x86 de) -\\ Google Chrome v41.0.2272.89 -\\ Opera v0.0.0.0 ************************* AdwCleaner[R0].txt - [21600 Bytes] - [06/03/2015 17:33:56] AdwCleaner[R1].txt - [1008 Bytes] - [12/03/2015 14:24:28] AdwCleaner[R2].txt - [1225 Bytes] - [12/03/2015 15:13:10] AdwCleaner[R3].txt - [1245 Bytes] - [12/03/2015 15:20:07] AdwCleaner[R4].txt - [1363 Bytes] - [12/03/2015 15:28:01] AdwCleaner[R5].txt - [1539 Bytes] - [19/03/2015 16:47:59] AdwCleaner[S0].txt - [19545 Bytes] - [06/03/2015 17:36:14] AdwCleaner[S1].txt - [1069 Bytes] - [12/03/2015 14:27:27] AdwCleaner[S2].txt - [1287 Bytes] - [12/03/2015 15:15:13] AdwCleaner[S3].txt - [1307 Bytes] - [12/03/2015 15:22:28] AdwCleaner[S4].txt - [1465 Bytes] - [19/03/2015 16:49:45] ########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1524 Bytes] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.5 (03.17.2015:1) OS: Windows 7 Home Premium x64 Ran by Zeeh on 19.03.2015 at 16:57:52,26 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\Zeeh\AppData\Roaming\mozilla\firefox\profiles\3aglzgxk.default\minidumps [458 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 19.03.2015 at 17:03:50,01 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Zeeh (administrator) on ZEEH-PC on 19-03-2015 17:06:40 Running from C:\Users\Zeeh\Downloads Loaded Profiles: Zeeh (Available profiles: Zeeh) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\stacsv64.exe (AMD) C:\Windows\System32\atieclxx.exe (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\lexware\Update Service\Hmg.InstallationService.Service.exe () C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Windows\AsScrPro.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (Boingo Wireless, Inc.) C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\lexware\Update Manager\LxUpdateManager.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\Zeeh\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-30] (ELAN Microelectronic Corp.) HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] () HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-11-27] (IDT, Inc.) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.) HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [391240 2010-12-06] (Acronis) HKLM-x32\...\Run: [Boingo Wi-Fi] => C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-08-10] () HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-11-11] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656 2009-10-27] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2009-08-20] (ASUS) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [SAOB Monitor] => C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2570688 2010-11-16] (Acronis) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5583056 2011-02-01] (Acronis) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [196648 2014-09-26] (Haufe-Lexware GmbH & Co. KG) HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\...\Run: [Syncables] => C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-04-05] (syncables, LLC) HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\...\Run: [AVMUSBFernanschluss] => C:\Users\Zeeh\AppData\Local\Apps\2.0\5H6GP0O6.A8T\ODMZ84MY.LH2\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe [139264 2012-12-30] (AVM Berlin) Startup: C:\Users\Zeeh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.) ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1571306010-3709694829-1092883663-1000 -> {393DB63D-0E30-47F8-9F47-71AA303F4DE0} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} SearchScopes: HKU\S-1-5-21-1571306010-3709694829-1092883663-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = Toolbar: HKU\S-1-5-21-1571306010-3709694829-1092883663-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File DPF: HKLM-x32 {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{71D837ED-CC19-43D6-85CD-C31CF2544AFB}: [NameServer] 10.28.253.1 Tcpip\..\Interfaces\{7C558398-EC4A-4217-8340-B8175260889E}: [NameServer] 10.74.210.210 10.74.210.211 Tcpip\..\Interfaces\{EA51E0A4-6976-447B-9AFB-E271A9B20C96}: [NameServer] 10.74.210.210 10.74.210.211 FireFox: ======== FF ProfilePath: C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\3aglzgxk.default FF Homepage: google.de FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] () FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Windows\SysWOW64\npdeployJava1.dll [2014-07-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation) FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-01] () FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-01] () FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-01] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-12] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-12] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.) FF Extension: Zoom It - C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\3aglzgxk.default\Extensions\{ff49035a-bfb7-0c69-8ed7-a5c9051b0b84} [2015-03-18] FF Extension: PageRank Client - C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\3aglzgxk.default\Extensions\pagerank-client@koeniglich.ch.xpi [2012-04-04] FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-05-10] FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-01] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-01] FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-01] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.de/" CHR Profile: C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-12] CHR Extension: (Google Docs) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-12] CHR Extension: (Google Drive) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-12] CHR Extension: (YouTube) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-12] CHR Extension: (Google Search) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-12] CHR Extension: (Kaspersky Protection) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-03-12] CHR Extension: (Google Sheets) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-12] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13] CHR Extension: (Google Wallet) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-12] CHR Extension: (Gmail) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-12] CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO) S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed] R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () S2 ICM_UpdaterService; C:\Program Files (x86)\SAMSUNG\Samsung Networking Wizard\ICM_Service.exe [204883 2011-03-18] () [File not signed] S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [671744 2013-02-05] () [File not signed] R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [64552 2014-10-02] (Haufe-Lexware GmbH & Co. KG) R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MSSQL$JTLWAWI; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.exe [243712 2009-11-27] (IDT, Inc.) R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116480 2012-12-30] (AVM Berlin) R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd) R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [85048 2009-12-14] (Infowatch) R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66104 2009-12-14] (Infowatch) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [245248 2013-04-10] (Huawei Technologies Co., Ltd.) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-01-01] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [819896 2015-03-11] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-01-01] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-19] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-08-12] () S3 SoehnleComfort; C:\Windows\System32\Drivers\SoehnleComfort_x64.sys [38400 2011-04-20] () R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] () S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 cpuz134; \??\C:\Users\Zeeh\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] U3 tmlwf; No ImagePath U3 tmwfp; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-19 17:03 - 2015-03-19 17:03 - 00000756 _____ () C:\Users\Zeeh\Desktop\JRT.txt 2015-03-19 16:56 - 2015-03-19 16:56 - 01388672 _____ (Thisisu) C:\Users\Zeeh\Desktop\JRT.exe 2015-03-19 16:49 - 2015-03-19 16:49 - 00001604 _____ () C:\Users\Zeeh\Desktop\AdwCleaner[S4].txt 2015-03-19 16:47 - 2015-03-19 16:47 - 02171392 _____ () C:\Users\Zeeh\Desktop\AdwCleaner_4.112.exe 2015-03-19 16:45 - 2015-03-19 16:45 - 00007061 _____ () C:\Users\Zeeh\Desktop\mbam.txt 2015-03-19 15:59 - 2015-03-19 15:59 - 00001068 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-19 15:59 - 2015-03-19 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-19 15:59 - 2015-03-19 15:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-03-19 15:59 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-19 15:59 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-19 15:58 - 2015-03-19 15:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Zeeh\Desktop\mbam-setup-2.0.4.1028.exe 2015-03-18 16:33 - 2015-03-18 16:33 - 00026272 _____ () C:\ComboFix.txt 2015-03-18 16:18 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-03-18 16:18 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-03-18 16:18 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-03-18 16:18 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-03-18 16:18 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-03-18 16:18 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-03-18 16:18 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-03-18 16:18 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-03-18 16:16 - 2015-03-18 16:33 - 00000000 ____D () C:\Qoobox 2015-03-18 16:16 - 2015-03-18 16:31 - 00000000 ____D () C:\Windows\erdnt 2015-03-18 16:14 - 2015-03-18 16:14 - 05615380 ____R (Swearware) C:\Users\Zeeh\Desktop\ComboFix.exe 2015-03-17 20:12 - 2015-03-17 20:13 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Zeeh\Desktop\tdsskiller.exe 2015-03-17 18:59 - 2015-03-19 15:59 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-17 18:59 - 2015-03-18 07:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-03-17 18:58 - 2015-03-19 16:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-17 18:57 - 2015-03-17 20:09 - 00000000 ____D () C:\Users\Zeeh\Desktop\mbar 2015-03-17 18:57 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-17 18:55 - 2015-03-17 18:56 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Zeeh\Desktop\mbar-1.09.1.1004.exe 2015-03-14 19:01 - 2015-03-14 19:03 - 00037299 _____ () C:\Users\Zeeh\Downloads\Addition.txt 2015-03-13 16:20 - 2015-03-13 16:20 - 02095616 _____ (Farbar) C:\Users\Zeeh\Downloads\FRST64 (1).exe 2015-03-13 16:19 - 2015-03-13 16:21 - 00000000 ____D () C:\ProgramData\TuneUp Software 2015-03-13 16:19 - 2015-03-13 16:19 - 28598072 _____ (TuneUp Software) C:\Users\Zeeh\Downloads\TuneUpUtilities2014_de-DE.exe 2015-03-13 16:19 - 2015-03-13 16:19 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2015-03-13 08:45 - 2015-03-13 08:45 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-03-13 08:45 - 2015-03-13 08:45 - 00001113 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-03-13 08:45 - 2015-03-13 08:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-13 08:44 - 2015-03-13 08:45 - 40824144 _____ () C:\Users\Zeeh\Downloads\Firefox_Setup_36.0.1.exe 2015-03-12 19:17 - 2015-03-12 19:17 - 00002213 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-03-12 19:15 - 2015-03-19 16:53 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-12 19:15 - 2015-03-19 16:20 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-12 19:15 - 2015-03-12 19:15 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-03-12 19:15 - 2015-03-12 19:15 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-03-12 19:11 - 2015-03-12 19:11 - 00880208 _____ (Google Inc.) C:\Users\Zeeh\Downloads\ChromeSetup (1).exe 2015-03-12 12:36 - 2015-03-12 12:36 - 02171392 _____ () C:\Users\Zeeh\Downloads\adwcleaner_4.112.exe 2015-03-11 20:23 - 2015-03-11 20:23 - 00032768 _____ () C:\Windows\SysWOW64\persistent_q.db-shm 2015-03-11 20:23 - 2015-03-11 20:23 - 00003176 _____ () C:\Windows\SysWOW64\persistent_q.db-wal 2015-03-11 20:23 - 2015-03-11 20:23 - 00001024 _____ () C:\Windows\SysWOW64\persistent_q.db 2015-03-11 15:12 - 2015-03-11 15:12 - 02367242 _____ () C:\Users\Zeeh\Desktop\froogle.txt 2015-03-11 08:17 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-03-11 08:17 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-03-11 08:17 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-11 08:17 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-03-11 08:17 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-03-11 08:17 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-03-11 08:17 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-03-11 08:17 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-03-11 08:17 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-11 08:17 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-03-11 08:17 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-11 08:17 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-03-11 08:17 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-03-11 08:17 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-03-11 08:17 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-03-11 08:17 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-03-11 08:17 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-03-11 08:17 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-03-11 08:17 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-03-11 08:17 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-11 08:17 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2015-03-11 08:17 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-03-11 08:17 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-03-11 08:17 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2015-03-11 08:17 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2015-03-11 08:17 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2015-03-11 08:17 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-03-11 08:17 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-03-11 08:17 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2015-03-11 08:17 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-03-11 08:17 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-03-11 08:17 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2015-03-11 08:17 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2015-03-11 08:17 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2015-03-11 08:17 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2015-03-11 08:17 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2015-03-11 08:17 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2015-03-11 08:17 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-03-11 08:17 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-03-11 08:17 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-03-11 08:16 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-11 08:16 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll 2015-03-11 08:15 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-03-11 08:15 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-03-11 08:15 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-11 08:15 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-03-11 08:15 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-03-11 08:15 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-03-11 08:15 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-03-11 08:15 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-03-11 08:15 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-03-11 08:15 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-03-11 08:15 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-03-11 08:15 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-03-11 08:15 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-03-11 08:15 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-03-11 08:15 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-03-11 08:15 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-03-11 08:15 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-03-11 08:15 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-03-11 08:15 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-03-11 08:15 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-03-11 08:15 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-03-11 08:15 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-11 08:15 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-11 08:15 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-03-11 08:15 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-11 08:15 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-03-11 08:15 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-03-11 08:15 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-03-11 08:15 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-03-11 08:15 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-11 08:15 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-03-11 08:15 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-11 08:15 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-03-11 08:15 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-03-11 08:15 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-11 