| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Internet fasst zum Stillstand verlangsamtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.04.2015, 07:04
| #1 |
 |  Windows 7: Internet fasst zum Stillstand verlangsamt Ein Hallo an alle, ich bin mir nicht sicher, ob ich mir irgendetwas eingefangen habe. Ich will aber ein paar Auffälligkeiten der letzten Zeit schildern. Mit dem Download Accelarator Plus (DAP) habe ich wohl etwas Auffälliges installiert. Malwarebytes hat mich immer wieder auf Tuvaro aufmerksam gemacht. Die Startseite im Firefox sprang immer wieder zurück auf Speedbit + auch Tuvaro tauchte immer wieder auf - egal wie oft ich ihn mit Malwarebytes + AdwCleaner beseitigt habe. Was ist das Problem mit Tuvaro - spioniert er Daten aus? Mit FreeFileSync habe ich mir gestern noch was installiert - irgendwas mit Candy. Ich hoffe, es ist weg, nachdem ich FreeFileSync gleich wieder deinstalliert habe. Aber ansonsten lief das System stabil, so dass ich nicht unbedingt beunruhigt war. Die Probleme fingen an, als ich von Office 2000 auf Office 2007 Professional Plus umgestiegen bin. Eigentlich klappte alles wunderbar. Es wurden sogar ohne Probleme meine E-Mails + Kontakte übernommen, womit ich gar nicht gerechnet hatte. Ich wurde aufgefordert, unglaublich viele Updates zu installieren - ich glaube 50 Stück oder so. Dabei wurden mir auch ein paar neue Programme untergemogelt. Ich war aber so naiv + bin davon ausgegangen, dass alles was mit Windows Update zu tun hat, auch in Ordnung sein muss. So hatte ich dann auf einmal auch Skype auf dem Rechner, Microsoft Office File Validation + noch ein drittes Programm, von dem mir der Name nicht mehr einfällt. Aber selbst danach funktionierte noch alles, bis ich am nächsten Tag meinen Rechner neu gestartet habe. Dann fingen die Probleme an: E-Mails mit HTML-Inhalt schafften es nicht mehr die Bilder anzuzeigen. Es kam irgendeine Meldung, dass die Daten nicht geladen werden können oder so. Leider weiß ich sie nicht mehr. Im Internet war es genauso schlimm. Es dauerte länger als mit einem 56k-Modem die Seiten aufzubauen. Es ging eigentlich gar nicht. Daraufhin habe ich File Validation + das andere Programm deinstalliert. Das brachte aber nicht wirklich was. Dann habe ich den Rechner auf ein paar Tage zurück wiederhergestellt + anschließend nicht alle Windows Updates installiert. Komischerweise wollte er aber auch nur noch 30 installieren + nicht so 50 wie vorher. Danach läuft Outlook wieder gut, aber das Internet geht immer noch nicht. In meinem Admin-Konto habe ich keine Probleme - Internet läuft einwandfrei. In mein Benutzerkonto wollte ich nicht mehr, aber wegen meinem Sohn musste ich noch eine E-Mail abrufen. Dabei habe ich gesehen, dass die Verknüpfung vom Avira EU Cleaner auf dem Desktop auf einmal als Zeichen dargestellt wird, das Windows nicht mehr erkennt. Mit GMER hatte ich Probleme: Es kam immer wieder die Meldung, dass kein Datenträger im Laufwerk liegt + dass ich einen einlegen soll. Ich benutze einen USB-Stick als Arbeitsspeichererweiterung. Den habe ich dann entfernt + auch einfach irgendeine CD eingelegt, aber GMER lief trotzdem nicht weiter. :-( Ich hoffe sehr, dass ihr mir helfen könnt. Wenn ich jetzt ein neues Benutzerkonto auf + das alte schließen würde, könnte ich damit Viren + andere Probleme abschütteln? LG von Daniela Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 02:22 on 04/04/2015 (Admin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015 Ran by Admin (administrator) on DANIELA-PC on 04-04-2015 02:25:21 Running from C:\Users\Admin\Downloads Loaded Profiles: Admin (Available profiles: Daniela & Admin) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaRegistry.exe (Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (IObit) C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe (Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaUI.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BDExtHost.exe (Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BDAppHost.exe (Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BDRuntimeHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_17_0_0_134_ActiveX.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.) HKLM\...\Run: [AMD AVT] => C:\Program Files\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] () HKLM\...\Run: [BingDesktop] => C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-11-01] (Microsoft Corp.) HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM\...\Run: [] => [X] HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2428704 2015-01-20] (IObit) HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\...\Policies\Explorer: [DisallowRun] 1 HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\...\MountPoints2: {ec6b676d-bd97-11e3-acb5-806e6f6e6963} - E:\Setup.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.) BHO: No Name -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-25] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation) BHO: No Name -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> No File BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-25] (Oracle Corporation) BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.) DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubhm5qpi.default FF SelectedSearchEngine: Google FF Homepage: about:home FF Keyword.URL: hxxp://google.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-25] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-25] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-25] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll [2013-12-13] (Nullsoft, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-10-24] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-10-24] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-10-24] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-10-24] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-10-24] (Apple Inc.) FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubhm5qpi.default\searchplugins\search_engine.xml [2014-07-14] FF Extension: Amazon-Icon - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubhm5qpi.default\Extensions\amazon-icon@giga.de [2014-06-07] FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubhm5qpi.default\Extensions\iobitascsurfingprotection@iobit.com [2015-03-25] FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-04-08] FF HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Admin\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-06-07] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit) R2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-11-01] (Microsoft Corp.) R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [370792 2010-01-21] () R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed] S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed] R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation) R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [167528 2010-01-21] () R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed] R2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [372736 2012-01-13] (Ralink Technology, Corp.) [File not signed] S3 RaMediaServer; C:\Program Files\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 cpuz137; C:\Program Files\CPUID\PC Wizard 2013\pcwiz_x32.sys [26856 2014-02-17] (CPUID) R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2015-03-17] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-04] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation) S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1308736 2012-03-02] (Ralink Technology Corp.) R3 Ph6xIB32; C:\Windows\System32\DRIVERS\Ph6xIB32.sys [1277952 2009-07-14] (NXP Semiconductors GmbH) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2013-07-01] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2013-07-01] () ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-04 02:25 - 2015-04-04 02:25 - 00014045 _____ () C:\Users\Admin\Downloads\FRST.txt 2015-04-04 02:25 - 2015-04-04 02:25 - 00000000 ____D () C:\FRST 2015-04-04 02:24 - 2015-04-04 02:24 - 01135104 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe 2015-04-04 02:22 - 2015-04-04 02:23 - 00000472 _____ () C:\Users\Admin\Downloads\defogger_disable.log 2015-04-04 02:22 - 2015-04-04 02:22 - 00000000 _____ () C:\Users\Admin\defogger_reenable 2015-04-04 02:21 - 2015-04-04 02:21 - 00050477 _____ () C:\Users\Admin\Downloads\Defogger.exe 2015-04-04 02:07 - 2015-04-04 02:07 - 00109664 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2015-04-04 02:05 - 2015-04-04 02:05 - 00411880 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-04-04 02:05 - 2015-04-04 02:05 - 00000056 _____ () C:\Windows\setupact.log 2015-04-04 02:05 - 2015-04-04 02:05 - 00000000 _____ () C:\Windows\setuperr.log 2015-04-04 02:04 - 2015-04-04 02:04 - 00003608 ____N () C:\bootsqm.dat 2015-04-03 14:16 - 2015-03-14 03:58 - 02171392 _____ () C:\Users\Daniela\Downloads\adwcleaner_4.112.exe 2015-04-03 14:16 - 2014-04-07 19:23 - 27560794 _____ () C:\Users\Daniela\Downloads\ar11lite_11.0.0.379_deu Vorsicht.exe 2015-04-03 14:16 - 2013-10-16 18:55 - 29040552 _____ (Oracle Corporation) C:\Users\Daniela\Downloads\jre-7u45-windows-i586.exe 2015-04-03 14:16 - 2013-09-27 01:26 - 29036456 _____ (Oracle Corporation) C:\Users\Daniela\Downloads\jre-7u40-windows-i586.exe 2015-04-03 14:16 - 2013-09-15 23:28 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Daniela\Downloads\mbam-clean-1.60.2.0003.exe 2015-04-03 14:16 - 2013-09-05 01:04 - 31714728 _____ (Oracle Corporation) C:\Users\Daniela\Downloads\jre-7u25-windows-i586.exe 2015-04-03 14:16 - 2013-07-10 18:13 - 03866624 _____ (Microsoft Corporation) C:\Users\Daniela\Downloads\FreePDF4.08.EXE 2015-04-03 14:16 - 2013-01-18 14:23 - 27291400 _____ () C:\Users\Daniela\Downloads\arxlite_deu (2).exe 2015-04-03 14:16 - 2012-12-08 03:06 - 16979960 _____ (Sun Microsystems, Inc.) C:\Users\Daniela\Downloads\jre-6u37-windows-i586.exe 2015-04-03 14:16 - 2012-10-03 03:57 - 27291400 _____ () C:\Users\Daniela\Downloads\arxlite_deu (1).exe 2015-04-03 13:55 - 2015-04-03 14:01 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DirSync 