08:15 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-03-11 08:15 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-11 08:15 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-11 08:15 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-11 08:15 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-03-11 08:15 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-11 08:15 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-11 08:15 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-03-11 08:15 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-03-11 08:15 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-11 08:15 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-03-11 08:15 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-03-11 08:15 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-11 08:15 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-03-11 08:15 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-03-11 08:15 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-03-11 08:15 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-03-11 08:15 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-03-11 08:15 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-03-11 08:15 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-11 08:15 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-03-11 08:15 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-03-11 08:15 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-03-11 08:15 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-03-11 08:15 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-03-11 08:15 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-03-11 08:15 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-11 08:15 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-03-11 08:15 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-03-11 08:15 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-11 08:15 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-11 08:15 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-03-11 08:15 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-03-11 08:15 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-03-11 08:15 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-11 08:15 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-03-11 08:15 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-03-11 08:15 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-03-11 08:15 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-11 08:15 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-11 08:15 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-03-11 08:15 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-03-11 08:15 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-03-11 08:15 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-03-11 08:15 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-11 08:15 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-11 08:15 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2015-03-11 08:15 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-11 08:15 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-03-11 08:15 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-03-11 08:15 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-11 08:15 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-03-08 16:25 - 2015-03-08 16:25 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-03-08 16:24 - 2015-03-08 16:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Zeeh\Downloads\revosetup95.exe 2015-03-08 16:20 - 2015-03-19 17:08 - 00023016 _____ () C:\Users\Zeeh\Downloads\FRST.txt 2015-03-08 16:19 - 2015-03-19 17:06 - 00000000 ____D () C:\FRST 2015-03-08 16:19 - 2015-03-08 16:19 - 02095104 _____ (Farbar) C:\Users\Zeeh\Downloads\FRST64.exe 2015-03-07 22:41 - 2015-03-07 22:41 - 00093359 _____ () C:\Users\Zeeh\Downloads\Invoice_Jan-16-15_Feb-15-15.csv 2015-03-06 17:33 - 2015-03-19 16:54 - 00000000 ____D () C:\AdwCleaner 2015-03-06 09:25 - 2015-03-13 08:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-02 11:58 - 2015-03-02 11:58 - 00029696 _____ () C:\Users\Zeeh\Documents\froogle.xls 2015-03-01 13:15 - 2015-03-13 09:02 - 00017869 _____ () C:\Users\Zeeh\Desktop\Artesano-Wollliste.xlsx 2015-03-01 13:15 - 2015-03-02 12:01 - 00018899 _____ () C:\Users\Zeeh\Documents\Artesano-Wollliste.xlsx 2015-02-26 07:40 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll 2015-02-26 07:40 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-02-26 07:40 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll 2015-02-26 07:40 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll 2015-02-26 07:36 - 2015-02-26 07:38 - 00000000 ____D () C:\Program Files (x86)\Bookmark Search 2015-02-25 19:50 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls 2015-02-25 19:50 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-19 16:59 - 2009-07-14 05:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-19 16:59 - 2009-07-14 05:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-19 16:57 - 2010-08-10 22:48 - 01786621 _____ () C:\Windows\WindowsUpdate.log 2015-03-19 16:53 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-19 16:52 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-03-19 16:51 - 2011-01-01 17:18 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-03-19 16:50 - 2015-01-23 08:57 - 00006059 _____ () C:\Windows\setupact.log 2015-03-19 16:50 - 2015-01-23 08:56 - 00027952 _____ () C:\Windows\PFRO.log 2015-03-19 16:39 - 2011-03-09 08:42 - 00000000 ____D () C:\Users\Zeeh\AppData\Local\Deployment 2015-03-19 16:38 - 2010-08-10 23:45 - 00001754 _____ () C:\Windows\system32\ServiceFilter.ini 2015-03-19 16:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2015-03-19 16:35 - 2010-12-30 23:10 - 00000000 ____D () C:\Users\Zeeh\AppData\Roaming\SoftGrid Client 2015-03-19 16:31 - 2015-01-20 14:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-19 14:20 - 2015-02-16 08:35 - 00000000 ____D () C:\Users\Zeeh\Documents\DHL-Reklamationen 2015-03-19 10:44 - 2013-11-06 14:20 - 00036547 _____ () C:\Users\Zeeh\Desktop\Bestellformular Beleduc.xlsx 2015-03-19 07:15 - 2011-01-03 04:41 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1B35FCC2-2D8D-4E4D-A77B-606E14FE5BEB} 2015-03-18 16:37 - 2011-03-09 08:42 - 00000000 ____D () C:\Users\Zeeh\AppData\Local\Apps\2.0 2015-03-18 16:29 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-03-18 12:50 - 2014-01-14 14:21 - 00258135 _____ () C:\Users\Zeeh\Desktop\Bestandsliste Perfect Petzzz.xlsx 2015-03-18 07:46 - 2015-01-23 08:59 - 00088895 _____ () C:\Windows\avmacc.log 2015-03-17 19:33 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media 2015-03-17 09:29 - 2013-05-10 16:31 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine SUN 2015-03-17 09:05 - 2011-01-01 14:23 - 00045056 _____ () C:\Windows\system32\acovcnt.exe 2015-03-16 16:25 - 2013-12-08 08:49 - 00017082 _____ () C:\Users\Zeeh\Desktop\monatliche Kosten.xlsx 2015-03-16 16:19 - 2010-12-31 14:43 - 00000000 ____D () C:\ProgramData\Lexware 2015-03-16 14:36 - 2014-05-26 10:47 - 00015663 _____ () C:\Users\Zeeh\Desktop\Bestellschein PerfectPetzzz EUR.xlsx 2015-03-16 07:42 - 2013-06-03 08:47 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine Uniwood 2015-03-16 07:41 - 2013-07-19 08:51 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine Kaden 2015-03-13 11:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2015-03-12 19:17 - 2010-08-10 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-03-12 19:17 - 2010-08-10 23:12 - 00000000 ____D () C:\Program Files (x86)\Google 2015-03-12 15:52 - 2010-12-30 22:33 - 00000000 ____D () C:\Users\Zeeh\AppData\Local\Google 2015-03-12 11:55 - 2010-08-10 23:45 - 00002476 _____ () C:\Windows\system32\AutoRunFilter.ini 2015-03-12 11:49 - 2010-08-10 23:09 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-03-12 11:22 - 2010-12-31 14:44 - 00000000 ____D () C:\Program Files (x86)\lexware 2015-03-12 11:22 - 2010-12-31 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware 2015-03-12 11:15 - 2010-08-10 23:08 - 00000000 ____D () C:\ProgramData\CyberLink 2015-03-12 10:42 - 2010-08-10 23:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility 2015-03-12 10:42 - 2010-08-10 23:13 - 00000000 ____D () C:\Program Files (x86)\ASUS 2015-03-12 08:31 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-03-12 08:29 - 2015-01-23 08:56 - 00307104 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-12 08:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2015-03-12 08:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism 2015-03-11 20:17 - 2013-07-14 10:08 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-11 20:01 - 2011-01-09 17:52 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-11 07:55 - 2014-08-20 18:04 - 00819896 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2015-03-10 10:31 - 2009-08-04 10:51 - 00715658 _____ () C:\Windows\system32\perfh007.dat 2015-03-10 10:31 - 2009-08-04 10:51 - 00156312 _____ () C:\Windows\system32\perfc007.dat 2015-03-10 10:31 - 2009-07-14 06:13 - 01660372 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-10 10:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-03-08 16:40 - 2012-04-29 20:52 - 00000000 ____D () C:\Program Files (x86)\CEWE COLOR 2015-03-06 17:36 - 2011-01-01 15:11 - 00000000 ____D () C:\Windows\system32\log 2015-03-04 17:29 - 2015-01-22 11:05 - 00012247 _____ () C:\Users\Zeeh\Documents\Antje-Lohn.xlsx 2015-02-26 08:49 - 2011-01-01 17:17 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-02-26 08:30 - 2013-05-10 16:33 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine Rülke 2015-02-25 07:49 - 2013-05-10 16:33 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine SINA 2015-02-24 17:15 - 2013-03-16 21:20 - 00000000 ____D () C:\Users\Zeeh\Desktop\Bilder 2015-02-23 17:41 - 2011-05-20 21:20 - 00068744 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT 2015-02-23 13:47 - 2011-03-05 18:38 - 00017150 _____ () C:\Users\Zeeh\Documents\Darlehen.xlsx 2015-02-23 12:06 - 2011-02-14 08:52 - 00000000 __RSD () C:\Users\Zeeh\Documents\My Stationery 2015-02-19 11:15 - 2015-02-12 18:35 - 00025921 _____ () C:\Windows\system32\ScanResults.xml 2015-02-19 11:12 - 2015-02-12 18:31 - 00000464 _____ () C:\Windows\system32\ScannerSettings 2015-02-18 16:06 - 2012-07-10 07:57 - 00000000 ____D () C:\Users\Zeeh\AppData\Roaming\FileZilla ==================== Files in the root of some directories ======= 2015-02-06 09:17 - 2015-02-06 09:17 - 0000020 _____ () C:\Users\Zeeh\AppData\Roaming\appdataFr3.bin 2012-12-30 13:11 - 2012-12-30 13:11 - 0017408 _____ () C:\Users\Zeeh\AppData\Local\WebpageIcons.db 2010-08-10 23:16 - 2009-12-24 13:38 - 0131368 _____ () C:\ProgramData\FullRemove.exe 2010-08-10 23:09 - 2010-08-10 23:10 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2010-08-10 23:09 - 2010-08-10 23:09 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Some content of TEMP: ==================== C:\Users\Zeeh\AppData\Local\Temp\Quarantine.exe C:\Users\Zeeh\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-15 11:04 ==================== End Of Log ============================ --- --- --- und die Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015 Ran by Zeeh at 2015-03-19 17:08:52 Running from C:\Users\Zeeh\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Acronis*True*Image*Home 2011 (HKLM-x32\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6696 - Acronis) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.) Adobe Flash Player 14 ActiveX (HKLM-x32\...\{1F5E5F2E-5E61-431D-B796-58CCC6B68E28}) (Version: 14.0.0.125 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader X (10.1.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated) Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.8 - ASUS) ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK) ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS) ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS) ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.27 - ASUS) ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS) ASUS USB2.0 UVC VGA WebCam (HKLM\...\ASUS USB2.0 UVC VGA WebCam) (Version: 5.8.53120.202 - Sonix) ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus) ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.) ATI Catalyst Install Manager (HKLM\...\{80AB4395-42E3-D0B3-A310-6F0A6BD9709B}) (Version: 3.0.750.0 - ATI Technologies, Inc.) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0001 - ASUS) Body Balance Comfort Select Software (HKLM-x32\...\{74B92B80-C11A-4DD0-884C-A532B788C2D4}) (Version: 1.0.0 - Leifheit AG) Boingo Wi-Fi (HKLM-x32\...\{B653A2EC-D816-4498-A4FD-651047AB9DC9}) (Version: 1.7.0048 - Boingo Wireless, Inc.) Brother MFL-Pro Suite DCP-9055CDN (HKLM-x32\...\{979742CC-2CBB-49D8-9BEE-C2F7875F5393}) (Version: 1.1.5.0 - Brother Industries, Ltd.) ccc-core-static (x32 Version: 2009.1111.1543.28169 - ATI) Hidden Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS) DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden ETDWare PS/2-x64 7.0.5.9_WHQL (HKLM\...\Elantech) (Version: - ) Express Rip (HKLM-x32\...\ExpressRip) (Version: 1.94 - NCH Software) Fahrtenbuch.net 1.5.12 (HKLM-x32\...\Fahrtenbuch.net_is1) (Version: - COMputer.INTernet.SOftware Tobias Schiek) Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS) FileZilla Client 3.2.7.1 (HKLM-x32\...\FileZilla Client) (Version: 3.2.7.1 - ) FRITZ!Box USB-Fernanschluss (HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\...\f018cf21c0452c64) (Version: 2.3.0.2 - AVM Berlin) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.) Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6259.0 - IDT) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation) Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel) Internet Manager (HKLM-x32\...\Internet Manager) (Version: 22.001.18.76.55 - Huawei Technologies Co.,Ltd) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.670 - Oracle) Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden K_Series_ScreenSaver_EN (HKLM-x32\...\K_Series_ScreenSaver_EN) (Version: - ) Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden Lexware Abschreibungsrechner (x32 Version: 14.00.00.0004 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware büro easy 2015 (x32 Version: 28.02.00.0197 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware büro easy plus 2015 (HKLM-x32\...\{3eadd447-88bd-45e6-8410-0b31dcad2556}) (Version: 28.0.0.132 - Haufe-Lexware GmbH & Co.KG) Lexware Elster (x32 Version: 15.00.00.0056 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Info Service (x32 Version: 5.00.00.0044 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Installations Dienst (x32 Version: 4.00.00.0008 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware online banking (x32 Version: 22.02.00.0040 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware PDF-Export 5 (x32 Version: 5.00.00.0005 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Sepa Check (x32 Version: 1.00.00.0003 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Zeiterfassung (x32 Version: 28.00.00.0003 - Haufe-Lexware GmbH & Co.KG) Hidden Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech) Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{7C39E0D1-E138-42B1-B083-213EC2CF7692}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation) Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA) PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge) QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Samsung Networking Wizard (HKLM-x32\...\{0C485220-4029-48E7-9F27-965DA4A78D5E}) (Version: 1.1.11052.2 - Samsung Electronics Co., Ltd. ) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2000.0 - SAMSUNG Electronics Co., Ltd.) Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Hidden SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) SolidWorks eDrawings 2011 (HKLM-x32\...\{9402DAC1-447E-49C9-979D-BD5838E709D7}) (Version: 11.4.113 - Dassault Systèmes SolidWorks Corp.) syncables desktop SE (HKLM-x32\...\{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}) (Version: 5.5.615.9518 - syncables) Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.) Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM-x32\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation) Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies) Windows Live Anmelde-Assistent (HKLM-x32\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation) Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS) Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 11-03-2015 19:59:02 Windows Update 12-03-2015 10:18:32 Revo Uninstaller's restore point - ASUS FancyStart 12-03-2015 10:42:26 Removed ASUS FancyStart 12-03-2015 10:46:59 Revo Uninstaller's restore point - Bing Bar 12-03-2015 11:07:01 Revo Uninstaller's restore point - CyberLink LabelPrint 12-03-2015 11:07:37 Konfiguriert LabelPrint 12-03-2015 11:13:30 Revo Uninstaller's restore point - CyberLink Power2Go 12-03-2015 11:13:53 Konfiguriert Power2Go 12-03-2015 11:16:10 Revo Uninstaller's restore point - Lexware lohnauskunft 2009 12-03-2015 11:16:25 Konfiguriert Lexware lohnauskunft 2009 12-03-2015 11:18:01 Revo Uninstaller's restore point - Lexware lohnauskunft 2009 12-03-2015 11:18:21 Revo Uninstaller's restore point - Lexware lohnauskunft 2014 12-03-2015 11:18:55 Removed Lexware lohnauskunft 2014. 12-03-2015 11:21:34 Revo Uninstaller's restore point - Lexware reisekosten 2009 12-03-2015 11:21:47 Konfiguriert Lexware reisekosten 2009 12-03-2015 11:23:13 Revo Uninstaller's restore point - Mozilla Firefox 36.0.1 (x86 de) 12-03-2015 11:27:02 Revo Uninstaller's restore point - Mozilla Firefox 36.0.1 (x86 de) 12-03-2015 11:48:31 Entfernt DELISprint 12-03-2015 11:52:20 Removed RENESIS® Player Browser Plugins 13-03-2015 16:19:53 TuneUp Utilities 2014 wird installiert 13-03-2015 16:20:57 TuneUp Utilities 2014 (de-DE) wird entfernt 17-03-2015 19:28:27 Malwarebytes Anti-Rootkit Restore Point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2015-03-18 16:29 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {342CD102-1DE5-49AE-A53A-D33ABD85E7BC} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK) Task: {3A775123-7BDC-4E16-A8B7-6845A96A4083} - System32\Tasks\{1EDF6135-BB20-413E-8288-BC728394B876} => pcalua.exe -a E:\LxSetup.exe -d E:\ Task: {40721C3F-0996-4274-98ED-E888934C6B43} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-12] (Google Inc.) Task: {429C9858-F46A-408D-87D6-64BC0F0C99B0} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-11-24] () Task: {474683AA-2C5B-46A0-9C72-919F9FB1CBE7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-12] (Google Inc.) Task: {53997FEA-15D2-4E30-B519-F00330284647} - System32\Tasks\{C4D39608-1BDD-4FDC-94D6-2EDA5B93ECA0} => pcalua.exe -a C:\Users\Zeeh\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=cvs <==== ATTENTION Task: {661E3F48-5794-4F49-9DDE-351E8CF265E6} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-18] (ASUS) Task: {89E5C935-498B-489D-801A-3E66D5249F0A} - System32\Tasks\SQAKP => C:\ProgramData\9a57dd4bfbdc41d9a41d3b8b62f45107\9a57dd4bfbdc41d9a41d3b8b62f45107.exe Task: {8EAA276A-C2F3-409E-8546-11C58E4FA00B} - System32\Tasks\{01B8A7C3-9EE9-4DFA-80E2-0171A0BB415D} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2013-07-23] (Microsoft Corporation) Task: {8F20AF64-5623-47D4-84BD-6771C9B8432C} - System32\Tasks\{1EC1DF85-2F18-4E6E-98F2-7C1D92E46BBA} => pcalua.exe -a F:\aomwin200ea24.exe -d F:\ Task: {9C50DFC0-DC4F-4E99-B900-E921C5344D29} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {A3D57154-76E9-41EB-B88A-431B82727931} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {C2301F3D-2E4A-4C92-AF9D-A1600BCC6EA2} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-12-24] (ATK) Task: {EBA787D0-3184-4EAB-9004-F21185C8620B} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] () Task: {ECA98A70-61E5-4054-8BC5-BBC2BB7E9950} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated) Task: {F4080C3B-FFD2-4ACA-852D-23B954EBF2C3} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-05] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2011-03-14 16:27 - 2011-03-14 16:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe 2014-08-18 19:25 - 2013-02-05 08:24 - 00671744 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe 2014-08-18 19:29 - 2013-02-05 08:25 - 01541120 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe 2010-03-16 02:48 - 2010-03-16 02:48 - 01754448 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe 2008-10-23 18:21 - 2008-10-23 18:21 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2010-08-10 23:32 - 2010-08-10 23:32 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2015-03-12 19:17 - 2015-03-07 06:57 - 01530184 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll 2015-03-12 19:17 - 2015-03-07 06:57 - 00091976 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll 2015-03-12 19:17 - 2015-03-07 06:57 - 11266888 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll 2015-03-12 19:17 - 2015-03-07 06:57 - 26792264 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll 2014-08-30 17:12 - 2014-08-30 17:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll 2014-08-18 19:25 - 2009-01-10 11:32 - 00011362 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll 2014-08-18 19:25 - 2009-06-22 19:42 - 00043008 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll 2014-08-18 19:25 - 2012-10-31 10:11 - 02417152 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll 2014-08-18 19:25 - 2012-10-31 10:14 - 01148416 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll 2014-08-18 19:25 - 2012-10-31 10:33 - 09562624 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtGui4.dll 2014-08-18 19:29 - 2012-10-31 12:14 - 00082944 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\plugins\imageformats\qgif4.dll 2014-08-18 19:29 - 2012-10-31 12:16 - 00081920 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\plugins\imageformats\qico4.dll 2011-02-01 20:52 - 2011-02-01 20:52 - 11195512 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll 2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll 2014-09-11 14:09 - 2014-09-11 14:09 - 00176168 _____ () C:\Program Files (x86)\lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll 2014-09-11 14:09 - 2014-09-11 14:09 - 00043048 _____ () C:\Program Files (x86)\lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:63F29B08 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" ==================== Accounts: ============================= Administrator (S-1-5-21-1571306010-3709694829-1092883663-500 - Administrator - Disabled) Gast (S-1-5-21-1571306010-3709694829-1092883663-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1571306010-3709694829-1092883663-1009 - Limited - Enabled) Zeeh (S-1-5-21-1571306010-3709694829-1092883663-1000 - Administrator - Enabled) => C:\Users\Zeeh ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5 CPU M 450 @ 2.40GHz Percentage of memory in use: 46% Total physical RAM: 3948.54 MB Available physical RAM: 2124.88 MB Total Pagefile: 9946.73 MB Available Pagefile: 7322.03 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:149.04 GB) (Free:93.24 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (DATA) (Fixed) (Total:427.59 GB) (Free:427.23 GB) NTFS Drive h: () (Removable) (Total:3.74 GB) (Free:3.73 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: E0C5913D) Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C) Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=427.6 GB) - (Type=OF Extended) ======================================================== Disk: 1 (Size: 3.8 GB) (Disk ID: 9C744D6B) Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B) ==================== End Of Log ============================ |
19.03.2015, 21:30 | #12 |
/// the machine /// TB-Ausbilder | bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinktESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
20.03.2015, 11:17 | #13 |
| bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt Teil 1: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=e50f7b76e853ed49a2194a7dea3036ef # engine=22995 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-03-20 09:55:13 # local_time=2015-03-20 10:55:13 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Kaspersky Internet Security' # compatibility_mode=1299 16777213 100 100 16553 54416943 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 66 85 53324246 178475163 0 0 # scanned=208047 # found=24 # cleaned=24 # scan_time=4417 sh=6051713D313FF606FD60F5D69FDD243C4C85DE08 ft=1 fh=6ab584f6340ba3a4 vn="Variante von Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\krios.dll.vir" sh=288E09D0335790CCB608D0D1408BD2C6283B4ACB ft=1 fh=4edc91144fbe8cff vn="Variante von Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\krios64.dll.vir" sh=96C4BE610D5873D2105EBE6C2564227E07663E0F ft=1 fh=8279f4b6e9e016eb vn="Variante von Win32/Toolbar.Widgi.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Application Updater\ApplicationUpdater.exe.vir" sh=EFEAC355C4EAD270AC44BD41C7CE306329BF56E5 ft=1 fh=181b86f2aa11def5 vn="Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe.vir" sh=603B7320EB9962486C795BEB40B872CB724E30FF ft=1 fh=713e4df1b29097f0 vn="Variante von Win64/Toolbar.Widgi.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe.vir" sh=7616829B2865E2A55E965E8687EEF58CEBA6D9F4 ft=1 fh=c4ed652c67d9e0c9 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Spigot\Search Settings\wth160.dll.vir" sh=15C84E66FD27E71B2ADE3B26E9337E177AE60E86 ft=1 fh=98bf0f3a8e696ecd vn="Win64/Toolbar.Widgi.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Spigot\Search Settings\wthx160.dll.vir" sh=99927B7FF1BF456EF56D3957F98D727BB6DA4C28 ft=1 fh=c71c0011a837031c vn="Variante von Win32/Adware.MultiPlug.FL Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ROyalShOpperApppp\R4Qy1camJVfJlX.dll.vir" sh=D3DC65C3F2F8CE1E526762A35DD76736981A50E1 ft=1 fh=cecc82c634ed304c vn="Variante von Win64/Adware.MultiPlug.G Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ROyalShOpperApppp\R4Qy1camJVfJlX.x64.dll.vir" sh=C0B7F8C09DB0ADA3DF2102A3D08FAC9781A15DC6 ft=1 fh=55bf436402755b8c vn="Win32/ELEX.BM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchCH.dll.vir" sh=52F9085A177DC911DC513ED9FA431A58126F73CF ft=1 fh=08f0a6962a427f0c vn="Win32/ELEX.BM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll.vir" sh=FBDFC5A9C45940E1EE1DB6ADFCE2B1BD5DD301F3 ft=1 fh=c71c0011210d5c57 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll.vir" sh=D4A43936353E001F542FB287278ED350644F1917 ft=1 fh=cf34ce2fc97c23ab vn="Win32/ELEX.BM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\IeWatchDog.dll.vir" sh=599E2748522276CBF3F990EB4F46016868DEB898 ft=1 fh=f77aff1d76d0a3e6 vn="Win32/ELEX.BM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ProtectService.exe.vir" sh=E50DAB85C0710DE9EB31AE35959240275B4AE07B ft=1 fh=5d729646388faede vn="Variante von Win32/Adware.PicColor.M Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\9a57dd4bfbdc41d9a41d3b8b62f45107\9a57dd4bfbdc41d9a41d3b8b62f45107.exe.vir" sh=9F1C42FCE742E8800B0D643D7F07C4512C4A928A ft=1 fh=a4028fc937df6412 vn="Variante von Win32/Adware.PicColor.C Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\cmwr.sys.vir" sh=FBD9CC9DD4EF8C9AAB4A010379FDBE65E8760A81 ft=0 fh=0000000000000000 vn="JS/Kryptik.I Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Zeeh\AppData\Local\Mozilla\Firefox\Profiles\3aglzgxk.default\cache2\entries\0A811E3627C260AED9D6F553C616C77DE827FE54" sh=90B83EA3A71D176CA8D03DDCEF3C3F270D9639DB ft=0 fh=0000000000000000 vn="JS/Kryptik.I Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\3aglzgxk.default\extensions\veggy@veggyAddon.com\chrome\content\main.js" sh=A504F81E9D1D0BD0CDBA355620BADB13CBAB6984 ft=1 fh=5f69c3f6b4084ff0 vn="Variante von Win32/DownloadGuide.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Zeeh\Downloads\gimp.exe" sh=EDCF4EA293DD0C7475D73797276FBE9E45EBBC29 ft=1 fh=51c8894478037c3d vn="Win32/Somoto.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Zeeh\Downloads\m4a-to80-mp3-converter.exe" sh=D0357617961BF3D526BEFAAB0048CBB983EA4DF9 ft=1 fh=c604c933e8b9509f vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Zeeh\Downloads\PDFCreator-1_7_0_setup.exe" sh=6AEBC9B03C8291C5DF8B20A74874498328FD3184 ft=1 fh=24e3181a2aad989e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Zeeh\Downloads\Picture Converter - CHIP-Installer.exe" sh=F42434EB673DF4B135D8D509943965FE20F75B22 ft=1 fh=84267000d91c779b vn="Win32/ReImageRepair.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Zeeh\Downloads\ReimageRepair.exe" sh=BDC53184583ED4870CF48D54239BDD8EEA3F148F ft=1 fh=67b0812158229c81 vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Zeeh\Downloads\speedupmypc.exe" Code:
ATTFilter Results of screen317's Security Check version 0.99.97 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 67 Java version 32-bit out of Date! Java 64-bit 8 Update 31 Adobe Flash Player 16.0.0.305 Adobe Reader 10.1.11 Adobe Reader out of Date! Mozilla Firefox (36.0.1) Google Chrome (41.0.2272.89) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe Internet Manager OnlineUpdate ouc.exe Internet Manager OnlineUpdate LiveUpd.exe Acronis TrueImageHome OnlineBackupStandalone TrueImageMonitor.exe Kaspersky Lab Kaspersky Internet Security 15.0.1 avp.exe Kaspersky Lab Kaspersky Internet Security 15.0.1 avpui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Zeeh (administrator) on ZEEH-PC on 20-03-2015 11:09:55 Running from C:\Users\Zeeh\Downloads Loaded Profiles: Zeeh (Available profiles: Zeeh) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\stacsv64.exe (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (AMD) C:\Windows\System32\atieclxx.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\lexware\Update Service\Hmg.InstallationService.Service.exe () C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (ASUS) C:\Windows\AsScrPro.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (syncables, LLC) C:\Program Files (x86)\syncables\syncables desktop\syncables.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (Boingo Wireless, Inc.) C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\lexware\Update Manager\LxUpdateManager.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe (ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ATK) C:\Program Files\P4G\BatteryLife.exe () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE () C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Farbar) C:\Users\Zeeh\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-30] (ELAN Microelectronic Corp.) HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] () HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-11-27] (IDT, Inc.) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.) HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [391240 2010-12-06] (Acronis) HKLM-x32\...\Run: [Boingo Wi-Fi] => C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-08-10] () HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-11-11] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656 2009-10-27] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2009-08-20] (ASUS) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [SAOB Monitor] => C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2570688 2010-11-16] (Acronis) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5583056 2011-02-01] (Acronis) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [196648 2014-09-26] (Haufe-Lexware GmbH & Co. KG) HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\...\Run: [Syncables] => C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-04-05] (syncables, LLC) HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\...\Run: [AVMUSBFernanschluss] => C:\Users\Zeeh\AppData\Local\Apps\2.0\5H6GP0O6.A8T\ODMZ84MY.LH2\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe [139264 2012-12-30] (AVM Berlin) Startup: C:\Users\Zeeh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.) ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1571306010-3709694829-1092883663-1000 -> {393DB63D-0E30-47F8-9F47-71AA303F4DE0} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} SearchScopes: HKU\S-1-5-21-1571306010-3709694829-1092883663-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = Toolbar: HKU\S-1-5-21-1571306010-3709694829-1092883663-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File DPF: HKLM-x32 {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{71D837ED-CC19-43D6-85CD-C31CF2544AFB}: [NameServer] 10.28.253.1 Tcpip\..\Interfaces\{7C558398-EC4A-4217-8340-B8175260889E}: [NameServer] 10.74.210.210 10.74.210.211 Tcpip\..\Interfaces\{EA51E0A4-6976-447B-9AFB-E271A9B20C96}: [NameServer] 10.74.210.210 10.74.210.211 FireFox: ======== FF ProfilePath: C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\3aglzgxk.default FF Homepage: google.de FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] () FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Windows\SysWOW64\npdeployJava1.dll [2014-07-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation) FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-01] () FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-01] () FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-01] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-12] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-12] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.) FF Extension: Mozilla Firefox Hotfixer - C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\3aglzgxk.default\Extensions\veggy@veggyAddon.com [2015-03-20] FF Extension: Zoom It - C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\3aglzgxk.default\Extensions\{da15f6ce-464a-4063-1270-af5670f23067} [2015-03-20] FF Extension: Zoom It - C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\3aglzgxk.default\Extensions\{ff49035a-bfb7-0c69-8ed7-a5c9051b0b84} [2015-03-18] FF Extension: PageRank Client - C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\3aglzgxk.default\Extensions\pagerank-client@koeniglich.ch.xpi [2012-04-04] FF Extension: Adblock Plus - C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\3aglzgxk.