2015-04-01 04:47 - 2015-04-04 02:21 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-01 04:47 - 2015-04-01 04:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-04-01 04:47 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-04-01 04:47 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-04-01 04:47 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-04-01 04:00 - 2015-04-01 04:00 - 00002560 _____ () C:\Windows\_MSRSTRT.EXE 2015-04-01 03:29 - 2015-04-01 03:30 - 02208768 _____ () C:\Users\Daniela\Downloads\AdwCleaner 4.200.exe 2015-03-31 09:33 - 2015-03-31 09:33 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2015-03-29 11:57 - 2015-03-31 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in 2015-03-29 11:57 - 2015-03-29 11:57 - 00000000 ____D () C:\Program Files\Microsoft CAPICOM 2.1.0.2 2015-03-29 11:52 - 2015-03-29 11:52 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help 2015-03-29 11:52 - 2015-03-29 11:52 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help 2015-03-29 11:09 - 2015-03-29 11:09 - 00000000 ____D () C:\Users\Daniela\AppData\Local\Microsoft Help 2015-03-29 10:57 - 2015-03-29 10:57 - 00002639 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Neues Microsoft Office-Dokument.lnk 2015-03-29 10:57 - 2015-03-29 10:57 - 00002639 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Microsoft Office-Dokument öffnen.lnk 2015-03-29 10:57 - 2015-03-29 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2015-03-29 10:57 - 2009-02-26 19:18 - 00029552 _____ (Microsoft Corporation) C:\Windows\system32\mdimon.dll 2015-03-29 10:54 - 2015-03-29 11:51 - 00000000 ____D () C:\Program Files\Microsoft Works 2015-03-29 10:48 - 2015-03-29 11:00 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8 2015-03-29 10:48 - 2015-03-29 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005 2015-03-29 10:48 - 2015-03-29 10:48 - 00000000 ____D () C:\IDE 2015-03-29 10:47 - 2015-03-31 09:41 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-29 10:47 - 2015-03-29 10:47 - 00000000 ____D () C:\Users\Admin\AppData\Local\Microsoft Help 2015-03-29 10:46 - 2015-03-29 10:46 - 00000000 __RHD () C:\MSOCache 2015-03-29 10:41 - 2015-03-29 10:35 - 1122369536 _____ () C:\Users\Daniela\outlook.pst 2015-03-29 05:15 - 2015-03-29 10:43 - 00000000 ____D () C:\Users\Daniela\Downloads\Microsoft Office 2007 Professional Plus 2015-03-29 03:26 - 2015-03-29 03:26 - 00000000 ____D () C:\Users\Daniela\AppData\Local\Sun 2015-03-28 07:35 - 2015-03-31 09:04 - 00000000 ___SD () C:\Windows\system32\GWX 2015-03-27 04:05 - 2015-03-27 04:15 - 492980834 _____ () C:\Users\Daniela\Downloads\MSO2007P.exe 2015-03-25 06:12 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-03-25 06:02 - 2015-03-31 09:04 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\ProductData 2015-03-25 06:02 - 2015-03-25 06:02 - 00000000 ____D () C:\Users\Default\AppData\Roaming\IObit 2015-03-25 06:02 - 2015-03-25 06:02 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\IObit 2015-03-25 05:37 - 2015-03-25 05:37 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\IObit 2015-03-25 05:27 - 2015-03-25 05:28 - 40909304 _____ () C:\Users\Daniela\Downloads\Firefox Setup 36.0.4.exe 2015-03-25 05:23 - 2015-03-25 05:24 - 37064104 _____ (Oracle Corporation) C:\Users\Daniela\Downloads\jre-8u40-windows-i586.exe 2015-03-25 04:12 - 2015-04-03 15:25 - 58048512 _____ () C:\Windows\system32\config\SOFTWARE.iobit 2015-03-25 04:12 - 2015-04-03 15:25 - 34934784 _____ () C:\Windows\system32\config\components.iobit 2015-03-25 04:12 - 2015-04-03 15:25 - 00360448 _____ () C:\Windows\system32\config\DEFAULT.iobit 2015-03-25 04:12 - 2015-04-03 15:25 - 00098304 _____ () C:\Windows\system32\config\SAM.iobit 2015-03-25 04:12 - 2015-04-03 15:25 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iobit 2015-03-25 03:03 - 2015-03-25 03:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype 2015-03-25 03:03 - 2015-03-25 03:03 - 00000000 ____D () C:\Users\Admin\AppData\Local\Skype 2015-03-25 03:02 - 2015-03-25 03:02 - 00000000 ___RD () C:\Program Files\Skype 2015-03-25 03:02 - 2015-03-25 03:02 - 00000000 ____D () C:\ProgramData\Skype 2015-03-25 03:02 - 2015-03-25 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-03-25 03:02 - 2015-03-25 03:02 - 00000000 ____D () C:\Program Files\Common Files\Skype 2015-03-25 02:16 - 2015-03-25 02:16 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled 2015-03-25 02:16 - 2015-03-25 02:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8 2015-03-25 02:16 - 2015-03-25 02:16 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} 2015-03-25 02:16 - 2015-03-25 02:16 - 00000000 ____D () C:\Program Files\Common Files\IObit 2015-03-25 02:15 - 2015-03-31 09:04 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ProductData 2015-03-25 02:14 - 2015-04-01 02:49 - 00000000 ____D () C:\ProgramData\ProductData 2015-03-25 02:14 - 2015-03-25 02:16 - 00000000 ____D () C:\ProgramData\IObit 2015-03-25 02:14 - 2015-03-25 02:16 - 00000000 ____D () C:\Program Files\IObit 2015-03-25 02:14 - 2015-03-25 02:15 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\IObit 2015-03-25 02:14 - 2015-03-25 02:14 - 00000000 ____D () C:\Users\Admin\AppData\IObit 2015-03-25 01:58 - 2015-03-11 05:30 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-03-25 01:58 - 2015-03-11 05:30 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-03-25 01:58 - 2015-03-11 05:29 - 00818176 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-03-25 01:58 - 2015-03-11 05:29 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-03-25 01:58 - 2015-03-11 05:29 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-03-25 01:58 - 2015-03-11 05:29 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-03-25 01:58 - 2015-03-11 05:29 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-03-25 01:58 - 2015-03-11 05:26 - 00892928 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-03-24 05:01 - 2015-03-24 05:01 - 00000000 ____D () C:\Users\Daniela\Downloads\MSO2007P 2015-03-24 04:50 - 2015-03-24 04:54 - 498949156 _____ () C:\Users\Daniela\Downloads\MSO2007P.zip 2015-03-24 03:01 - 2015-03-24 03:01 - 00000000 ____D () C:\ProgramData\ATI 2015-03-24 01:53 - 2015-03-24 01:53 - 00000000 ____D () C:\Program Files\Microsoft ASP.NET 2015-03-24 01:37 - 2015-03-24 02:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\NVIDIA Corporation 2015-03-24 00:45 - 2015-03-24 00:45 - 00000000 ____D () C:\Program Files\Hewlett-Packard 2015-03-23 22:21 - 2015-03-23 22:21 - 00000000 ____D () C:\Users\Daniela\AppData\Local\NVIDIA Corporation 2015-03-23 05:24 - 2015-03-23 05:24 - 00000000 ____D () C:\Users\Daniela\AppData\Local\NVIDIA 2015-03-23 05:22 - 2015-03-24 04:19 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-03-23 05:20 - 2015-03-24 02:40 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2015-03-19 06:58 - 2015-03-19 06:58 - 00002019 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk 2015-03-19 06:58 - 2015-03-19 06:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer 2015-03-19 06:58 - 2015-03-19 06:58 - 00000000 ____D () C:\Program Files\MyPhoneExplorer 2015-03-19 05:55 - 2015-04-01 04:49 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-03-19 05:55 - 2015-03-19 05:55 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-19 05:52 - 2015-03-19 05:53 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Daniela\Downloads\Malwarebytes 2.0.4.exe 2015-03-19 04:21 - 2015-03-19 04:21 - 00000000 ____D () C:\Users\Admin\AppData\Local\Microsoft Games 2015-03-19 00:56 - 2015-03-19 00:56 - 00000000 ____D () C:\Users\Daniela\Documents\onetouch Manager 2015-03-18 23:49 - 2015-03-19 04:45 - 00000000 ____D () C:\Users\Daniela\Documents\MyPhoneExplorer 2015-03-18 23:25 - 2015-03-19 08:59 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\MyPhoneExplorer 2015-03-18 23:00 - 2015-03-18 23:00 - 07332272 _____ () C:\Users\Daniela\Downloads\MyPhoneExplorer.exe 2015-03-18 22:28 - 2015-03-18 22:28 - 00000000 ____D () C:\Users\Daniela\AppData\Local\{042FA28C-4DB3-4B64-94C0-A384193D060C} 2015-03-16 02:59 - 2015-03-16 04:08 - 00110080 _____ () C:\Users\Daniela\Documents\Lampenwelt Lieferantenliste Ersatzgläser 1.5.xls 2015-03-10 22:29 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-03-10 22:29 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-03-10 22:29 - 2015-01-31 05:33 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-03-10 22:29 - 2015-01-31 05:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2015-03-10 22:29 - 2015-01-31 02:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2015-03-10 22:28 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-10 22:28 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-10 22:28 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-10 22:28 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-10 22:28 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-10 22:28 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-10 22:28 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-10 22:28 - 2015-02-20 04:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-03-10 22:28 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-10 22:28 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-03-10 22:28 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-03-10 22:28 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-10 22:28 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-10 22:28 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-10 22:28 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-03-10 22:28 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-10 22:28 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-03-10 22:28 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-10 22:28 - 2015-02-20 03:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-03-10 22:28 - 2015-02-20 03:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-03-10 22:28 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-03-10 22:28 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-03-10 22:28 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-10 