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-20] FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-05-10] FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-01] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-01] FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-01] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.de/" CHR Profile: C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-12] CHR Extension: (Google Docs) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-12] CHR Extension: (Google Drive) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-12] CHR Extension: (YouTube) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-12] CHR Extension: (Google Search) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-12] CHR Extension: (Kaspersky Protection) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-03-12] CHR Extension: (Google Sheets) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-12] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13] CHR Extension: (Google Wallet) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-12] CHR Extension: (Gmail) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-12] CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO) S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed] R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () S2 ICM_UpdaterService; C:\Program Files (x86)\SAMSUNG\Samsung Networking Wizard\ICM_Service.exe [204883 2011-03-18] () [File not signed] S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [671744 2013-02-05] () [File not signed] R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [64552 2014-10-02] (Haufe-Lexware GmbH & Co. KG) R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MSSQL$JTLWAWI; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.exe [243712 2009-11-27] (IDT, Inc.) R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116480 2012-12-30] (AVM Berlin) R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd) R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [85048 2009-12-14] (Infowatch) R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66104 2009-12-14] (Infowatch) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [245248 2013-04-10] (Huawei Technologies Co., Ltd.) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-01-01] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [819896 2015-03-11] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-01-01] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-20] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-08-12] () S3 SoehnleComfort; C:\Windows\System32\Drivers\SoehnleComfort_x64.sys [38400 2011-04-20] () R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] () S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 cpuz134; \??\C:\Users\Zeeh\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] U3 tmlwf; No ImagePath U3 tmwfp; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-20 11:03 - 2015-03-20 11:03 - 00852604 _____ () C:\Users\Zeeh\Desktop\SecurityCheck.exe 2015-03-20 09:40 - 2015-03-20 09:40 - 02347384 _____ (ESET) C:\Users\Zeeh\Desktop\esetsmartinstaller_deu.exe 2015-03-20 08:47 - 2015-03-20 08:47 - 00934566 _____ () C:\Users\Zeeh\Downloads\adblock_plus-2.6.7-sm_tb_fx_an.zip 2015-03-19 16:56 - 2015-03-19 16:56 - 01388672 _____ (Thisisu) C:\Users\Zeeh\Desktop\JRT.exe 2015-03-19 16:47 - 2015-03-19 16:47 - 02171392 _____ () C:\Users\Zeeh\Desktop\AdwCleaner_4.112.exe 2015-03-19 15:59 - 2015-03-19 15:59 - 00001068 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-19 15:59 - 2015-03-19 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-19 15:59 - 2015-03-19 15:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-03-19 15:59 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-19 15:59 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-19 15:58 - 2015-03-19 15:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Zeeh\Desktop\mbam-setup-2.0.4.1028.exe 2015-03-18 16:33 - 2015-03-18 16:33 - 00026272 _____ () C:\ComboFix.txt 2015-03-18 16:18 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-03-18 16:18 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-03-18 16:18 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-03-18 16:18 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-03-18 16:18 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-03-18 16:18 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-03-18 16:18 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-03-18 16:18 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-03-18 16:16 - 2015-03-18 16:33 - 00000000 ____D () C:\Qoobox 2015-03-18 16:16 - 2015-03-18 16:31 - 00000000 ____D () C:\Windows\erdnt 2015-03-18 16:14 - 2015-03-18 16:14 - 05615380 ____R (Swearware) C:\Users\Zeeh\Desktop\ComboFix.exe 2015-03-17 20:12 - 2015-03-17 20:13 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Zeeh\Desktop\tdsskiller.exe 2015-03-17 18:59 - 2015-03-19 15:59 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-17 18:59 - 2015-03-18 07:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-03-17 18:58 - 2015-03-20 09:34 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-17 18:57 - 2015-03-17 20:09 - 00000000 ____D () C:\Users\Zeeh\Desktop\mbar 2015-03-17 18:57 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-17 18:55 - 2015-03-17 18:56 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Zeeh\Desktop\mbar-1.09.1.1004.exe 2015-03-14 19:01 - 2015-03-19 17:09 - 00026353 _____ () C:\Users\Zeeh\Downloads\Addition.txt 2015-03-13 16:20 - 2015-03-13 16:20 - 02095616 _____ (Farbar) C:\Users\Zeeh\Downloads\FRST64 (1).exe 2015-03-13 16:19 - 2015-03-13 16:21 - 00000000 ____D () C:\ProgramData\TuneUp Software 2015-03-13 16:19 - 2015-03-13 16:19 - 28598072 _____ (TuneUp Software) C:\Users\Zeeh\Downloads\TuneUpUtilities2014_de-DE.exe 2015-03-13 16:19 - 2015-03-13 16:19 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2015-03-13 08:45 - 2015-03-13 08:45 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-03-13 08:45 - 2015-03-13 08:45 - 00001113 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-03-13 08:45 - 2015-03-13 08:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-13 08:44 - 2015-03-13 08:45 - 40824144 _____ () C:\Users\Zeeh\Downloads\Firefox_Setup_36.0.1.exe 2015-03-12 19:17 - 2015-03-12 19:17 - 00002213 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-03-12 19:15 - 2015-03-20 10:20 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-12 19:15 - 2015-03-20 07:22 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-12 19:15 - 2015-03-12 19:15 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-03-12 19:15 - 2015-03-12 19:15 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-03-12 19:11 - 2015-03-12 19:11 - 00880208 _____ (Google Inc.) C:\Users\Zeeh\Downloads\ChromeSetup (1).exe 2015-03-12 12:36 - 2015-03-12 12:36 - 02171392 _____ () C:\Users\Zeeh\Downloads\adwcleaner_4.112.exe 2015-03-11 20:23 - 2015-03-11 20:23 - 00032768 _____ () C:\Windows\SysWOW64\persistent_q.db-shm 2015-03-11 20:23 - 2015-03-11 20:23 - 00003176 _____ () C:\Windows\SysWOW64\persistent_q.db-wal 2015-03-11 20:23 - 2015-03-11 20:23 - 00001024 _____ () C:\Windows\SysWOW64\persistent_q.db 2015-03-11 15:12 - 2015-03-11 15:12 - 02367242 _____ () C:\Users\Zeeh\Desktop\froogle.txt 2015-03-11 08:17 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-03-11 08:17 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-03-11 08:17 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-11 08:17 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-03-11 08:17 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-03-11 08:17 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-03-11 08:17 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-03-11 08:17 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-03-11 08:17 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-11 08:17 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-03-11 08:17 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-11 08:17 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-03-11 08:17 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-03-11 08:17 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-03-11 08:17 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-03-11 08:17 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-03-11 08:17 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-03-11 08:17 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-03-11 08:17 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-03-11 08:17 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-11 08:17 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2015-03-11 08:17 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-03-11 08:17 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-03-11 08:17 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2015-03-11 08:17 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2015-03-11 08:17 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2015-03-11 08:17 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-03-11 08:17 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-03-11 08:17 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2015-03-11 08:17 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-03-11 08:17 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-03-11 08:17 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2015-03-11 08:17 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2015-03-11 08:17 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2015-03-11 08:17 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2015-03-11 08:17 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2015-03-11 08:17 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2015-03-11 08:17 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-03-11 08:17 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-03-11 08:17 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-03-11 08:16 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-11 08:16 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll 2015-03-11 08:15 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-03-11 08:15 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-03-11 08:15 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-11 08:15 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-03-11 08:15 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-03-11 08:15 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-03-11 08:15 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-03-11 08:15 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-03-11 08:15 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-03-11 08:15 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-03-11 08:15 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-03-11 08:15 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-03-11 08:15 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-03-11 08:15 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-03-11 08:15 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-03-11 08:15 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-03-11 08:15 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-03-11 08:15 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-03-11 08:15 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-03-11 08:15 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-03-11 08:15 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-03-11 08:15 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-11 08:15 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-11 08:15 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-03-11 08:15 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-11 08:15 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-03-11 08:15 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-03-11 08:15 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-03-11 08:15 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-03-11 08:15 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-11 08:15 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-03-11 08:15 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-11 08:15 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-03-11 08:15 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-03-11 08:15 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-11 08:15 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-03-11 08:15 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-11 08:15 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-11 08:15 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-11 08:15 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-03-11 08:15 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-11 08:15 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-11 08:15 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-03-11 08:15 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-03-11 08:15 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-11 08:15 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-03-11 08:15 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-03-11 08:15 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-11 08:15 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-03-11 08:15 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-03-11 08:15 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-03-11 08:15 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-03-11 08:15 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-03-11 08:15 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-03-11 08:15 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-11 08:15 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-03-11 08:15 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-03-11 08:15 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-03-11 08:15 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-03-11 08:15 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-03-11 08:15 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-03-11 08:15 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-11 08:15 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-03-11 08:15 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-03-11 08:15 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-11 08:15 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-11 08:15 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-03-11 08:15 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-03-11 08:15 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-03-11 08:15 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-11 08:15 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-03-11 08:15 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-03-11 08:15 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-03-11 08:15 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-11 08:15 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-11 08:15 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-03-11 08:15 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-03-11 08:15 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-03-11 08:15 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-03-11 08:15 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-11 08:15 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-11 08:15 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2015-03-11 08:15 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-11 08:15 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-03-11 08:15 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-03-11 08:15 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-11 08:15 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-03-08 16:25 - 2015-03-08 16:25 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-03-08 16:24 - 2015-03-08 16:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Zeeh\Downloads\revosetup95.exe 2015-03-08 16:20 - 2015-03-20 11:11 - 00024332 _____ () C:\Users\Zeeh\Downloads\FRST.txt 2015-03-08 16:19 - 2015-03-20 11:09 - 00000000 ____D () C:\FRST 2015-03-08 16:19 - 2015-03-08 16:19 - 02095104 _____ (Farbar) C:\Users\Zeeh\Downloads\FRST64.exe 2015-03-07 22:41 - 2015-03-07 22:41 - 00093359 _____ () C:\Users\Zeeh\Downloads\Invoice_Jan-16-15_Feb-15-15.csv 2015-03-06 17:33 - 2015-03-19 16:54 - 00000000 ____D () C:\AdwCleaner 2015-03-06 09:25 - 2015-03-13 08:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-02 11:58 - 2015-03-02 11:58 - 00029696 _____ () C:\Users\Zeeh\Documents\froogle.xls 2015-03-01 13:15 - 2015-03-20 08:11 - 00017838 _____ () C:\Users\Zeeh\Desktop\Artesano-Wollliste.xlsx 2015-03-01 13:15 - 2015-03-02 12:01 - 00018899 _____ () C:\Users\Zeeh\Documents\Artesano-Wollliste.xlsx 2015-02-26 07:40 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll 2015-02-26 07:40 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-02-26 07:40 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll 2015-02-26 07:40 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll 2015-02-26 07:36 - 2015-02-26 07:38 - 00000000 ____D () C:\Program Files (x86)\Bookmark Search 2015-02-25 19:50 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls 2015-02-25 19:50 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-20 10:31 - 2015-01-20 14:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-20 10:19 - 2010-08-10 22:48 - 01846112 _____ () C:\Windows\WindowsUpdate.log 2015-03-20 08:11 - 2014-01-14 14:21 - 00258108 _____ () C:\Users\Zeeh\Desktop\Bestandsliste Perfect Petzzz.xlsx 2015-03-20 07:57 - 2011-01-03 04:41 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1B35FCC2-2D8D-4E4D-A77B-606E14FE5BEB} 2015-03-20 07:48 - 2010-12-30 23:10 - 00000000 ____D () C:\Users\Zeeh\AppData\Roaming\SoftGrid Client 2015-03-20 07:47 - 2013-05-10 16:31 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine SUN 2015-03-20 07:27 - 