22:28 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-10 22:28 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-10 22:28 - 2015-02-20 03:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-03-10 22:28 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-03-10 22:28 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-10 22:28 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-10 22:28 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-10 22:28 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-10 22:28 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-03-10 22:28 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-10 22:28 - 2015-02-03 05:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-03-10 22:28 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-10 22:28 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-03-10 22:28 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-03-10 22:28 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-03-10 22:28 - 2015-02-03 05:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-03-10 22:28 - 2015-02-03 05:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-03-10 22:28 - 2015-02-03 05:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-03-10 22:28 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2015-03-10 22:28 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-03-10 22:28 - 2015-02-03 05:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-03-10 22:28 - 2015-02-03 05:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2015-03-10 22:28 - 2015-02-03 05:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2015-03-10 22:28 - 2015-02-03 05:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2015-03-10 22:28 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-03-10 22:28 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-03-10 22:28 - 2015-02-03 05:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2015-03-10 22:28 - 2015-02-03 04:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-03-10 22:28 - 2015-01-31 01:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-03-10 22:28 - 2014-11-01 00:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-03-10 22:27 - 2015-03-06 07:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-03-10 22:27 - 2015-03-06 07:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-03-10 22:27 - 2015-03-06 07:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-03-10 22:27 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-03-10 22:27 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-03-10 22:27 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-10 22:27 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-03-10 22:27 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-03-10 22:27 - 2015-03-06 07:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-03-10 22:27 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-03-10 22:27 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-03-10 22:27 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-10 22:27 - 2015-03-06 07:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-03-10 22:27 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-03-10 22:27 - 2015-03-06 07:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-03-10 22:27 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-03-10 22:27 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-03-10 22:27 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-03-10 22:27 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-03-10 22:27 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-10 22:27 - 2015-02-20 06:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-03-10 22:27 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-03-10 22:27 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-10 22:27 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-10 22:27 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-10 22:26 - 2015-02-26 05:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-10 22:26 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-10 22:26 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-09 00:09 - 2015-03-09 00:09 - 00107301 _____ () C:\Users\Admin\Desktop\DANIELA-PC.html 2015-03-08 03:50 - 2015-03-08 03:50 - 01710888 _____ (techPowerUp (www.techpowerup.com)) C:\Users\Daniela\Downloads\GPU+Z.exe 2015-03-08 03:44 - 2015-03-08 03:44 - 01582736 _____ ( ) C:\Users\Daniela\Downloads\CPU+Z.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-04 02:22 - 2014-04-07 01:31 - 00000000 ____D () C:\Users\Admin 2015-04-04 02:13 - 2009-07-14 06:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-04 02:13 - 2009-07-14 06:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-04 02:10 - 2014-04-06 07:33 - 02025148 _____ () C:\Windows\WindowsUpdate.log 2015-04-04 02:05 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-04 00:46 - 2014-05-14 19:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-03 15:19 - 2014-04-08 01:15 - 00000000 ____D () C:\Users\Daniela\Documents\Bewerbungen, Schriftverkehr 2015-04-03 15:09 - 2014-04-06 13:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-04-03 14:16 - 2014-05-26 00:59 - 00000000 ____D () C:\Users\Daniela\Downloads\Alcatel 2015-04-03 13:36 - 2014-04-06 07:44 - 01619272 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-03 12:41 - 2015-01-29 22:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-04-03 12:41 - 2014-04-06 13:08 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-04-02 21:37 - 2014-04-08 01:39 - 00000000 ____D () C:\Users\Daniela\Scans 2015-04-02 01:27 - 2014-04-08 01:17 - 00062464 _____ () C:\Users\Daniela\Documents\Finanzen.xls 2015-04-01 22:54 - 2014-04-08 01:17 - 00272384 _____ () C:\Users\Daniela\Documents\Lampenwelt_Arbeitszeiten.xls 2015-04-01 05:54 - 2015-02-12 04:38 - 00000000 ____D () C:\AdwCleaner 2015-04-01 04:01 - 2015-01-24 04:01 - 00000000 ____D () C:\Program Files\DAP 2015-04-01 04:01 - 2015-01-24 03:59 - 00000000 ____D () C:\Program Files\Common Files\SpeedBit 2015-04-01 03:52 - 2015-01-24 04:01 - 00000000 ____D () C:\ProgramData\TEMP 2015-04-01 03:02 - 2015-01-29 03:52 - 00000000 ____D () C:\Users\Daniela\Downloads\Filme 2015-03-31 09:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\System 2015-03-31 09:26 - 2009-07-14 04:04 - 00000534 _____ () C:\Windows\win.ini 2015-03-31 09:05 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp 2015-03-31 09:04 - 2014-04-06 07:37 - 00000000 ____D () C:\Users\Daniela 2015-03-31 09:04 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration 2015-03-30 00:48 - 2014-04-06 07:55 - 00109664 _____ () C:\Users\Daniela\AppData\Local\GDIPFONTCACHEV1.DAT 2015-03-29 11:52 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-03-29 11:01 - 2009-07-14 10:57 - 00000000 ____D () C:\Windows\ShellNew 2015-03-29 10:54 - 2014-04-26 08:18 - 00000000 ____D () C:\Program Files\Microsoft Office 2015-03-29 10:54 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\MSBuild 2015-03-29 10:52 - 2014-04-06 14:00 - 00000000 ____D () C:\Program Files\Microsoft.NET 2015-03-29 10:52 - 2009-07-14 04:37 - 00000000 __RSD () C:\Windows\Media 2015-03-29 10:52 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Help 2015-03-29 10:51 - 2014-04-26 08:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2015-03-29 10:07 - 2014-04-08 01:42 - 00000000 ____D () C:\Users\Daniela\Ulk 2015-03-29 04:14 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF 2015-03-25 05:30 - 2014-04-07 18:43 - 00000000 ____D () C:\ProgramData\Oracle 2015-03-25 05:25 - 2014-07-27 05:09 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2015-03-25 05:25 - 2014-07-27 05:08 - 00000000 ____D () C:\Program Files\Java 2015-03-25 05:18 - 2014-10-15 04:18 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe 2015-03-25 05:18 - 2014-04-06 14:54 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-03-25 05:18 - 2014-04-06 14:54 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-03-25 04:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-03-25 04:19 - 2014-04-06 08:30 - 00000000 ____D () C:\Windows\Panther 2015-03-25 03:55 - 2014-06-09 14:39 - 00000000 ____D () C:\Windows\Minidump 2015-03-25 03:06 - 2014-12-09 23:46 - 00000000 ____D () C:\Windows\system32\appraiser 2015-03-25 03:06 - 2014-04-23 00:16 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-03-25 02:51 - 2014-11-19 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys 2015-03-25 02:16 - 2014-04-07 18:18 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Apple Computer 2015-03-25 02:03 - 2014-05-20 03:54 - 00000000 ____D () C:\ProgramData\Nokia 2015-03-25 02:03 - 2014-04-13 07:08 - 00000000 ____D () C:\Program Files\Common Files\Nokia 2015-03-25 02:03 - 2014-04-13 06:09 - 00000000 ____D () C:\Program Files\Nokia 2015-03-25 01:48 - 2014-06-20 23:59 - 00000000 ____D () C:\Program Files\Allway Sync 2015-03-25 01:47 - 2014-11-19 23:14 - 00000000 ____D () C:\Program Files\Lavalys 2015-03-25 01:47 - 2014-05-02 20:41 - 00000000 ____D () C:\Windows\pss 2015-03-25 01:47 - 2014-04-08 23:24 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\IrfanView 2015-03-25 01:47 - 2014-04-08 22:47 - 00000000 ____D () C:\ProgramData\HP Product Assistant 2015-03-25 01:47 - 2014-04-08 22:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2015-03-25 01:47 - 2014-04-08 22:42 - 00000000 ____D () C:\Program Files\HP 2015-03-25 01:47 - 2014-04-08 22:40 - 00000000 ____D () C:\ProgramData\HP 2015-03-25 01:47 - 2014-04-06 16:24 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-03-25 01:47 - 2014-04-06 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-03-25 01:47 - 2014-04-06 16:20 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2015-03-25 01:47 - 2014-04-06 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center 2015-03-25 01:47 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\twain_32 2015-03-25 01:47 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\security 2015-03-25 01:46 - 2014-04-08 22:45 - 00000000 ____D () C:\Program Files\Common Files\HP 2015-03-25 01:46 - 2014-04-06 11:58 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies 2015-03-25 