2009-07-14 05:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-20 07:27 - 2009-07-14 05:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-20 07:22 - 2011-03-09 08:42 - 00000000 ____D () C:\Users\Zeeh\AppData\Local\Deployment 2015-03-20 07:22 - 2011-01-01 17:18 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-03-20 07:19 - 2015-01-23 08:57 - 00006115 _____ () C:\Windows\setupact.log 2015-03-20 07:19 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-19 19:22 - 2010-12-31 14:43 - 00000000 ____D () C:\ProgramData\Lexware 2015-03-19 18:31 - 2015-02-16 08:35 - 00000000 ____D () C:\Users\Zeeh\Documents\DHL-Reklamationen 2015-03-19 16:52 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-03-19 16:50 - 2015-01-23 08:56 - 00027952 _____ () C:\Windows\PFRO.log 2015-03-19 16:38 - 2010-08-10 23:45 - 00001754 _____ () C:\Windows\system32\ServiceFilter.ini 2015-03-19 16:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2015-03-19 10:44 - 2013-11-06 14:20 - 00036547 _____ () C:\Users\Zeeh\Desktop\Bestellformular Beleduc.xlsx 2015-03-18 16:37 - 2011-03-09 08:42 - 00000000 ____D () C:\Users\Zeeh\AppData\Local\Apps\2.0 2015-03-18 16:29 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-03-18 07:46 - 2015-01-23 08:59 - 00088895 _____ () C:\Windows\avmacc.log 2015-03-17 19:33 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media 2015-03-17 09:05 - 2011-01-01 14:23 - 00045056 _____ () C:\Windows\system32\acovcnt.exe 2015-03-16 16:25 - 2013-12-08 08:49 - 00017082 _____ () C:\Users\Zeeh\Desktop\monatliche Kosten.xlsx 2015-03-16 14:36 - 2014-05-26 10:47 - 00015663 _____ () C:\Users\Zeeh\Desktop\Bestellschein PerfectPetzzz EUR.xlsx 2015-03-16 07:42 - 2013-06-03 08:47 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine Uniwood 2015-03-16 07:41 - 2013-07-19 08:51 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine Kaden 2015-03-13 11:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2015-03-12 19:17 - 2010-08-10 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-03-12 19:17 - 2010-08-10 23:12 - 00000000 ____D () C:\Program Files (x86)\Google 2015-03-12 15:52 - 2010-12-30 22:33 - 00000000 ____D () C:\Users\Zeeh\AppData\Local\Google 2015-03-12 11:55 - 2010-08-10 23:45 - 00002476 _____ () C:\Windows\system32\AutoRunFilter.ini 2015-03-12 11:49 - 2010-08-10 23:09 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-03-12 11:22 - 2010-12-31 14:44 - 00000000 ____D () C:\Program Files (x86)\lexware 2015-03-12 11:22 - 2010-12-31 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware 2015-03-12 11:15 - 2010-08-10 23:08 - 00000000 ____D () C:\ProgramData\CyberLink 2015-03-12 10:42 - 2010-08-10 23:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility 2015-03-12 10:42 - 2010-08-10 23:13 - 00000000 ____D () C:\Program Files (x86)\ASUS 2015-03-12 08:31 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-03-12 08:29 - 2015-01-23 08:56 - 00307104 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-12 08:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2015-03-12 08:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism 2015-03-11 20:17 - 2013-07-14 10:08 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-11 20:01 - 2011-01-09 17:52 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-11 07:55 - 2014-08-20 18:04 - 00819896 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2015-03-10 10:31 - 2009-08-04 10:51 - 00715658 _____ () C:\Windows\system32\perfh007.dat 2015-03-10 10:31 - 2009-08-04 10:51 - 00156312 _____ () C:\Windows\system32\perfc007.dat 2015-03-10 10:31 - 2009-07-14 06:13 - 01660372 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-10 10:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-03-08 16:40 - 2012-04-29 20:52 - 00000000 ____D () C:\Program Files (x86)\CEWE COLOR 2015-03-06 17:36 - 2011-01-01 15:11 - 00000000 ____D () C:\Windows\system32\log 2015-03-04 17:29 - 2015-01-22 11:05 - 00012247 _____ () C:\Users\Zeeh\Documents\Antje-Lohn.xlsx 2015-02-26 08:49 - 2011-01-01 17:17 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-02-26 08:30 - 2013-05-10 16:33 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine Rülke 2015-02-25 07:49 - 2013-05-10 16:33 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine SINA 2015-02-24 17:15 - 2013-03-16 21:20 - 00000000 ____D () C:\Users\Zeeh\Desktop\Bilder 2015-02-23 17:41 - 2011-05-20 21:20 - 00068744 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT 2015-02-23 13:47 - 2011-03-05 18:38 - 00017150 _____ () C:\Users\Zeeh\Documents\Darlehen.xlsx 2015-02-23 12:06 - 2011-02-14 08:52 - 00000000 __RSD () C:\Users\Zeeh\Documents\My Stationery 2015-02-19 11:15 - 2015-02-12 18:35 - 00025921 _____ () C:\Windows\system32\ScanResults.xml 2015-02-19 11:12 - 2015-02-12 18:31 - 00000464 _____ () C:\Windows\system32\ScannerSettings 2015-02-18 16:06 - 2012-07-10 07:57 - 00000000 ____D () C:\Users\Zeeh\AppData\Roaming\FileZilla ==================== Files in the root of some directories ======= 2015-02-06 09:17 - 2015-02-06 09:17 - 0000020 _____ () C:\Users\Zeeh\AppData\Roaming\appdataFr3.bin 2012-12-30 13:11 - 2012-12-30 13:11 - 0017408 _____ () C:\Users\Zeeh\AppData\Local\WebpageIcons.db 2010-08-10 23:16 - 2009-12-24 13:38 - 0131368 _____ () C:\ProgramData\FullRemove.exe 2010-08-10 23:09 - 2010-08-10 23:10 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2010-08-10 23:09 - 2010-08-10 23:09 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Some content of TEMP: ==================== C:\Users\Zeeh\AppData\Local\Temp\Quarantine.exe C:\Users\Zeeh\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-15 11:04 ==================== End Of Log ============================ --- --- --- und addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015 Ran by Zeeh at 2015-03-20 11:11:46 Running from C:\Users\Zeeh\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Acronis*True*Image*Home 2011 (HKLM-x32\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6696 - Acronis) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.) Adobe Flash Player 14 ActiveX (HKLM-x32\...\{1F5E5F2E-5E61-431D-B796-58CCC6B68E28}) (Version: 14.0.0.125 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader X (10.1.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated) Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.8 - ASUS) ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK) ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS) ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS) ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.27 - ASUS) ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS) ASUS USB2.0 UVC VGA WebCam (HKLM\...\ASUS USB2.0 UVC VGA WebCam) (Version: 5.8.53120.202 - Sonix) ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus) ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.) ATI Catalyst Install Manager (HKLM\...\{80AB4395-42E3-D0B3-A310-6F0A6BD9709B}) (Version: 3.0.750.0 - ATI Technologies, Inc.) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0001 - ASUS) Body Balance Comfort Select Software (HKLM-x32\...\{74B92B80-C11A-4DD0-884C-A532B788C2D4}) (Version: 1.0.0 - Leifheit AG) Boingo Wi-Fi (HKLM-x32\...\{B653A2EC-D816-4498-A4FD-651047AB9DC9}) (Version: 1.7.0048 - Boingo Wireless, Inc.) Brother MFL-Pro Suite DCP-9055CDN (HKLM-x32\...\{979742CC-2CBB-49D8-9BEE-C2F7875F5393}) (Version: 1.1.5.0 - Brother Industries, Ltd.) ccc-core-static (x32 Version: 2009.1111.1543.28169 - ATI) Hidden Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS) DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden ETDWare PS/2-x64 7.0.5.9_WHQL (HKLM\...\Elantech) (Version: - ) Express Rip (HKLM-x32\...\ExpressRip) (Version: 1.94 - NCH Software) Fahrtenbuch.net 1.5.12 (HKLM-x32\...\Fahrtenbuch.net_is1) (Version: - COMputer.INTernet.SOftware Tobias Schiek) Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS) FileZilla Client 3.2.7.1 (HKLM-x32\...\FileZilla Client) (Version: 3.2.7.1 - ) FRITZ!Box USB-Fernanschluss (HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\...\f018cf21c0452c64) (Version: 2.3.0.2 - AVM Berlin) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.) Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6259.0 - IDT) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation) Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel) Internet Manager (HKLM-x32\...\Internet Manager) (Version: 22.001.18.76.55 - Huawei Technologies Co.,Ltd) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.670 - Oracle) Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden K_Series_ScreenSaver_EN (HKLM-x32\...\K_Series_ScreenSaver_EN) (Version: - ) Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden Lexware Abschreibungsrechner (x32 Version: 14.00.00.0004 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware büro easy 2015 (x32 Version: 28.02.00.0197 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware büro easy plus 2015 (HKLM-x32\...\{3eadd447-88bd-45e6-8410-0b31dcad2556}) (Version: 28.0.0.132 - Haufe-Lexware GmbH & Co.KG) Lexware Elster (x32 Version: 15.00.00.0056 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Info Service (x32 Version: 5.00.00.0044 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Installations Dienst (x32 Version: 4.00.00.0008 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware online banking (x32 Version: 22.02.00.0040 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware PDF-Export 5 (x32 Version: 5.00.00.0005 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Sepa Check (x32 Version: 1.00.00.0003 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Zeiterfassung (x32 Version: 28.00.00.0003 - Haufe-Lexware GmbH & Co.KG) Hidden Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech) Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{7C39E0D1-E138-42B1-B083-213EC2CF7692}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation) Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA) PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge) QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Samsung Networking Wizard (HKLM-x32\...\{0C485220-4029-48E7-9F27-965DA4A78D5E}) (Version: 1.1.11052.2 - Samsung Electronics Co., Ltd. ) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2000.0 - SAMSUNG Electronics Co., Ltd.) Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Hidden SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) SolidWorks eDrawings 2011 (HKLM-x32\...\{9402DAC1-447E-49C9-979D-BD5838E709D7}) (Version: 11.4.113 - Dassault Systèmes SolidWorks Corp.) syncables desktop SE (HKLM-x32\...\{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}) (Version: 5.5.615.9518 - syncables) Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.) Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM-x32\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation) Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies) Windows Live Anmelde-Assistent (HKLM-x32\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation) Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS) Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 11-03-2015 19:59:02 Windows Update 12-03-2015 10:18:32 Revo Uninstaller's restore point - ASUS FancyStart 12-03-2015 10:42:26 Removed ASUS FancyStart 12-03-2015 10:46:59 Revo Uninstaller's restore point - Bing Bar 12-03-2015 11:07:01 Revo Uninstaller's restore point - CyberLink LabelPrint 12-03-2015 11:07:37 Konfiguriert LabelPrint 12-03-2015 11:13:30 Revo Uninstaller's restore point - CyberLink Power2Go 12-03-2015 11:13:53 Konfiguriert Power2Go 12-03-2015 11:16:10 Revo Uninstaller's restore point - Lexware lohnauskunft 2009 12-03-2015 11:16:25 Konfiguriert Lexware lohnauskunft 2009 12-03-2015 11:18:01 Revo Uninstaller's restore point - Lexware lohnauskunft 2009 12-03-2015 11:18:21 Revo Uninstaller's restore point - Lexware lohnauskunft 2014 12-03-2015 11:18:55 Removed Lexware lohnauskunft 2014. 12-03-2015 11:21:34 Revo Uninstaller's restore point - Lexware reisekosten 2009 12-03-2015 11:21:47 Konfiguriert Lexware reisekosten 2009 12-03-2015 11:23:13 Revo Uninstaller's restore point - Mozilla Firefox 36.0.1 (x86 de) 12-03-2015 11:27:02 Revo Uninstaller's restore point - Mozilla Firefox 36.0.1 (x86 de) 12-03-2015 11:48:31 Entfernt DELISprint 12-03-2015 11:52:20 Removed RENESIS® Player Browser Plugins 13-03-2015 16:19:53 TuneUp Utilities 2014 wird installiert 13-03-2015 16:20:57 TuneUp Utilities 2014 (de-DE) wird entfernt 17-03-2015 19:28:27 Malwarebytes Anti-Rootkit Restore Point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2015-03-18 16:29 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {342CD102-1DE5-49AE-A53A-D33ABD85E7BC} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK) Task: {3A775123-7BDC-4E16-A8B7-6845A96A4083} - System32\Tasks\{1EDF6135-BB20-413E-8288-BC728394B876} => pcalua.exe -a E:\LxSetup.exe -d E:\ Task: {40721C3F-0996-4274-98ED-E888934C6B43} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-12] (Google Inc.) Task: {429C9858-F46A-408D-87D6-64BC0F0C99B0} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-11-24] () Task: {474683AA-2C5B-46A0-9C72-919F9FB1CBE7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-12] (Google Inc.) Task: {53997FEA-15D2-4E30-B519-F00330284647} - System32\Tasks\{C4D39608-1BDD-4FDC-94D6-2EDA5B93ECA0} => pcalua.exe -a C:\Users\Zeeh\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=cvs <==== ATTENTION Task: {661E3F48-5794-4F49-9DDE-351E8CF265E6} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-18] (ASUS) Task: {89E5C935-498B-489D-801A-3E66D5249F0A} - System32\Tasks\SQAKP => C:\ProgramData\9a57dd4bfbdc41d9a41d3b8b62f45107\9a57dd4bfbdc41d9a41d3b8b62f45107.exe Task: {8EAA276A-C2F3-409E-8546-11C58E4FA00B} - System32\Tasks\{01B8A7C3-9EE9-4DFA-80E2-0171A0BB415D} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2013-07-23] (Microsoft Corporation) Task: {8F20AF64-5623-47D4-84BD-6771C9B8432C} - System32\Tasks\{1EC1DF85-2F18-4E6E-98F2-7C1D92E46BBA} => pcalua.exe -a F:\aomwin200ea24.exe -d F:\ Task: {9C50DFC0-DC4F-4E99-B900-E921C5344D29} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {A3D57154-76E9-41EB-B88A-431B82727931} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {C2301F3D-2E4A-4C92-AF9D-A1600BCC6EA2} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-12-24] (ATK) Task: {EBA787D0-3184-4EAB-9004-F21185C8620B} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] () Task: {ECA98A70-61E5-4054-8BC5-BBC2BB7E9950} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated) Task: {F4080C3B-FFD2-4ACA-852D-23B954EBF2C3} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-05] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2011-03-14 16:27 - 2011-03-14 16:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe 2014-08-18 19:25 - 2013-02-05 08:24 - 00671744 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe 2014-08-18 19:29 - 2013-02-05 08:25 - 01541120 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe 2010-03-16 02:48 - 2010-03-16 02:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll 2010-08-10 23:13 - 2010-08-10 23:13 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll 2010-08-10 23:13 - 2010-08-10 23:13 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll 2010-03-16 02:48 - 2010-03-16 02:48 - 01754448 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe 2008-10-01 07:02 - 2008-10-01 07:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll 2009-12-23 21:12 - 2009-12-23 21:12 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll 2009-12-19 03:11 - 2009-12-19 03:11 - 00033280 _____ () C:\Program Files\P4G\OvrClk.dll 2009-11-24 21:45 - 2009-11-24 21:45 - 00053888 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe 2010-08-10 23:46 - 2007-11-30 19:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe 2010-01-05 01:43 - 2010-01-05 01:43 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe 2008-10-23 18:21 - 2008-10-23 18:21 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2010-08-10 23:32 - 2010-08-10 23:32 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2015-03-12 19:17 - 2015-03-07 06:57 - 01530184 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll 2015-03-12 19:17 - 2015-03-07 06:57 - 00091976 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll 2010-02-28 02:33 - 2010-02-28 02:33 - 00077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe 2015-03-12 19:17 - 2015-03-07 06:57 - 11266888 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll 2014-08-30 17:12 - 2014-08-30 17:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll 2014-08-18 19:25 - 2009-01-10 11:32 - 00011362 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll 2014-08-18 19:25 - 2009-06-22 19:42 - 00043008 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll 2014-08-18 19:25 - 2012-10-31 10:11 - 02417152 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll 2014-08-18 19:25 - 2012-10-31 10:14 - 01148416 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll 2014-08-18 19:25 - 2012-10-31 10:33 - 09562624 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtGui4.dll 2014-08-18 19:29 - 2012-10-31 12:14 - 00082944 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\plugins\imageformats\qgif4.dll 2014-08-18 19:29 - 2012-10-31 12:16 - 00081920 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\plugins\imageformats\qico4.dll 2011-02-01 20:52 - 2011-02-01 20:52 - 11195512 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll 2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll 2014-09-11 14:09 - 2014-09-11 14:09 - 00176168 _____ () C:\Program Files (x86)\lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll 2014-09-11 14:09 - 2014-09-11 14:09 - 00043048 _____ () C:\Program Files (x86)\lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:63F29B08 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" ==================== Accounts: ============================= Administrator (S-1-5-21-1571306010-3709694829-1092883663-500 - Administrator - Disabled) Gast (S-1-5-21-1571306010-3709694829-1092883663-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1571306010-3709694829-1092883663-1009 - Limited - Enabled) Zeeh (S-1-5-21-1571306010-3709694829-1092883663-1000 - Administrator - Enabled) => C:\Users\Zeeh ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (03/20/2015 10:56:58 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (03/20/2015 09:40:20 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (03/20/2015 09:40:17 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (03/20/2015 09:40:06 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors: ============= Error: (03/20/2015 07:20:42 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (03/20/2015 07:19:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (03/20/2015 07:19:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Internet Manager. OUC erreicht. Microsoft Office Sessions: ========================= Error: (03/20/2015 10:56:58 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (03/20/2015 09:40:20 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Zeeh\Desktop\esetsmartinstaller_deu.exe Error: (03/20/2015 09:40:17 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Zeeh\Desktop\esetsmartinstaller_deu.exe Error: (03/20/2015 09:40:06 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Zeeh\Desktop\esetsmartinstaller_deu.exe ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5 CPU M 450 @ 2.40GHz Percentage of memory in use: 59% Total physical RAM: 3948.54 MB Available physical RAM: 1596.05 MB Total Pagefile: 9946.73 MB Available Pagefile: 6872.18 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:149.04 GB) (Free:93.01 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (DATA) (Fixed) (Total:427.59 GB) (Free:427.23 GB) NTFS Drive h: () (Removable) (Total:3.74 GB) (Free:3.73 GB) FAT32 Drive z: (OS) (Network) (Total:149.04 GB) (Free:93.01 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: E0C5913D) Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C) Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=427.6 GB) - (Type=OF Extended) ======================================================== Disk: 1 (Size: 3.8 GB) (Disk ID: 9C744D6B) Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B) ==================== End Of Log ============================ |
21.03.2015, 09:55 | #14 |
/// the machine /// TB-Ausbilder | bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt Java und Adobe updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Zeeh\AppData\Local\Mozilla\Firefox\Profiles\3aglzgxk.default\cache2\entries\0A811E3627C260AED9D6F553C616C77DE827FE54 C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\3aglzgxk.default\extensions\veggy@veggyAddon.com\chrome\content\main.js C:\Users\Zeeh\Downloads\gimp.exe C:\Users\Zeeh\Downloads\m4a-to80-mp3-converter.exe C:\Users\Zeeh\Downloads\PDFCreator-1_7_0_setup.exe C:\Users\Zeeh\Downloads\Picture Converter - CHIP-Installer.exe C:\Users\Zeeh\Downloads\ReimageRepair.exe C:\Users\Zeeh\Downloads\speedupmypc.exe Task: {53997FEA-15D2-4E30-B519-F00330284647} - System32\Tasks\{C4D39608-1BDD-4FDC-94D6-2EDA5B93ECA0} => pcalua.exe -a C:\Users\Zeeh\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=cvs <==== ATTENTION C:\Users\Zeeh\AppData\Roaming\webssearches Tcpip\..\Interfaces\{71D837ED-CC19-43D6-85CD-C31CF2544AFB}: [NameServer] 10.28.253.1 Tcpip\..\Interfaces\{7C558398-EC4A-4217-8340-B8175260889E}: [NameServer] 10.74.210.210 10.74.210.211 Tcpip\..\Interfaces\{EA51E0A4-6976-447B-9AFB-E271A9B20C96}: [NameServer] 10.74.210.210 10.74.210.211 U3 tmlwf; No ImagePath U3 tmwfp; No ImagePath Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Revo Uninstaller - Download - Filepony damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.mozilla.org/de/kb/fi...einfach-loesen Frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
22.03.2015, 17:00 | #15 |
| bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinktCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015 Ran by Zeeh at 2015-03-22 15:59:02 Run:1 Running from C:\Users\Zeeh\Downloads Loaded Profiles: Zeeh (Available profiles: Zeeh) Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Users\Zeeh\AppData\Local\Mozilla\Firefox\Profiles\3aglzgxk.default\cache2\entries\0A811E3627C260AED9D6F553C616C77DE827FE54 C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\3aglzgxk.default\extensions\veggy@veggyAddon.com\chrome\content\main.js C:\Users\Zeeh\Downloads\gimp.exe C:\Users\Zeeh\Downloads\m4a-to80-mp3-converter.exe C:\Users\Zeeh\Downloads\PDFCreator-1_7_0_setup.exe C:\Users\Zeeh\Downloads\Picture Converter - CHIP-Installer.exe C:\Users\Zeeh\Downloads\ReimageRepair.exe C:\Users\Zeeh\Downloads\speedupmypc.exe Task: {53997FEA-15D2-4E30-B519-F00330284647} - System32\Tasks\{C4D39608-1BDD-4FDC-94D6-2EDA5B93ECA0} => pcalua.exe -a C:\Users\Zeeh\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=cvs <==== ATTENTION C:\Users\Zeeh\AppData\Roaming\webssearches Tcpip\..\Interfaces\{71D837ED-CC19-43D6-85CD-C31CF2544AFB}: [NameServer] 10.28.253.1 Tcpip\..\Interfaces\{7C558398-EC4A-4217-8340-B8175260889E}: [NameServer] 10.74.210.210 10.74.210.211 Tcpip\..\Interfaces\{EA51E0A4-6976-447B-9AFB-E271A9B20C96}: [NameServer] 10.74.210.210 10.74.210.211 U3 tmlwf; No ImagePath U3 tmwfp; No ImagePath Emptytemp: ***************** "C:\Users\Zeeh\AppData\Local\Mozilla\Firefox\Profiles\3aglzgxk.default\cache2\entries\0A811E3627C260AED9D6F553C616C77DE827FE54" => File/Directory not found. "C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\3aglzgxk.default\extensions\veggy@veggyAddon.com\chrome\content\main.js" => File/Directory not found. "C:\Users\Zeeh\Downloads\gimp.exe" => File/Directory not found. "C:\Users\Zeeh\Downloads\m4a-to80-mp3-converter.exe" => File/Directory not found. "C:\Users\Zeeh\Downloads\PDFCreator-1_7_0_setup.exe" => File/Directory not found. "C:\Users\Zeeh\Downloads\Picture Converter - CHIP-Installer.exe" => File/Directory not found. "C:\Users\Zeeh\Downloads\ReimageRepair.exe" => File/Directory not found. "C:\Users\Zeeh\Downloads\speedupmypc.exe" => File/Directory not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53997FEA-15D2-4E30-B519-F00330284647}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53997FEA-15D2-4E30-B519-F00330284647}" => Key deleted successfully. C:\Windows\System32\Tasks\{C4D39608-1BDD-4FDC-94D6-2EDA5B93ECA0} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C4D39608-1BDD-4FDC-94D6-2EDA5B93ECA0}" => Key deleted successfully. "C:\Users\Zeeh\AppData\Roaming\webssearches" => File/Directory not found. HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{71D837ED-CC19-43D6-85CD-C31CF2544AFB}\\NameServer => value deleted successfully. HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7C558398-EC4A-4217-8340-B8175260889E}\\NameServer => value deleted successfully. HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EA51E0A4-6976-447B-9AFB-E271A9B20C96}\\NameServer => value deleted successfully. tmlwf => Service deleted successfully. tmwfp => Service deleted successfully. EmptyTemp: => Removed 1020.5 MB temporary data. The system needed a reboot. ==== End of Fixlog 16:02:54 ==== FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Zeeh (administrator) on ZEEH-PC on 22-03-2015 16:55:12 Running from C:\Users\Zeeh\Downloads Loaded Profiles: Zeeh (Available profiles: Zeeh) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\stacsv64.exe (AMD) C:\Windows\System32\atieclxx.exe (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\lexware\Update Service\Hmg.InstallationService.Service.exe () C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe (ATK) C:\Program Files\P4G\BatteryLife.exe (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS) C:\Windows\AsScrPro.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (Boingo Wireless, Inc.) C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\lexware\Update Manager\LxUpdateManager.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Farbar) C:\Users\Zeeh\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-30] (ELAN Microelectronic Corp.) HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] () HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-11-27] (IDT, Inc.) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.) HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [391240 2010-12-06] (Acronis) HKLM-x32\...\Run: [Boingo Wi-Fi] => C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk [2429 2010-08-10] () HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-11-11] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656 2009-10-27] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2009-08-20] (ASUS) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [SAOB Monitor] => C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2570688 2010-11-16] (Acronis) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5583056 2011-02-01] (Acronis) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [196648 2014-09-26] (Haufe-Lexware GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation) HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\...\Run: [Syncables] => C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-04-05] (syncables, LLC) HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\...\Run: [AVMUSBFernanschluss] => C:\Users\Zeeh\AppData\Local\Apps\2.0\5H6GP0O6.A8T\ODMZ84MY.LH2\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe [139264 2012-12-30] (AVM Berlin) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Zeeh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.) ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1571306010-3709694829-1092883663-1000 -> {393DB63D-0E30-47F8-9F47-71AA303F4DE0} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} SearchScopes: HKU\S-1-5-21-1571306010-3709694829-1092883663-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-22] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-22] (Oracle Corporation) Toolbar: HKU\S-1-5-21-1571306010-3709694829-1092883663-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File DPF: HKLM-x32 {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\0x7g321o.default-1427039512945 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] () FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-22] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-22] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] () FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-01] () FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-01] () FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-01] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-12] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-12] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF user.js: detected! => C:\Users\Zeeh\AppData\Roaming\Mozilla\Firefox\Profiles\0x7g321o.default-1427039512945\user.js [2015-03-22] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.de/" CHR Profile: C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-12] CHR Extension: (Google Docs) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-12] CHR Extension: (Google Drive) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-12] CHR Extension: (YouTube) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-12] CHR Extension: (Adblock Plus) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-22] CHR Extension: (Google Search) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-12] CHR Extension: (Kaspersky Protection) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-03-12] CHR Extension: (Google Sheets) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-12] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13] CHR Extension: (Google Wallet) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-12] CHR Extension: (Gmail) - C:\Users\Zeeh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-12] CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO) S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed] R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () S2 ICM_UpdaterService; C:\Program Files (x86)\SAMSUNG\Samsung Networking Wizard\ICM_Service.exe [204883 2011-03-18] () [File not signed] S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [671744 2013-02-05] () [File not signed] R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [64552 2014-10-02] (Haufe-Lexware GmbH & Co. KG) R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.) R2 MSSQL$JTLWAWI; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.exe [243712 2009-11-27] (IDT, Inc.) R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116480 2012-12-30] (AVM Berlin) R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd) R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [85048 2009-12-14] (Infowatch) R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66104 2009-12-14] (Infowatch) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [245248 2013-04-10] (Huawei Technologies Co., Ltd.) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-01-01] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [819896 2015-03-11] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-01-01] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-22] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-08-12] () S3 SoehnleComfort; C:\Windows\System32\Drivers\SoehnleComfort_x64.sys [38400 2011-04-20] () R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-08-06] () S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 cpuz134; \??\C:\Users\Zeeh\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-22 16:51 - 2015-03-22 16:51 - 00000000 ____D () C:\Users\Zeeh\Desktop\Alte Firefox-Daten 2015-03-22 16:48 - 2015-03-22 16:48 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-03-22 16:48 - 2015-03-22 16:48 - 00001113 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-03-22 16:48 - 2015-03-22 16:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-22 16:47 - 2015-03-22 16:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-22 16:44 - 2015-03-22 16:44 - 01203488 _____ () C:\Users\Zeeh\Desktop\Firefox - CHIP-Installer.exe 2015-03-22 16:09 - 2015-03-22 16:09 - 00001230 _____ () C:\Users\Zeeh\Desktop\Revo Uninstaller.lnk 2015-03-22 16:08 - 2015-03-22 16:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Zeeh\Desktop\revosetup95.exe 2015-03-22 15:51 - 2015-03-22 15:51 - 00002132 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2015-03-22 15:51 - 2015-03-22 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2015-03-22 15:51 - 2015-03-22 15:51 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2015-03-22 15:51 - 2015-03-22 15:51 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan 2015-03-22 15:50 - 2015-03-22 15:50 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-03-22 15:50 - 2015-03-22 15:50 - 00001981 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2015-03-22 15:38 - 2015-03-22 15:37 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-03-22 15:35 - 2015-03-22 15:36 - 42925480 _____ (Oracle Corporation) C:\Users\Zeeh\Desktop\jre-8u40-windows-x64.exe 2015-03-21 09:24 - 2015-03-21 09:24 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\379B00F2.sys 2015-03-20 08:47 - 2015-03-20 08:47 - 00934566 _____ () C:\Users\Zeeh\Downloads\adblock_plus-2.6.7-sm_tb_fx_an.zip 2015-03-19 15:59 - 2015-03-19 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-19 15:59 - 2015-03-19 15:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-03-19 15:59 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-19 15:59 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-18 16:33 - 2015-03-18 16:33 - 00026272 _____ () C:\ComboFix.txt 2015-03-18 16:18 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-03-18 16:18 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-03-18 16:18 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-03-18 16:18 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-03-18 16:18 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-03-18 16:18 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-03-18 16:18 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-03-18 16:18 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-03-18 16:16 - 2015-03-18 16:33 - 00000000 ____D () C:\Qoobox 2015-03-18 16:16 - 2015-03-18 16:31 - 00000000 ____D () C:\Windows\erdnt 2015-03-17 18:59 - 2015-03-19 15:59 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-17 18:59 - 2015-03-18 07:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-03-17 18:58 - 2015-03-22 16:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-17 18:57 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-14 19:01 - 2015-03-20 11:12 - 00034012 _____ () C:\Users\Zeeh\Downloads\Addition.txt 2015-03-13 16:20 - 2015-03-13 16:20 - 02095616 _____ (Farbar) C:\Users\Zeeh\Downloads\FRST64 (1).exe 2015-03-13 16:19 - 2015-03-13 16:21 - 00000000 ____D () C:\ProgramData\TuneUp Software 2015-03-13 16:19 - 2015-03-13 16:19 - 28598072 _____ (TuneUp Software) C:\Users\Zeeh\Downloads\TuneUpUtilities2014_de-DE.exe 2015-03-13 16:19 - 2015-03-13 16:19 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2015-03-13 08:44 - 2015-03-13 08:45 - 40824144 _____ () C:\Users\Zeeh\Downloads\Firefox_Setup_36.0.1.exe 2015-03-12 19:17 - 2015-03-22 14:45 - 00002137 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-03-12 19:15 - 2015-03-22 16:20 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-12 19:15 - 2015-03-22 16:04 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-12 19:15 - 2015-03-12 19:15 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-03-12 19:15 - 2015-03-12 19:15 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-03-12 19:11 - 2015-03-12 19:11 - 00880208 _____ (Google Inc.) C:\Users\Zeeh\Downloads\ChromeSetup (1).exe 2015-03-12 12:36 - 2015-03-12 12:36 - 02171392 _____ () C:\Users\Zeeh\Downloads\adwcleaner_4.112.exe 2015-03-11 20:23 - 2015-03-11 20:23 - 00032768 _____ () C:\Windows\SysWOW64\persistent_q.db-shm 2015-03-11 20:23 - 2015-03-11 20:23 - 00003176 _____ () C:\Windows\SysWOW64\persistent_q.db-wal 2015-03-11 20:23 - 2015-03-11 20:23 - 00001024 _____ () C:\Windows\SysWOW64\persistent_q.db 2015-03-11 15:12 - 2015-03-11 15:12 - 02367242 _____ () C:\Users\Zeeh\Desktop\froogle.txt 2015-03-11 08:17 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-03-11 08:17 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-03-11 08:17 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-11 08:17 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-03-11 08:17 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-03-11 08:17 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-03-11 08:17 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-03-11 08:17 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-03-11 08:17 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-11 08:17 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-03-11 08:17 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-11 08:17 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-03-11 08:17 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-03-11 08:17 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-03-11 08:17 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-03-11 08:17 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-03-11 08:17 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-03-11 08:17 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-03-11 08:17 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-03-11 08:17 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-03-11 08:17 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-11 08:17 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2015-03-11 08:17 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-03-11 08:17 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-03-11 08:17 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-03-11 08:17 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2015-03-11 08:17 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2015-03-11 08:17 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2015-03-11 08:17 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-03-11 08:17 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-03-11 08:17 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2015-03-11 08:17 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-03-11 08:17 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-03-11 08:17 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2015-03-11 08:17 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2015-03-11 08:17 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2015-03-11 08:17 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2015-03-11 08:17 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2015-03-11 08:17 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2015-03-11 08:17 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2015-03-11 08:17 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-03-11 08:17 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-03-11 08:17 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-03-11 08:16 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-11 08:16 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll 2015-03-11 08:15 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-03-11 08:15 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-03-11 08:15 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-03-11 08:15 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-11 08:15 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-03-11 08:15 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-03-11 08:15 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-03-11 08:15 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-03-11 08:15 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-03-11 08:15 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-03-11 08:15 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-03-11 08:15 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-03-11 08:15 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-03-11 08:15 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-03-11 08:15 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-03-11 08:15 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-03-11 08:15 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-03-11 08:15 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-03-11 08:15 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-03-11 08:15 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-03-11 08:15 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-03-11 08:15 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-03-11 08:15 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-11 08:15 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-11 08:15 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-03-11 08:15 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-11 08:15 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-03-11 08:15 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-03-11 08:15 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-03-11 08:15 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-03-11 08:15 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-11 08:15 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-03-11 08:15 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-11 08:15 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-03-11 08:15 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-03-11 08:15 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-11 08:15 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-03-11 08:15 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-11 08:15 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-11 08:15 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-11 08:15 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-03-11 08:15 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-11 08:15 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-11 08:15 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-03-11 08:15 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-03-11 08:15 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-11 08:15 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-03-11 08:15 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-03-11 08:15 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-11 08:15 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-03-11 08:15 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-03-11 08:15 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-03-11 08:15 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-03-11 08:15 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-03-11 08:15 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-03-11 08:15 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-11 08:15 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-03-11 08:15 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-03-11 08:15 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-03-11 08:15 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-03-11 08:15 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-03-11 08:15 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-03-11 08:15 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-11 08:15 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-03-11 08:15 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-03-11 08:15 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-11 08:15 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-11 08:15 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-03-11 08:15 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-03-11 08:15 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-03-11 08:15 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-11 08:15 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-03-11 08:15 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-03-11 08:15 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-03-11 08:15 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-11 08:15 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-11 08:15 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-03-11 08:15 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-03-11 08:15 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-03-11 08:15 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-03-11 08:15 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-11 08:15 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-11 08:15 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2015-03-11 08:15 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-11 08:15 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-03-11 08:15 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-03-11 08:15 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-11 08:15 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-03-08 16:25 - 2015-03-08 16:25 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-03-08 16:24 - 2015-03-08 16:24 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Zeeh\Downloads\revosetup95.exe 2015-03-08 16:20 - 2015-03-22 16:56 - 00022383 _____ () C:\Users\Zeeh\Downloads\FRST.txt 2015-03-08 16:19 - 2015-03-22 16:55 - 00000000 ____D () C:\FRST 2015-03-08 16:19 - 2015-03-08 16:19 - 02095104 _____ (Farbar) C:\Users\Zeeh\Downloads\FRST64.exe 2015-03-07 22:41 - 2015-03-07 22:41 - 00093359 _____ () C:\Users\Zeeh\Downloads\Invoice_Jan-16-15_Feb-15-15.csv 2015-03-06 17:33 - 2015-03-19 16:54 - 00000000 ____D () C:\AdwCleaner 2015-03-02 11:58 - 2015-03-02 11:58 - 00029696 _____ () C:\Users\Zeeh\Documents\froogle.xls 2015-03-01 13:15 - 2015-03-21 10:51 - 00017842 _____ () C:\Users\Zeeh\Desktop\Artesano-Wollliste.xlsx 2015-03-01 13:15 - 2015-03-02 12:01 - 00018899 _____ () C:\Users\Zeeh\Documents\Artesano-Wollliste.xlsx 2015-02-26 07:40 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll 2015-02-26 07:40 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-02-26 07:40 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll 2015-02-26 07:40 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll 2015-02-26 07:36 - 2015-02-26 07:38 - 00000000 ____D () C:\Program Files (x86)\Bookmark Search 2015-02-25 19:50 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls 2015-02-25 19:50 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-22 16:31 - 2015-01-20 14:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-22 16:12 - 2010-08-10 22:48 - 01944704 _____ () C:\Windows\WindowsUpdate.log 2015-03-22 16:12 - 2009-07-14 05:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-22 16:12 - 2009-07-14 05:45 - 00019056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-22 16:06 - 2011-03-09 08:42 - 00000000 ____D () C:\Users\Zeeh\AppData\Local\Deployment 2015-03-22 16:04 - 2015-01-23 08:57 - 00006339 _____ () C:\Windows\setupact.log 2015-03-22 16:04 - 2015-01-23 08:56 - 00029812 _____ () C:\Windows\PFRO.log 2015-03-22 16:04 - 2011-01-01 17:18 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-03-22 16:04 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-22 15:53 - 2010-12-31 14:04 - 00000000 ____D () C:\Users\Zeeh\AppData\Local\Adobe 2015-03-22 15:50 - 2010-08-10 23:10 - 00000000 ____D () C:\ProgramData\Adobe 2015-03-22 15:50 - 2010-08-10 23:10 - 00000000 ____D () C:\Program Files (x86)\Adobe 2015-03-22 15:37 - 2013-11-25 07:47 - 00000000 ____D () C:\ProgramData\Oracle 2015-03-22 15:37 - 2013-11-25 07:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-03-22 15:37 - 2011-01-05 09:47 - 00000000 ____D () C:\Program Files\Java 2015-03-22 15:24 - 2011-01-03 04:41 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1B35FCC2-2D8D-4E4D-A77B-606E14FE5BEB} 2015-03-21 19:19 - 2015-02-16 08:35 - 00000000 ____D () C:\Users\Zeeh\Documents\DHL-Reklamationen 2015-03-21 19:19 - 2010-12-30 23:10 - 00000000 ____D () C:\Users\Zeeh\AppData\Roaming\SoftGrid Client 2015-03-21 11:12 - 2010-12-31 14:43 - 00000000 ____D () C:\ProgramData\Lexware 2015-03-20 08:11 - 2014-01-14 14:21 - 00258108 _____ () C:\Users\Zeeh\Desktop\Bestandsliste Perfect Petzzz.xlsx 2015-03-20 07:47 - 2013-05-10 16:31 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine SUN 2015-03-19 16:52 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-03-19 16:38 - 2010-08-10 23:45 - 00001754 _____ () C:\Windows\system32\ServiceFilter.ini 2015-03-19 16:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2015-03-19 10:44 - 2013-11-06 14:20 - 00036547 _____ () C:\Users\Zeeh\Desktop\Bestellformular Beleduc.xlsx 2015-03-18 16:37 - 2011-03-09 08:42 - 00000000 ____D () C:\Users\Zeeh\AppData\Local\Apps\2.0 2015-03-18 16:29 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-03-18 07:46 - 2015-01-23 08:59 - 00088895 _____ () C:\Windows\avmacc.log 2015-03-17 19:33 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media 2015-03-17 09:05 - 2011-01-01 14:23 - 00045056 _____ () C:\Windows\system32\acovcnt.exe 2015-03-16 16:25 - 2013-12-08 08:49 - 00017082 _____ () C:\Users\Zeeh\Desktop\monatliche Kosten.xlsx 2015-03-16 14:36 - 2014-05-26 10:47 - 00015663 _____ () C:\Users\Zeeh\Desktop\Bestellschein PerfectPetzzz EUR.xlsx 2015-03-16 07:42 - 2013-06-03 08:47 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine Uniwood 2015-03-16 07:41 - 2013-07-19 08:51 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine Kaden 2015-03-13 11:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2015-03-12 19:17 - 2010-08-10 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-03-12 19:17 - 2010-08-10 23:12 - 00000000 ____D () C:\Program Files (x86)\Google 2015-03-12 15:52 - 2010-12-30 22:33 - 00000000 ____D () C:\Users\Zeeh\AppData\Local\Google 2015-03-12 11:55 - 2010-08-10 23:45 - 00002476 _____ () C:\Windows\system32\AutoRunFilter.ini 2015-03-12 11:49 - 2010-08-10 23:09 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-03-12 11:22 - 2010-12-31 14:44 - 00000000 ____D () C:\Program Files (x86)\lexware 2015-03-12 11:22 - 2010-12-31 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware 2015-03-12 11:15 - 2010-08-10 23:08 - 00000000 ____D () C:\ProgramData\CyberLink 2015-03-12 10:42 - 2010-08-10 23:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility 2015-03-12 10:42 - 2010-08-10 23:13 - 00000000 ____D () C:\Program Files (x86)\ASUS 2015-03-12 08:31 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-03-12 08:29 - 2015-01-23 08:56 - 00307104 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-12 08:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2015-03-12 08:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism 2015-03-11 20:17 - 2013-07-14 10:08 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-11 20:01 - 2011-01-09 17:52 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-11 07:55 - 2014-08-20 18:04 - 00819896 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2015-03-10 10:31 - 2009-08-04 10:51 - 00715658 _____ () C:\Windows\system32\perfh007.dat 2015-03-10 10:31 - 2009-08-04 10:51 - 00156312 _____ () C:\Windows\system32\perfc007.dat 2015-03-10 10:31 - 2009-07-14 06:13 - 01660372 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-10 10:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-03-08 16:40 - 2012-04-29 20:52 - 00000000 ____D () C:\Program Files (x86)\CEWE COLOR 2015-03-06 17:36 - 2011-01-01 15:11 - 00000000 ____D () C:\Windows\system32\log 2015-03-04 17:29 - 2015-01-22 11:05 - 00012247 _____ () C:\Users\Zeeh\Documents\Antje-Lohn.xlsx 2015-02-26 08:49 - 2011-01-01 17:17 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-02-26 08:30 - 2013-05-10 16:33 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine Rülke 2015-02-25 07:49 - 2013-05-10 16:33 - 00000000 ____D () C:\Users\Zeeh\Documents\Lieferscheine SINA 2015-02-24 17:15 - 2013-03-16 21:20 - 00000000 ____D () C:\Users\Zeeh\Desktop\Bilder 2015-02-23 17:41 - 2011-05-20 21:20 - 00068744 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT 2015-02-23 13:47 - 2011-03-05 18:38 - 00017150 _____ () C:\Users\Zeeh\Documents\Darlehen.xlsx 2015-02-23 12:06 - 2011-02-14 08:52 - 00000000 __RSD () C:\Users\Zeeh\Documents\My Stationery ==================== Files in the root of some directories ======= 2015-02-06 09:17 - 2015-02-06 09:17 - 0000020 _____ () C:\Users\Zeeh\AppData\Roaming\appdataFr3.bin 2012-12-30 13:11 - 2012-12-30 13:11 - 0017408 _____ () C:\Users\Zeeh\AppData\Local\WebpageIcons.db 2010-08-10 23:16 - 2009-12-24 13:38 - 0131368 _____ () C:\ProgramData\FullRemove.exe 2010-08-10 23:09 - 2010-08-10 23:10 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2010-08-10 23:09 - 2010-08-10 23:09 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-15 11:04 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015 Ran by Zeeh at 2015-03-22 16:57:14 Running from C:\Users\Zeeh\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Acronis*True*Image*Home 2011 (HKLM-x32\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6696 - Acronis) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.) Adobe Flash Player 14 ActiveX (HKLM-x32\...