01:46 - 2014-04-06 11:58 - 00000000 ____D () C:\Program Files\AMD APP 2015-03-25 01:43 - 2014-04-06 16:19 - 00000000 ____D () C:\NVIDIA 2015-03-25 01:43 - 2014-04-06 11:58 - 00000000 ____D () C:\Program Files\AMD AVT 2015-03-25 01:43 - 2014-04-06 11:55 - 00000000 ____D () C:\Program Files\ATI Technologies 2015-03-25 01:43 - 2014-04-06 11:55 - 00000000 ____D () C:\Program Files\ATI 2015-03-24 03:54 - 2014-04-08 22:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\HP 2015-03-24 03:53 - 2014-04-08 22:41 - 00012575 _____ () C:\ProgramData\hpzinstall.log 2015-03-24 03:49 - 2014-04-12 01:44 - 00000000 ____D () C:\Users\Admin\AppData\Local\HP 2015-03-24 03:00 - 2014-04-06 11:58 - 00000000 ____D () C:\ProgramData\AMD 2015-03-24 02:28 - 2014-08-19 03:59 - 00000000 ____D () C:\Users\Admin\AppData\Local\NokiaAccount 2015-03-24 00:35 - 2014-10-02 02:13 - 00000000 ____D () C:\Users\Daniela\AppData\Local\FreePDF_XP 2015-03-23 01:46 - 2014-04-13 03:41 - 1108410368 _____ () C:\Users\Daniela\outlook_alt.pst 2015-03-19 04:46 - 2014-04-08 23:24 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\IrfanView 2015-03-19 04:45 - 2014-04-06 14:54 - 00000000 ____D () C:\Windows\system32\Macromed 2015-03-19 04:44 - 2014-06-11 02:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Mobile Action 2015-03-19 02:38 - 2014-04-13 06:11 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\PC Suite 2015-03-18 23:35 - 2014-06-21 01:19 - 00000000 ____D () C:\Users\Daniela\Documents\Nokia 2015-03-18 23:35 - 2014-05-25 22:51 - 00000000 ____D () C:\Users\Daniela\Documents\Android Manager 2015-03-18 22:12 - 2014-04-08 01:15 - 00000000 ____D () C:\Users\Daniela\Documents\Eigene Scans 2015-03-10 22:50 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE 2015-03-08 23:52 - 2014-09-14 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID 2015-03-08 23:52 - 2014-09-14 20:43 - 00000000 ____D () C:\Program Files\CPUID 2015-03-08 04:01 - 2014-04-06 12:23 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-08 03:49 - 2014-04-06 12:23 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Files in the root of some directories ======= 2014-08-05 00:03 - 2014-10-07 05:56 - 0128621 _____ () C:\Users\Admin\AppData\Local\ars.cache 2014-08-05 00:04 - 2014-10-07 05:57 - 0367993 _____ () C:\Users\Admin\AppData\Local\census.cache 2014-08-04 18:38 - 2014-08-04 18:38 - 0000036 _____ () C:\Users\Admin\AppData\Local\housecall.guid.cache 2014-04-08 22:41 - 2015-03-24 03:53 - 0012575 _____ () C:\ProgramData\hpzinstall.log Files to move or delete: ==================== C:\Users\Daniela\Registry.reg ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-26 02:56 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Admin at 2015-04-04 02:26:36
Running from C:\Users\Admin\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
4500_G510af_Help (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510af (Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510af_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI Lite - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Advanced SystemCare 8 (HKLM\...\Advanced SystemCare 8_is1) (Version: 8.1.0 - IObit)
Alcatel onetouch Manager (HKLM\...\{C32EDA33-2F6F-0200-0000-000000000000}) (Version: 13.05.2155 - Mobile Action)
AMD Catalyst Install Manager (HKLM\...\{B448BC74-1CB7-7A57-3313-5E075AFB413E}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar (HKLM\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
Bing-Desktop (HKLM\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.347.0 - Microsoft Corporation)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
concept/design online.TiVi (HKLM\...\{2EC5640C-A426-4CFA-8737-656D1FE58128}_is1) (Version: 1.6.0.0 - concept/design GmbH)
concept/design onlineTV 11 (HKLM\...\{8A4C3184-DA2F-4553-BF61-83F5690C3048}_is1) (Version: 11.0.0.0 - concept/design GmbH)
CoolSoft VirtualMIDISynth 1.9.2 (HKLM\...\CoolSoft VirtualMIDISynth) (Version: 1.9.2.0 - CoolSoft)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DirSync 2.96 (HKLM\...\DirSync) (Version: - Stephen Kalisch)
DocMgr (Version: 130.0.000.000 - Ihr Firmenname) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
EGVP (HKLM\...\{EDA192EA-4DA3-416D-965D-65BFDA0E3715}) (Version: 1.5.3.0 - Governikus KG)
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version: - )
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510a-f (HKLM\...\{C98517B6-DCE9-49B7-B19E-E384178D3986}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
hpPrintProjects (Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (Version: 130.0.303.000 - Hewlett-Packard) Hidden
inSSIDer Home (HKLM\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Premium (HKLM\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.0 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
MKV Player 2.1.17 (HKLM\...\MKV Player_is1) (Version: - )
Mozilla Firefox 37.0 (x86 de) (HKLM\...\Mozilla Firefox 37.0 (x86 de)) (Version: 37.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (Version: 7.1.180.94 - Nokia) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM\...\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7325.0 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PC Wizard 2013.2.12 (HKLM\...\PC Wizard 2013_is1) (Version: - CPUID)
PDF reDirect (remove only) (HKLM\...\PDF reDirect) (Version: v2.5.2 - EXP Systems LLC)
PDF24 Creator 6.7.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PixelNet Software 4.14.4 (HKLM\...\PixelNet Software) (Version: 4.14.4 - ORWO Net)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.17.0 - Ralink)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
28-03-2015 07:34:27 Windows Update
29-03-2015 06:34:04 Installed Microsoft Fix it 50848
29-03-2015 10:45:52 Installed Microsoft Office Professional Plus 2007
29-03-2015 11:46:06 Windows Update
29-03-2015 12:06:20 Windows Update
30-03-2015 01:04:48 Windows Update
30-03-2015 02:29:09 Windows Update
31-03-2015 07:17:04 Microsoft Office File Validation Add-In wird entfernt
31-03-2015 07:37:13 Microsoft Office Live Add-in 1.5 wird entfernt
31-03-2015 08:29:58 Wiederherstellungsvorgang
31-03-2015 09:23:23 Windows Update
31-03-2015 09:38:06 Windows Update
01-04-2015 03:18:51 Installed Microsoft Fix it 50195
03-04-2015 12:22:14 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {3625605D-9736-4E0D-ADED-80AB17549529} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-25] (Adobe Systems Incorporated)
Task: {3A05D166-9113-4EC4-9566-5F56785457AF} - System32\Tasks\ASC8_SkipUac_Admin => C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe [2015-01-27] (IObit)
Task: {4A95605E-2F72-413F-9F4A-4F9B662C3B70} - System32\Tasks\{5589489F-BCF7-4E4E-A924-E7FCCE636DA8} => pcalua.exe -a "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Task: {653435B1-E8BB-4611-8BBB-E2FE2CBE8B8C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {690E5BA0-2B04-4E7B-906A-6CCA9CB3331D} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe [2015-01-23] (IObit)
Task: {7FEA1C05-5956-47C1-9720-5580AA7A98CB} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {8734083E-A084-4978-A36C-CA4115FD8883} - System32\Tasks\{085A87EE-090C-40C6-B1AC-A2A6111D4864} => C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
Task: {BDAC862A-E650-4CF1-B04B-EDEB1AB59011} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {F2CAD89D-9A42-4025-8876-58161729CDCB} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {F815A518-89BD-445C-8A71-0D92281353F8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) ==============
2015-03-25 02:16 - 2013-10-25 13:08 - 00517408 _____ () C:\Program Files\IObit\Advanced SystemCare 8\sqlite3.dll
2010-06-06 16:20 - 2010-06-06 16:20 - 00065344 _____ () C:\Windows\System32\PDFreDirectMonNT.dll
2014-10-02 02:12 - 2012-06-21 07:25 - 00094208 _____ () C:\Windows\System32\redmon32.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-06 16:24 - 2010-01-21 01:52 - 00370792 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2014-04-06 16:24 - 2010-01-21 01:51 - 00062568 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2014-04-06 16:24 - 2010-01-21 01:52 - 00565864 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2014-04-06 16:24 - 2010-01-21 01:52 - 00167528 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2015-03-25 02:16 - 2013-01-15 19:48 - 00348992 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madExcept_.bpl
2015-03-25 02:16 - 2013-01-15 19:48 - 00183616 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madBasic_.bpl
2015-03-25 02:16 - 2013-01-15 19:48 - 00051008 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madDisAsm_.bpl
2015-03-25 02:16 - 2013-01-15 19:47 - 00893248 _____ () C:\Program Files\IObit\Advanced SystemCare 8\webres.dll
2015-01-06 20:50 - 2012-02-20 13:59 - 01087336 _____ () C:\Program Files\Ralink\Common\RaWLAPI.dll
2013-06-18 15:49 - 2013-06-18 15:49 - 00016384 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-04-29 23:08 - 2013-04-29 23:08 - 00369152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-03-25 02:16 - 2014-12-10 10:14 - 01284896 _____ () C:\Program Files\IObit\Advanced SystemCare 8\Scan.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: FreePDF Assistant => "C:\Program Files\FreePDF_XP\fpassist.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: PDFPrint => C:\Program Files\PDF24\pdf24.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
==================== Accounts: =============================
Admin (S-1-5-21-3046395627-4054670192-1170409365-1003 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3046395627-4054670192-1170409365-500 - Administrator - Disabled)
Daniela (S-1-5-21-3046395627-4054670192-1170409365-1000 - Limited - Enabled) => C:\Users\Daniela
Gast (S-1-5-21-3046395627-4054670192-1170409365-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3046395627-4054670192-1170409365-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/03/2015 03:10:49 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost (1160) WebCacheLocal: Fehler -1811 (0xfffff8ed) beim Öffnen von Protokolldatei C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\V01.log.
Error: (04/03/2015 02:07:26 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
Error: (04/03/2015 02:00:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DirSync.exe, Version: 2.9.6.0, Zeitstempel: 0x512363e2
Name des fehlerhaften Moduls: DirSync.exe, Version: 2.9.6.0, Zeitstempel: 0x512363e2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003a888
ID des fehlerhaften Prozesses: 0x1500
Startzeit der fehlerhaften Anwendung: 0xDirSync.exe0
Pfad der fehlerhaften Anwendung: DirSync.exe1
Pfad des fehlerhaften Moduls: DirSync.exe2
Berichtskennung: DirSync.exe3
Error: (04/03/2015 01:29:18 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
Error: (04/02/2015 09:40:59 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig
Error: (04/02/2015 09:40:59 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig
Error: (04/02/2015 01:47:05 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig
Error: (04/02/2015 01:47:05 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig
Error: (04/01/2015 11:16:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 11.0.9600.17689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 12f0
Startzeit: 01d06cc0e1b5bce8
Endzeit: 35
Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe
Berichts-ID:
Error: (04/01/2015 04:57:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.4.5557, Zeitstempel: 0x550d0883
Name des fehlerhaften Moduls: mozalloc.dll, Version: 36.0.4.5557, Zeitstempel: 0x550cfa82
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001e02
ID des fehlerhaften Prozesses: 0x11c4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
System errors:
=============
Error: (04/03/2015 02:00:43 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (04/03/2015 01:55:06 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (04/03/2015 01:55:06 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (04/02/2015 09:40:39 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (04/01/2015 11:35:01 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (04/01/2015 11:34:53 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (04/01/2015 11:34:53 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (04/01/2015 11:34:22 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (04/01/2015 11:34:22 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (04/01/2015 11:34:12 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz
Percentage of memory in use: 44%
Total physical RAM: 3071.3 MB
Available physical RAM: 1719.71 MB
Total Pagefile: 6140.9 MB
Available Pagefile: 4310.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.58 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:218.24 GB) (Free:119.99 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:14.52 GB) NTFS
Drive i: (KINGSTON) (Removable) (Total:7.44 GB) (Free:3.44 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 2BAB359D)
Partition 1: (Active) - (Size=218.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=14.6 GB) - (Type=OF Extended)
========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0C)
==================== End Of Log ============================
hier habe ich noch die Log-Datei von AdwCleaner. Tuvaro bin ich wohl so gut wie losgeworden, denn beim Internet Explorer + im Firefox hat AdwCleaner die ganze Zeit etwas gefunden. Jetzt aber nicht mehr. LG von Daniela Code:
ATTFilter # AdwCleaner v4.200 - Bericht erstellt 04/04/2015 um 07:55:29
# Aktualisiert 29/03/2015 von Xplode
# Datenbank : 2015-03-29.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x86)
# Benutzername : Admin - DANIELA-PC
# Gestarted von : C:\Users\Admin\Downloads\AdwCleaner 4.200.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Conduit
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17689
-\\ Mozilla Firefox v37.0 (x86 de)
*************************
AdwCleaner[R0].txt - [4682 Bytes] - [12/02/2015 04:39:20]
AdwCleaner[R10].txt - [2683 Bytes] - [01/04/2015 05:52:12]
AdwCleaner[R11].txt - [2079 Bytes] - [04/04/2015 07:53:23]
AdwCleaner[R1].txt - [912 Bytes] - [12/02/2015 04:56:14]
AdwCleaner[R2].txt - [2596 Bytes] - [14/03/2015 04:01:49]
AdwCleaner[R3].txt - [2696 Bytes] - [19/03/2015 05:04:42]
AdwCleaner[R4].txt - [2473 Bytes] - [19/03/2015 05:16:55]
AdwCleaner[R5].txt - [2728 Bytes] - [19/03/2015 05:40:43]
AdwCleaner[R6].txt - [3187 Bytes] - [19/03/2015 21:25:25]
AdwCleaner[R7].txt - [3062 Bytes] - [19/03/2015 21:44:08]
AdwCleaner[R8].txt - [3751 Bytes] - [21/03/2015 04:56:50]
AdwCleaner[R9].txt - [4246 Bytes] - [01/04/2015 03:41:06]
AdwCleaner[S0].txt - [4766 Bytes] - [12/02/2015 04:46:24]
AdwCleaner[S10].txt - [1469 Bytes] - [04/04/2015 07:55:29]
AdwCleaner[S1].txt - [972 Bytes] - [12/02/2015 05:00:33]
AdwCleaner[S2].txt - [2663 Bytes] - [14/03/2015 04:14:13]
AdwCleaner[S3].txt - [2771 Bytes] - [19/03/2015 05:09:41]
AdwCleaner[S4].txt - [2531 Bytes] - [19/03/2015 05:21:32]
AdwCleaner[S5].txt - [2819 Bytes] - [19/03/2015 05:45:12]
AdwCleaner[S6].txt - [3296 Bytes] - [19/03/2015 21:28:42]
AdwCleaner[S7].txt - [3162 Bytes] - [19/03/2015 21:48:22]
AdwCleaner[S8].txt - [7835 Bytes] - [21/03/2015 04:59:32]
AdwCleaner[S9].txt - [2795 Bytes] - [01/04/2015 05:54:15]
########## EOF - C:\AdwCleaner\AdwCleaner[S10].txt - [2059 Bytes] ##########
|
|
04.04.2015, 09:23
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: Internet fasst zum Stillstand verlangsamt hi,
__________________Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
04.04.2015, 21:37
| #3 |
| | Windows 7: Internet fasst zum Stillstand verlangsamt Hallo Schrauber,
__________________vielen Dank, dass du mir helfen willst. Beide Programme haben nichts gefunden. Hier die Log-Dateien. LG von Dani Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.04.04.05
rootkit: v2015.03.31.01
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17691
Admin :: DANIELA-PC [administrator]
04.04.2015 22:04:39
mbar-log-2015-04-04 (22-04-39).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 364268
Time elapsed: 20 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 22:29:20.0199 0x1024 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
22:29:30.0557 0x1024 ============================================================
22:29:30.0557 0x1024 Current date / time: 2015/04/04 22:29:30.0557
22:29:30.0557 0x1024 SystemInfo:
22:29:30.0557 0x1024
22:29:30.0557 0x1024 OS Version: 6.1.7601 ServicePack: 1.0
22:29:30.0557 0x1024 Product type: Workstation
22:29:30.0557 0x1024 ComputerName: DANIELA-PC
22:29:30.0557 0x1024 UserName: Admin
22:29:30.0557 0x1024 Windows directory: C:\Windows
22:29:30.0557 0x1024 System windows directory: C:\Windows
22:29:30.0557 0x1024 Processor architecture: Intel x86
22:29:30.0557 0x1024 Number of processors: 2
22:29:30.0557 0x1024 Page size: 0x1000
22:29:30.0557 0x1024 Boot type: Normal boot
22:29:30.0557 0x1024 ============================================================
22:29:33.0193 0x1024 KLMD registered as C:\Windows\system32\drivers\78145453.sys
22:29:33.0895 0x1024 System UUID: {9030DA18-6654-0333-C58E-2ED9B0BBB57B}
22:29:36.0688 0x1024 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:29:36.0766 0x1024 ============================================================
22:29:36.0766 0x1024 \Device\Harddisk0\DR0:
22:29:36.0766 0x1024 MBR partitions:
22:29:36.0766 0x1024 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1B479000
22:29:36.0781 0x1024 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B47983F, BlocksNum 0x1D4AD42
22:29:36.0781 0x1024 ============================================================
22:29:36.0813 0x1024 C: <-> \Device\Harddisk0\DR0\Partition1
22:29:36.0859 0x1024 D: <-> \Device\Harddisk0\DR0\Partition2
22:29:36.0859 0x1024 ============================================================
22:29:36.0859 0x1024 Initialize success
22:29:36.0859 0x1024 ============================================================
22:31:07.0488 0x0a5c ============================================================
22:31:07.0488 0x0a5c Scan started
22:31:07.0488 0x0a5c Mode: Manual; SigCheck; TDLFS;
22:31:07.0488 0x0a5c ============================================================
22:31:07.0488 0x0a5c KSN ping started
22:31:27.0176 0x0a5c KSN ping finished: true
22:31:28.0470 0x0a5c ================ Scan system memory ========================
22:31:28.0470 0x0a5c System memory - ok
22:31:28.0470 0x0a5c ================ Scan services =============================
22:31:28.0782 0x0a5c [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:31:29.0079 0x0a5c 1394ohci - ok
22:31:29.0157 0x0a5c [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:31:29.0188 0x0a5c ACPI - ok
22:31:29.0219 0x0a5c [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:31:29.0313 0x0a5c AcpiPmi - ok
22:31:29.0500 0x0a5c [ B0FE8D243A4EC6727D7EC5019C4B26B1, 6A319A77E19937208237BDBD2A545367EEC7B4B7ED732E0BAF616070C2FD88A3 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:31:29.0531 0x0a5c AdobeFlashPlayerUpdateSvc - ok
22:31:29.0672 0x0a5c [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:31:29.0703 0x0a5c adp94xx - ok
22:31:29.0765 0x0a5c [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:31:29.0796 0x0a5c adpahci - ok