\{1F5E5F2E-5E61-431D-B796-58CCC6B68E28}) (Version: 14.0.0.125 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.8 - ASUS) ASUS AP Bank (HKLM-x32\...\ASUS AP Bank_is1) (Version: 1.0.0.0 - ASUSTEK) ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS) ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS) ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.27 - ASUS) ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0007 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS) ASUS USB2.0 UVC VGA WebCam (HKLM\...\ASUS USB2.0 UVC VGA WebCam) (Version: 5.8.53120.202 - Sonix) ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus) ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.) ATI Catalyst Install Manager (HKLM\...\{80AB4395-42E3-D0B3-A310-6F0A6BD9709B}) (Version: 3.0.750.0 - ATI Technologies, Inc.) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0001 - ASUS) Body Balance Comfort Select Software (HKLM-x32\...\{74B92B80-C11A-4DD0-884C-A532B788C2D4}) (Version: 1.0.0 - Leifheit AG) Boingo Wi-Fi (HKLM-x32\...\{B653A2EC-D816-4498-A4FD-651047AB9DC9}) (Version: 1.7.0048 - Boingo Wireless, Inc.) Brother MFL-Pro Suite DCP-9055CDN (HKLM-x32\...\{979742CC-2CBB-49D8-9BEE-C2F7875F5393}) (Version: 1.1.5.0 - Brother Industries, Ltd.) ccc-core-static (x32 Version: 2009.1111.1543.28169 - ATI) Hidden Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS) DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden ETDWare PS/2-x64 7.0.5.9_WHQL (HKLM\...\Elantech) (Version: - ) Express Rip (HKLM-x32\...\ExpressRip) (Version: 1.94 - NCH Software) Fahrtenbuch.net 1.5.12 (HKLM-x32\...\Fahrtenbuch.net_is1) (Version: - COMputer.INTernet.SOftware Tobias Schiek) Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS) FileZilla Client 3.2.7.1 (HKLM-x32\...\FileZilla Client) (Version: 3.2.7.1 - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.) Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6259.0 - IDT) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation) Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel) Internet Manager (HKLM-x32\...\Internet Manager) (Version: 22.001.18.76.55 - Huawei Technologies Co.,Ltd) Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation) Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden K_Series_ScreenSaver_EN (HKLM-x32\...\K_Series_ScreenSaver_EN) (Version: - ) Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden Lexware Abschreibungsrechner (x32 Version: 14.00.00.0004 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware büro easy 2015 (x32 Version: 28.02.00.0197 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware büro easy plus 2015 (HKLM-x32\...\{3eadd447-88bd-45e6-8410-0b31dcad2556}) (Version: 28.0.0.132 - Haufe-Lexware GmbH & Co.KG) Lexware Elster (x32 Version: 15.00.00.0056 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Info Service (x32 Version: 5.00.00.0044 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Installations Dienst (x32 Version: 4.00.00.0008 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware online banking (x32 Version: 22.02.00.0040 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware PDF-Export 5 (x32 Version: 5.00.00.0005 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Sepa Check (x32 Version: 1.00.00.0003 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Zeiterfassung (x32 Version: 28.00.00.0003 - Haufe-Lexware GmbH & Co.KG) Hidden Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech) Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.285.6 - McAfee, Inc.) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{7C39E0D1-E138-42B1-B083-213EC2CF7692}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation) Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA) PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge) QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Samsung Networking Wizard (HKLM-x32\...\{0C485220-4029-48E7-9F27-965DA4A78D5E}) (Version: 1.1.11052.2 - Samsung Electronics Co., Ltd. ) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2000.0 - SAMSUNG Electronics Co., Ltd.) Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Hidden SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) SolidWorks eDrawings 2011 (HKLM-x32\...\{9402DAC1-447E-49C9-979D-BD5838E709D7}) (Version: 11.4.113 - Dassault Systèmes SolidWorks Corp.) syncables desktop SE (HKLM-x32\...\{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}) (Version: 5.5.615.9518 - syncables) Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.) Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM-x32\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.5000.00 - Microsoft Corporation) Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies) Windows Live Anmelde-Assistent (HKLM-x32\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation) Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS) Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 12-03-2015 11:21:47 Konfiguriert Lexware reisekosten 2009 12-03-2015 11:23:13 Revo Uninstaller's restore point - Mozilla Firefox 36.0.1 (x86 de) 12-03-2015 11:27:02 Revo Uninstaller's restore point - Mozilla Firefox 36.0.1 (x86 de) 12-03-2015 11:48:31 Entfernt DELISprint 12-03-2015 11:52:20 Removed RENESIS® Player Browser Plugins 13-03-2015 16:19:53 TuneUp Utilities 2014 wird installiert 13-03-2015 16:20:57 TuneUp Utilities 2014 (de-DE) wird entfernt 17-03-2015 19:28:27 Malwarebytes Anti-Rootkit Restore Point 22-03-2015 16:12:30 Revo Uninstaller's restore point - Mozilla Firefox 36.0.1 (x86 de) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2015-03-18 16:29 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {342CD102-1DE5-49AE-A53A-D33ABD85E7BC} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK) Task: {3A775123-7BDC-4E16-A8B7-6845A96A4083} - System32\Tasks\{1EDF6135-BB20-413E-8288-BC728394B876} => pcalua.exe -a E:\LxSetup.exe -d E:\ Task: {40721C3F-0996-4274-98ED-E888934C6B43} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-12] (Google Inc.) Task: {429C9858-F46A-408D-87D6-64BC0F0C99B0} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-11-24] () Task: {474683AA-2C5B-46A0-9C72-919F9FB1CBE7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-12] (Google Inc.) Task: {661E3F48-5794-4F49-9DDE-351E8CF265E6} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-05-18] (ASUS) Task: {89E5C935-498B-489D-801A-3E66D5249F0A} - System32\Tasks\SQAKP => C:\ProgramData\9a57dd4bfbdc41d9a41d3b8b62f45107\9a57dd4bfbdc41d9a41d3b8b62f45107.exe Task: {8EAA276A-C2F3-409E-8546-11C58E4FA00B} - System32\Tasks\{01B8A7C3-9EE9-4DFA-80E2-0171A0BB415D} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2013-07-23] (Microsoft Corporation) Task: {8F20AF64-5623-47D4-84BD-6771C9B8432C} - System32\Tasks\{1EC1DF85-2F18-4E6E-98F2-7C1D92E46BBA} => pcalua.exe -a F:\aomwin200ea24.exe -d F:\ Task: {9C50DFC0-DC4F-4E99-B900-E921C5344D29} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {A3D57154-76E9-41EB-B88A-431B82727931} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {C2301F3D-2E4A-4C92-AF9D-A1600BCC6EA2} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-12-24] (ATK) Task: {EBA787D0-3184-4EAB-9004-F21185C8620B} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] () Task: {ECA98A70-61E5-4054-8BC5-BBC2BB7E9950} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated) Task: {F4080C3B-FFD2-4ACA-852D-23B954EBF2C3} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-05] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2011-03-14 16:27 - 2011-03-14 16:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe 2014-08-18 19:25 - 2013-02-05 08:24 - 00671744 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe 2014-08-18 19:29 - 2013-02-05 08:25 - 01541120 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\LiveUpd.exe 2008-10-01 07:02 - 2008-10-01 07:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll 2009-11-24 21:45 - 2009-11-24 21:45 - 00053888 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe 2009-12-23 21:12 - 2009-12-23 21:12 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll 2009-12-19 03:11 - 2009-12-19 03:11 - 00033280 _____ () C:\Program Files\P4G\OvrClk.dll 2010-08-10 23:46 - 2007-11-30 19:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe 2010-01-05 01:43 - 2010-01-05 01:43 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe 2010-03-16 02:48 - 2010-03-16 02:48 - 01754448 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe 2008-10-23 18:21 - 2008-10-23 18:21 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2010-08-10 23:32 - 2010-08-10 23:32 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2010-03-16 02:48 - 2010-03-16 02:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll 2010-08-10 23:13 - 2010-08-10 23:13 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll 2010-08-10 23:13 - 2010-08-10 23:13 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll 2015-03-22 14:45 - 2015-03-14 11:02 - 01530184 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll 2015-03-22 14:45 - 2015-03-14 11:02 - 00091976 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll 2015-03-22 14:45 - 2015-03-14 11:02 - 11266888 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll 2014-08-30 17:12 - 2014-08-30 17:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll 2014-08-18 19:25 - 2009-01-10 11:32 - 00011362 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\mingwm10.dll 2014-08-18 19:25 - 2009-06-22 19:42 - 00043008 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\libgcc_s_dw2-1.dll 2014-08-18 19:25 - 2012-10-31 10:11 - 02417152 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtCore4.dll 2014-08-18 19:25 - 2012-10-31 10:14 - 01148416 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtNetwork4.dll 2014-08-18 19:25 - 2012-10-31 10:33 - 09562624 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\QtGui4.dll 2014-08-18 19:29 - 2012-10-31 12:14 - 00082944 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\plugins\imageformats\qgif4.dll 2014-08-18 19:29 - 2012-10-31 12:16 - 00081920 _____ () C:\ProgramData\Internet Manager\OnlineUpdate\plugins\imageformats\qico4.dll 2011-02-01 20:52 - 2011-02-01 20:52 - 11195512 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll 2014-09-11 14:09 - 2014-09-11 14:09 - 00176168 _____ () C:\Program Files (x86)\lexware\Update Manager\Haufe.Core.Diagnostics.Logging.Targets.Etw.dll 2014-09-11 14:09 - 2014-09-11 14:09 - 00043048 _____ () C:\Program Files (x86)\lexware\Update Manager\Haufe.Core.Diagnostics.Etw.dll 2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:63F29B08 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1571306010-3709694829-1092883663-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: SearchSettings => "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" ==================== Accounts: ============================= Administrator (S-1-5-21-1571306010-3709694829-1092883663-500 - Administrator - Disabled) Gast (S-1-5-21-1571306010-3709694829-1092883663-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1571306010-3709694829-1092883663-1009 - Limited - Enabled) Zeeh (S-1-5-21-1571306010-3709694829-1092883663-1000 - Administrator - Enabled) => C:\Users\Zeeh ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (03/22/2015 03:59:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.1.5542, Zeitstempel: 0x54f851c0 Name des fehlerhaften Moduls: mozalloc.dll, Version: 36.0.1.5542, Zeitstempel: 0x54f8437e Ausnahmecode: 0x80000003 Fehleroffset: 0x00001e02 ID des fehlerhaften Prozesses: 0x1188 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (03/22/2015 03:59:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.1.5542, Zeitstempel: 0x54f851c0 Name des fehlerhaften Moduls: mozalloc.dll, Version: 36.0.1.5542, Zeitstempel: 0x54f8437e Ausnahmecode: 0x80000003 Fehleroffset: 0x00001e02 ID des fehlerhaften Prozesses: 0x119c Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (03/22/2015 03:59:05 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.1.5542, Zeitstempel: 0x54f851c0 Name des fehlerhaften Moduls: mozalloc.dll, Version: 36.0.1.5542, Zeitstempel: 0x54f8437e Ausnahmecode: 0x80000003 Fehleroffset: 0x00001e02 ID des fehlerhaften Prozesses: 0x1de4 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Error: (03/21/2015 09:09:21 AM) (Source: SideBySide) (EventID: 63) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error: (03/20/2015 10:56:58 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (03/20/2015 09:40:20 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (03/20/2015 09:40:17 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (03/20/2015 09:40:06 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors: ============= Error: (03/22/2015 04:05:38 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (03/22/2015 04:04:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (03/22/2015 04:04:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Internet Manager. OUC erreicht. Error: (03/22/2015 03:22:59 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "Gemeinsame Nutzung der Internetverbindung" wurde nicht richtig gestartet. Error: (03/22/2015 03:20:33 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (03/22/2015 03:20:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Lexware Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (03/22/2015 03:20:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Lexware Update Service erreicht. Error: (03/22/2015 03:19:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (03/22/2015 03:19:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Internet Manager. OUC erreicht. Error: (03/22/2015 03:19:01 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 22.03.2015 um 15:10:36 unerwartet heruntergefahren. Microsoft Office Sessions: ========================= Error: (03/22/2015 03:59:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe36.0.1.554254f851c0mozalloc.dll36.0.1.554254f8437e8000000300001e02118801d064ae8f101c3cC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll034dae8e-d0a4-11e4-8ca8-20cf3034dee3 Error: (03/22/2015 03:59:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe36.0.1.554254f851c0mozalloc.dll36.0.1.554254f8437e8000000300001e02119c01d064ae8ec65194C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll034d877e-d0a4-11e4-8ca8-20cf3034dee3 Error: (03/22/2015 03:59:05 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe36.0.1.554254f851c0mozalloc.dll36.0.1.554254f8437e8000000300001e021de401d064ae8d95a170C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllfb4743f2-d0a3-11e4-8ca8-20cf3034dee3 Error: (03/21/2015 09:09:21 AM) (Source: SideBySide) (EventID: 63) (User: ) Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3 Error: (03/20/2015 10:56:58 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (03/20/2015 09:40:20 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Zeeh\Desktop\esetsmartinstaller_deu.exe Error: (03/20/2015 09:40:17 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Zeeh\Desktop\esetsmartinstaller_deu.exe Error: (03/20/2015 09:40:06 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Zeeh\Desktop\esetsmartinstaller_deu.exe ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5 CPU M 450 @ 2.40GHz Percentage of memory in use: 50% Total physical RAM: 3948.54 MB Available physical RAM: 1938.91 MB Total Pagefile: 9946.73 MB Available Pagefile: 7054.26 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:149.04 GB) (Free:94.41 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (DATA) (Fixed) (Total:427.59 GB) (Free:427.23 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: E0C5913D) Partition 1: (Not Active) - (Size=19.5 GB) - (Type=1C) Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=427.6 GB) - (Type=OF Extended) ==================== End Of Log ============================ Es funktioniert jetzt erstmal alles wieder. Ich hoffe es bleibt so. Vielen Dank für die Hilfe. |
Themen zu bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt |
deinstallieren, fehlercode 0x80000003, fehlercode 0xc0000005, fraudtool.yac, pup.optional.cleanbrowser.a, pup.optional.colormedia.a, pup.optional.multiplug, pup.optional.shopperz.a, pup.optional.spigot.a, pup.optional.winsock.hijack, pup.optional.zombieinvasion.a, pup.optional.zombienews.a, rogue.multiple, this device cannot start. (code10), ungefragt, werbeseite, win32/adware.multiplug.fl, win32/adware.piccolor.m, win32/elex.bm, win32/toolbar.perion.k, win32/toolbar.widgi, win32/toolbar.widgi.a, win64/adware.multiplug.g, win64/toolbar.widgi.a, win64/toolbar.widgi.b |