22:31:29.0843 0x0a5c [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:31:29.0906 0x0a5c adpu320 - ok
22:31:30.0077 0x0a5c [ 2F442BAA7A739EDFB8CBF6BFBE8F5388, 3D32935DFEB0EA026F9824A78A7232C08C47FE13792AC1A212239B8103F98439 ] AdvancedSystemCareService8 C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
22:31:30.0108 0x0a5c AdvancedSystemCareService8 - ok
22:31:30.0140 0x0a5c [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:31:30.0280 0x0a5c AeLookupSvc - ok
22:31:30.0342 0x0a5c [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD C:\Windows\system32\drivers\afd.sys
22:31:30.0420 0x0a5c AFD - ok
22:31:30.0452 0x0a5c [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
22:31:30.0483 0x0a5c agp440 - ok
22:31:30.0608 0x0a5c [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
22:31:30.0623 0x0a5c aic78xx - ok
22:31:30.0670 0x0a5c [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
22:31:30.0748 0x0a5c ALG - ok
22:31:30.0810 0x0a5c [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
22:31:30.0826 0x0a5c aliide - ok
22:31:30.0888 0x0a5c [ EB7C2F213A219CA9CF807B6888186070, 710F4F6370984B093CFCE8BC517DC6B9ADBB14E7D123DF89F400FE7D0F2BCBF0 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:31:30.0982 0x0a5c AMD External Events Utility - ok
22:31:31.0013 0x0a5c [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
22:31:31.0029 0x0a5c amdagp - ok
22:31:31.0044 0x0a5c [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
22:31:31.0076 0x0a5c amdide - ok
22:31:31.0107 0x0a5c [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:31:31.0138 0x0a5c AmdK8 - ok
22:31:32.0074 0x0a5c [ 92D358D9E637F4BF4C2F87CF0B85B494, 3D6CAC4E0B58B2EAA0A7307C3DA4008D67ABA91AA03672197FCDE33148B83241 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:31:32.0495 0x0a5c amdkmdag - ok
22:31:32.0542 0x0a5c [ 6DC621388E76DC43D8558A20603B5A9E, B9687D90350711127715FA78093BED452D571DFB5C71C28B082AB03AAE75D9E7 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
22:31:32.0589 0x0a5c amdkmdap - ok
22:31:32.0636 0x0a5c [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:31:32.0698 0x0a5c AmdPPM - ok
22:31:32.0760 0x0a5c [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:31:32.0776 0x0a5c amdsata - ok
22:31:32.0823 0x0a5c [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:31:32.0838 0x0a5c amdsbs - ok
22:31:32.0870 0x0a5c [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:31:32.0885 0x0a5c amdxata - ok
22:31:32.0932 0x0a5c [ 81F97D8F8B3FB94A451CC6F7CF8B2965, 8DEBA4E47E1016D69740C0BB7CDD23852D86E0D42C1C1EA5A847ECB115C38CB1 ] AppID C:\Windows\system32\drivers\appid.sys
22:31:32.0994 0x0a5c AppID - ok
22:31:33.0041 0x0a5c [ F5090F8FA6757C58E17BAEAA86093636, 5E14CF3032DF5801240F45C59AA93962EA41AA5648A0C6458D16D9B9D95A131F ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:31:33.0088 0x0a5c AppIDSvc - ok
22:31:33.0135 0x0a5c [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
22:31:33.0213 0x0a5c Appinfo - ok
22:31:33.0338 0x0a5c [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:31:33.0353 0x0a5c Apple Mobile Device - ok
22:31:33.0416 0x0a5c [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
22:31:33.0431 0x0a5c arc - ok
22:31:33.0462 0x0a5c [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:31:33.0478 0x0a5c arcsas - ok
22:31:33.0634 0x0a5c [ 537B2948976F5D9B5767B74A63EBB395, 1A14F8B582E74AD15B612EDA5B707AA3CB0B2A107ED14572B4232EAA7383B634 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:31:33.0650 0x0a5c aspnet_state - ok
22:31:33.0681 0x0a5c [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:31:33.0806 0x0a5c AsyncMac - ok
22:31:33.0868 0x0a5c [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
22:31:33.0884 0x0a5c atapi - ok
22:31:33.0962 0x0a5c [ 44FA26470D4C8123CCF71F4200B782D3, 924E8157E2B09092E95551CA5095F6262E408FAFBA8A01FCB254928B801343BA ] athrusb C:\Windows\system32\DRIVERS\athrusb.sys
22:31:34.0102 0x0a5c athrusb - ok
22:31:34.0180 0x0a5c [ 434192D027A6A11E32E1C74C7C43E1ED, EA4A981B42EC16C2457D80218E94D7B339E05629A028ED5A011D8C7C1039BFD2 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
22:31:34.0211 0x0a5c AtiHDAudioService - ok
22:31:34.0960 0x0a5c [ 92D358D9E637F4BF4C2F87CF0B85B494, 3D6CAC4E0B58B2EAA0A7307C3DA4008D67ABA91AA03672197FCDE33148B83241 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:31:35.0366 0x0a5c atikmdag - ok
22:31:35.0490 0x0a5c [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:31:35.0568 0x0a5c AudioEndpointBuilder - ok
22:31:35.0584 0x0a5c [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:31:35.0631 0x0a5c Audiosrv - ok
22:31:35.0693 0x0a5c [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:31:35.0849 0x0a5c AxInstSV - ok
22:31:35.0912 0x0a5c [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
22:31:35.0990 0x0a5c b06bdrv - ok
22:31:36.0068 0x0a5c [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
22:31:36.0130 0x0a5c b57nd60x - ok
22:31:36.0287 0x0a5c [ 0D1EA7509F394D8B705B239EE71F5118, 3F6EA4AC573460D19B40B772CBC85212381191BE2829F19C86AEBA267E614554 ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
22:31:36.0303 0x0a5c BBSvc - ok
22:31:36.0349 0x0a5c [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
22:31:36.0412 0x0a5c BDESVC - ok
22:31:36.0443 0x0a5c [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
22:31:36.0490 0x0a5c Beep - ok
22:31:36.0583 0x0a5c [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
22:31:36.0693 0x0a5c BFE - ok
22:31:36.0739 0x0a5c [ D1668FA23D26CC97AEBF0EBAE1A015B7, 22215FC6F4292C1F5C24248CF8B455A488C2C63B29D35D6159423F1B5297F66F ] BingDesktopUpdate C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
22:31:36.0786 0x0a5c BingDesktopUpdate - ok
22:31:36.0864 0x0a5c [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
22:31:36.0942 0x0a5c BITS - ok
22:31:36.0958 0x0a5c [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:31:36.0989 0x0a5c blbdrive - ok
22:31:37.0036 0x0a5c [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:31:37.0129 0x0a5c bowser - ok
22:31:37.0192 0x0a5c [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:31:37.0301 0x0a5c BrFiltLo - ok
22:31:37.0332 0x0a5c [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:31:37.0395 0x0a5c BrFiltUp - ok
22:31:37.0457 0x0a5c [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
22:31:37.0551 0x0a5c Browser - ok
22:31:37.0597 0x0a5c [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:31:37.0738 0x0a5c Brserid - ok
22:31:37.0753 0x0a5c [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:31:37.0785 0x0a5c BrSerWdm - ok
22:31:37.0816 0x0a5c [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:31:37.0878 0x0a5c BrUsbMdm - ok
22:31:37.0925 0x0a5c [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:31:37.0972 0x0a5c BrUsbSer - ok
22:31:38.0003 0x0a5c [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:31:38.0081 0x0a5c BTHMODEM - ok
22:31:38.0143 0x0a5c [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
22:31:38.0221 0x0a5c bthserv - ok
22:31:38.0284 0x0a5c [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:31:38.0377 0x0a5c cdfs - ok
22:31:38.0455 0x0a5c [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\drivers\cdrom.sys
22:31:38.0487 0x0a5c cdrom - ok
22:31:38.0533 0x0a5c [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
22:31:38.0643 0x0a5c CertPropSvc - ok
22:31:38.0689 0x0a5c [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:31:38.0736 0x0a5c circlass - ok
22:31:38.0783 0x0a5c [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
22:31:38.0814 0x0a5c CLFS - ok
22:31:38.0908 0x0a5c [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:31:38.0923 0x0a5c clr_optimization_v2.0.50727_32 - ok
22:31:39.0001 0x0a5c [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:31:39.0017 0x0a5c clr_optimization_v4.0.30319_32 - ok
22:31:39.0048 0x0a5c [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:31:39.0142 0x0a5c CmBatt - ok
22:31:39.0173 0x0a5c [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:31:39.0189 0x0a5c cmdide - ok
22:31:39.0251 0x0a5c [ 3051724F223EA48968B19567DE2A81F4, DCC27DE1B2B35866FC6DBDE95A368E7D0D346B6C3F31D0BACA63DD39B0A8874E ] CNG C:\Windows\system32\Drivers\cng.sys
22:31:39.0298 0x0a5c CNG - ok
22:31:39.0329 0x0a5c [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:31:39.0345 0x0a5c Compbatt - ok
22:31:39.0391 0x0a5c [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:31:39.0438 0x0a5c CompositeBus - ok
22:31:39.0485 0x0a5c COMSysApp - ok
22:31:39.0594 0x0a5c [ E425C66663C96D5A9F030B0AD4D219A8, DEECBCD260849178DE421D8E2F177DCE5C63CF67A48ABB23A0E3CF3AA3E00578 ] cpuz137 C:\Program Files\CPUID\PC Wizard 2013\pcwiz_x32.sys
22:31:39.0610 0x0a5c cpuz137 - ok
22:31:39.0641 0x0a5c [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:31:39.0672 0x0a5c crcdisk - ok
22:31:39.0719 0x0a5c [ 49474B3E37969AF4B5C076F42B623AFF, BDA6B57E9B60EF1B67C74099263D33A367AAA035667239F76AB8B268FD3E8F23 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:31:39.0797 0x0a5c CryptSvc - ok
22:31:39.0875 0x0a5c [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
22:31:39.0953 0x0a5c DcomLaunch - ok
22:31:40.0000 0x0a5c [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
22:31:40.0062 0x0a5c defragsvc - ok
22:31:40.0125 0x0a5c [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:31:40.0187 0x0a5c DfsC - ok
22:31:40.0265 0x0a5c [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
22:31:40.0343 0x0a5c Dhcp - ok
22:31:40.0390 0x0a5c [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
22:31:40.0546 0x0a5c discache - ok
22:31:40.0608 0x0a5c [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:31:40.0639 0x0a5c Disk - ok
22:31:40.0671 0x0a5c [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:31:40.0749 0x0a5c Dnscache - ok
22:31:40.0780 0x0a5c [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
22:31:40.0842 0x0a5c dot3svc - ok
22:31:40.0920 0x0a5c [ B5E479EB83707DD698F66953E922042C, 82891A4699F180A20EB25A0EC49A7E008B007A374BAA3279483AC1C95D125FE8 ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
22:31:40.0967 0x0a5c Dot4 - ok
22:31:40.0983 0x0a5c [ CAEFD09B6A6249C53A67D55A9A9FCABF, A76C951EA8A830E5BA22D8D393A946BBAEEDB76478539F647E58199B383F786B ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:31:41.0014 0x0a5c Dot4Print - ok
22:31:41.0014 0x0a5c [ CF491FF38D62143203C065260567E2F7, 4315FD8FC88CF627EBE469A2DF0F280B17C95D3004FC7A93D6F8E47F0D91A037 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
22:31:41.0092 0x0a5c dot4usb - ok
22:31:41.0154 0x0a5c [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
22:31:41.0217 0x0a5c DPS - ok
22:31:41.0263 0x0a5c [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:31:41.0341 0x0a5c drmkaud - ok
22:31:41.0419 0x0a5c [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:31:41.0466 0x0a5c DXGKrnl - ok
22:31:41.0529 0x0a5c [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
22:31:41.0591 0x0a5c EapHost - ok
22:31:41.0747 0x0a5c [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
22:31:41.0887 0x0a5c ebdrv - ok
22:31:41.0950 0x0a5c [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] EFS C:\Windows\System32\lsass.exe
22:31:41.0997 0x0a5c EFS - ok
22:31:42.0075 0x0a5c [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:31:42.0184 0x0a5c ehRecvr - ok
22:31:42.0215 0x0a5c [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
22:31:42.0293 0x0a5c ehSched - ok
22:31:42.0340 0x0a5c [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:31:42.0387 0x0a5c elxstor - ok
22:31:42.0418 0x0a5c [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:31:42.0465 0x0a5c ErrDev - ok
22:31:42.0537 0x0a5c [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
22:31:42.0615 0x0a5c EventSystem - ok
22:31:42.0662 0x0a5c [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
22:31:42.0724 0x0a5c exfat - ok
22:31:42.0771 0x0a5c [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:31:42.0833 0x0a5c fastfat - ok
22:31:42.0911 0x0a5c [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
22:31:43.0021 0x0a5c Fax - ok
22:31:43.0052 0x0a5c [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:31:43.0067 0x0a5c fdc - ok
22:31:43.0114 0x0a5c [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
22:31:43.0145 0x0a5c fdPHost - ok
22:31:43.0192 0x0a5c [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
22:31:43.0255 0x0a5c FDResPub - ok
22:31:43.0286 0x0a5c [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:31:43.0301 0x0a5c FileInfo - ok
22:31:43.0333 0x0a5c [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:31:43.0395 0x0a5c Filetrace - ok
22:31:43.0426 0x0a5c [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:31:43.0473 0x0a5c flpydisk - ok
22:31:43.0520 0x0a5c [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:31:43.0535 0x0a5c FltMgr - ok
22:31:43.0613 0x0a5c [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll
22:31:43.0738 0x0a5c FontCache - ok
22:31:43.0769 0x0a5c [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:31:43.0801 0x0a5c FontCache3.0.0.0 - ok
22:31:43.0925 0x0a5c [ 7DFF82ACDAB23414ABC2A95FEF8982F8, 9B2ACC7AA63085B4A571D084406FE48FE184243A1AF80C2492038CFF3737FEE5 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
22:31:44.0003 0x0a5c ForceWare Intelligent Application Manager (IAM) - ok
22:31:44.0081 0x0a5c [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:31:44.0097 0x0a5c FsDepends - ok
22:31:44.0144 0x0a5c [ B0082808A6856A252F7CDD939892CE50, 3A069239629C4F54049A2CFC6642AC5102ECEAA74470BAA9DDB1AB108D1060EE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
22:31:44.0159 0x0a5c fssfltr - ok
22:31:44.0487 0x0a5c [ 28DDEEEC44E988657B732CF404D504CB, 47F83018E5449CDCED3DD447991788EBAAC92C418D4513FBA9408C45E9AB8E7E ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
22:31:44.0565 0x0a5c fsssvc - ok
22:31:44.0612 0x0a5c [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:31:44.0627 0x0a5c Fs_Rec - ok
22:31:44.0690 0x0a5c [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:31:44.0721 0x0a5c fvevol - ok
22:31:44.0768 0x0a5c [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:31:44.0783 0x0a5c gagp30kx - ok
22:31:44.0830 0x0a5c [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
22:31:44.0924 0x0a5c gpsvc - ok
22:31:44.0955 0x0a5c [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:31:45.0033 0x0a5c hcw85cir - ok
22:31:45.0095 0x0a5c [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:31:45.0173 0x0a5c HdAudAddService - ok
22:31:45.0220 0x0a5c [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:31:45.0267 0x0a5c HDAudBus - ok
22:31:45.0298 0x0a5c [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:31:45.0361 0x0a5c HidBatt - ok
22:31:45.0407 0x0a5c [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:31:45.0454 0x0a5c HidBth - ok
22:31:45.0517 0x0a5c [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:31:45.0532 0x0a5c HidIr - ok
22:31:45.0563 0x0a5c [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\system32\hidserv.dll
22:31:45.0641 0x0a5c hidserv - ok
22:31:45.0688 0x0a5c [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:31:45.0766 0x0a5c HidUsb - ok
22:31:45.0782 0x0a5c [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
22:31:45.0844 0x0a5c hkmsvc - ok
22:31:45.0907 0x0a5c [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:31:45.0969 0x0a5c HomeGroupListener - ok
22:31:46.0031 0x0a5c [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:31:46.0094 0x0a5c HomeGroupProvider - ok
22:31:46.0359 0x0a5c [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05, 7B3F117C1D606DDA7623BEC0BFBC362C33A12213E899F049AC56A55826984134 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
22:31:46.0484 0x0a5c hpqcxs08 - detected UnsignedFile.Multi.Generic ( 1 )
22:31:49.0183 0x0a5c Detect skipped due to KSN trusted
22:31:49.0183 0x0a5c hpqcxs08 - ok
22:31:49.0229 0x0a5c [ F3F72A2A86C22610BCA5439FA789DD52, DA5A8F09DCC512AA1558863AD4FAC12F72DD83CA8FB4D8D9831E4AFBB6B3C616 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
22:31:49.0261 0x0a5c hpqddsvc - detected UnsignedFile.Multi.Generic ( 1 )
22:31:52.0022 0x0a5c Detect skipped due to KSN trusted
22:31:52.0022 0x0a5c hpqddsvc - ok
22:31:52.0069 0x0a5c [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:31:52.0084 0x0a5c HpSAMD - ok
22:31:52.0147 0x0a5c [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:31:52.0240 0x0a5c HTTP - ok
22:31:52.0256 0x0a5c [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:31:52.0287 0x0a5c hwpolicy - ok
22:31:52.0334 0x0a5c [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:31:52.0381 0x0a5c i8042prt - ok
22:31:52.0490 0x0a5c [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:31:52.0521 0x0a5c iaStorV - ok
22:31:52.0568 0x0a5c [ C590574AE2F167CC188250E81102C882, 5A32CAC4E1DA7ED1FE003E2DE1EB7DF8D30B68FB8407AC76266CE8114F0ED29B ] IDMWFP C:\Windows\system32\DRIVERS\idmwfp.sys
22:31:52.0599 0x0a5c IDMWFP - ok
22:31:52.0708 0x0a5c [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:31:52.0755 0x0a5c idsvc - ok
22:31:52.0771 0x0a5c IEEtwCollectorService - ok
22:31:52.0817 0x0a5c [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:31:52.0849 0x0a5c iirsp - ok
22:31:52.0942 0x0a5c [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
22:31:53.0051 0x0a5c IKEEXT - ok
22:31:53.0083 0x0a5c [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
22:31:53.0114 0x0a5c intelide - ok
22:31:53.0161 0x0a5c [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:31:53.0207 0x0a5c intelppm - ok
22:31:53.0270 0x0a5c [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:31:53.0348 0x0a5c IPBusEnum - ok
22:31:53.0395 0x0a5c [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:31:53.0441 0x0a5c IpFilterDriver - ok
22:31:53.0489 0x0a5c [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:31:53.0583 0x0a5c iphlpsvc - ok
22:31:53.0614 0x0a5c [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:31:53.0661 0x0a5c IPMIDRV - ok
22:31:53.0723 0x0a5c [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:31:53.0786 0x0a5c IPNAT - ok
22:31:53.0832 0x0a5c [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:31:53.0911 0x0a5c IRENUM - ok
22:31:53.0943 0x0a5c [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:31:53.0958 0x0a5c isapnp - ok
22:31:54.0021 0x0a5c [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:31:54.0067 0x0a5c iScsiPrt - ok
22:31:54.0099 0x0a5c [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:31:54.0130 0x0a5c kbdclass - ok
22:31:54.0286 0x0a5c [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:31:54.0395 0x0a5c kbdhid - ok
22:31:54.0442 0x0a5c [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] KeyIso C:\Windows\system32\lsass.exe
22:31:54.0457 0x0a5c KeyIso - ok
22:31:54.0535 0x0a5c [ 4DAC97CF81FAE4B2988AEF0DF40D04AE, 5560304972693DE5D5B21CE010A76067FA5B64AD5968122EE9F8248B3EA4878E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:31:54.0567 0x0a5c KSecDD - ok
22:31:54.0598 0x0a5c [ 9EED5E0B7BF784C491C2289A09920BDA, 9E82EB777A01AB32EDA2AE0420546602A82C850D68D2C0AEDB4EA5ADEDF835E6 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:31:54.0629 0x0a5c KSecPkg - ok
22:31:54.0738 0x0a5c [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
22:31:54.0847 0x0a5c KtmRm - ok
22:31:54.0894 0x0a5c [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:31:54.0972 0x0a5c LanmanServer - ok
22:31:55.0019 0x0a5c [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:31:55.0081 0x0a5c LanmanWorkstation - ok
22:31:55.0347 0x0a5c [ D9BC2278A381A8F8465596CB84D33320, 13E5CE3FD84604077B06E0B111F0345FA300FE4CBFCFCDAFFFAC6D838BB43E3A ] LiveUpdateSvc C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
22:31:55.0471 0x0a5c LiveUpdateSvc - ok
22:31:55.0534 0x0a5c [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:31:55.0565 0x0a5c lltdio - ok
22:31:55.0596 0x0a5c [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:31:55.0690 0x0a5c lltdsvc - ok
22:31:55.0737 0x0a5c [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:31:55.0815 0x0a5c lmhosts - ok
22:31:55.0893 0x0a5c [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:31:55.0908 0x0a5c LSI_FC - ok
22:31:55.0971 0x0a5c [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:31:56.0002 0x0a5c LSI_SAS - ok
22:31:56.0017 0x0a5c [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:31:56.0033 0x0a5c LSI_SAS2 - ok
22:31:56.0064 0x0a5c [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:31:56.0080 0x0a5c LSI_SCSI - ok
22:31:56.0127 0x0a5c [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
22:31:56.0205 0x0a5c luafv - ok
22:31:56.0361 0x0a5c [ C2730E796F3A84DE3D4FCFF899028838, E93163D5657B67019FD798EDC9A0D9CC561AB76CA20C1F15413D466149FC4ABE ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys
22:31:56.0376 0x0a5c mbamchameleon - ok
22:31:56.0407 0x0a5c [ AB73A39A5E45F465B02C11C500BB0278, 6863B27DA7A0808F232B93CB74ACA09751B6F63FD9FB26EB3FA0282636CE9807 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
22:31:56.0423 0x0a5c MBAMProtector - ok
22:31:56.0563 0x0a5c [ 86701B8E4C53280AA8642AC85F8500F4, 6839F2B840410857AE7DA215A17922A7499A9B99D96032756525878E98175103 ] MBAMScheduler C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
22:31:56.0657 0x0a5c MBAMScheduler - ok
22:31:56.0829 0x0a5c [ E27891A49DF92004041FEC5C3A2D4230, A4679A1F10F84935875E35A83FC7075499B8F4CBB543209A38C0D946347CD264 ] MBAMService C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
22:31:56.0922 0x0a5c MBAMService - ok
22:31:56.0985 0x0a5c [ 04B309A1A653177994630C2773E659F1, 1D9F81D2DF513FE177E5308E3DE0CE416109F87FDBD00FE7453FEB6074216C3C ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
22:31:57.0000 0x0a5c MBAMSwissArmy - ok
22:31:57.0047 0x0a5c [ 2A1B51A1FE8DC4DC0D52EC700CB02CEF, BF689A361F941F91B63D5F8E54925550333C068F65E59E4DBF0A7B66B8C7EDD6 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
22:31:57.0063 0x0a5c MBAMWebAccessControl - ok
22:31:57.0109 0x0a5c [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:31:57.0156 0x0a5c Mcx2Svc - ok
22:31:57.0281 0x0a5c [ 7CF1B716372B89568AE4C0FE769F5869, 0D70A7A594BCFBB26D7249C0F4B0AF9EF874F2318B3FDCE44648CC61279594ED ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
22:31:57.0312 0x0a5c MDM - detected UnsignedFile.Multi.Generic ( 1 )
22:32:03.0880 0x0a5c Detect skipped due to KSN trusted
22:32:03.0880 0x0a5c MDM - ok
22:32:03.0927 0x0a5c [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:32:03.0942 0x0a5c megasas - ok
22:32:03.0973 0x0a5c [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:32:04.0005 0x0a5c MegaSR - ok
22:32:04.0036 0x0a5c [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
22:32:04.0114 0x0a5c MMCSS - ok
22:32:04.0129 0x0a5c [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
22:32:04.0207 0x0a5c Modem - ok
22:32:04.0301 0x0a5c [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:32:04.0363 0x0a5c monitor - ok
22:32:04.0426 0x0a5c [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:32:04.0441 0x0a5c mouclass - ok
22:32:04.0488 0x0a5c [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:32:04.0504 0x0a5c mouhid - ok
22:32:04.0597 0x0a5c [ 644905A19D0F37F2233DFCE53BC4BC19, F52CB40AA0FD1EBF8CBF0F3BFB20C47142C637719840877FB93F10D085EB8C2B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:32:04.0613 0x0a5c mountmgr - ok
22:32:04.0707 0x0a5c [ A8EC34E8953BD6A751D52C55B47BDE62, FB526ACDF67037498D5D1033A41082B96EBC702293FA1384AE9FCFF091686CDD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:32:04.0722 0x0a5c MozillaMaintenance - ok
22:32:04.0801 0x0a5c [ 7D2484C4995A3DB47345EFED2A0B579E, 55B3CDE0BEF743874793679692A6C744B2771C85A0FEE1904F28A51EEE9C0CEB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
22:32:04.0832 0x0a5c MpFilter - ok
22:32:04.0864 0x0a5c [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
22:32:04.0895 0x0a5c mpio - ok
22:32:05.0004 0x0a5c [ 65C34426C83EFA32D48380A97717997B, CD7EB6BFBB0BE382BA21055460D9A72323F09AF3194A22D8EDB28D5DB3BAE8E7 ] MpKsl902320df c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BADE68C7-530D-4359-9BFA-A4AD32D2E383}\MpKsl902320df.sys
22:32:05.0020 0x0a5c MpKsl902320df - ok
22:32:05.0082 0x0a5c [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:32:05.0129 0x0a5c mpsdrv - ok
22:32:05.0176 0x0a5c [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:32:05.0269 0x0a5c MpsSvc - ok
22:32:05.0316 0x0a5c [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:32:05.0410 0x0a5c MRxDAV - ok
22:32:05.0441 0x0a5c [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:32:05.0519 0x0a5c mrxsmb - ok
22:32:05.0550 0x0a5c [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:32:05.0628 0x0a5c mrxsmb10 - ok
22:32:05.0659 0x0a5c [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:32:05.0722 0x0a5c mrxsmb20 - ok
22:32:05.0768 0x0a5c [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
22:32:05.0800 0x0a5c msahci - ok
22:32:05.0815 0x0a5c [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:32:05.0846 0x0a5c msdsm - ok
22:32:05.0893 0x0a5c [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
22:32:06.0034 0x0a5c MSDTC - ok
22:32:06.0096 0x0a5c [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:32:06.0190 0x0a5c Msfs - ok
22:32:06.0221 0x0a5c [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:32:06.0314 0x0a5c mshidkmdf - ok
22:32:06.0361 0x0a5c [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:32:06.0377 0x0a5c msisadrv - ok
22:32:06.0424 0x0a5c [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:32:06.0470 0x0a5c MSiSCSI - ok
22:32:06.0486 0x0a5c msiserver - ok
22:32:06.0533 0x0a5c [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:32:06.0564 0x0a5c MSKSSRV - ok
22:32:06.0658 0x0a5c [ F26F7A5B18C717E57E3B6B306ABEC00B, 4C49C67A48F6B77E38A7FD28C960C92DFF371ACF0722C6EE4DF5F4B382937870 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:32:06.0689 0x0a5c MsMpSvc - ok
22:32:06.0720 0x0a5c [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:32:06.0782 0x0a5c MSPCLOCK - ok
22:32:06.0814 0x0a5c [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:32:06.0861 0x0a5c MSPQM - ok
22:32:06.0893 0x0a5c [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:32:06.0908 0x0a5c MsRPC - ok
22:32:06.0955 0x0a5c [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:32:06.0971 0x0a5c mssmbios - ok
22:32:06.0986 0x0a5c [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:32:07.0049 0x0a5c MSTEE - ok
22:32:07.0080 0x0a5c [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:32:07.0143 0x0a5c MTConfig - ok
22:32:07.0174 0x0a5c [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
22:32:07.0190 0x0a5c Mup - ok
22:32:07.0268 0x0a5c [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
22:32:07.0377 0x0a5c napagent - ok
22:32:07.0424 0x0a5c [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:32:07.0471 0x0a5c NativeWifiP - ok
22:32:07.0533 0x0a5c [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:32:07.0580 0x0a5c NDIS - ok
22:32:07.0611 0x0a5c [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:32:07.0674 0x0a5c NdisCap - ok
22:32:07.0752 0x0a5c [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:32:07.0814 0x0a5c NdisTapi - ok
22:32:07.0861 0x0a5c [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:32:07.0970 0x0a5c Ndisuio - ok
22:32:08.0017 0x0a5c [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:32:08.0079 0x0a5c NdisWan - ok
22:32:08.0142 0x0a5c [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:32:08.0235 0x0a5c NDProxy - ok
22:32:08.0298 0x0a5c [ A081CB6FB9A12668F233EB5414BE3A0E, EE2A1311B51D1FEBAF79F45E568A927D8EA7704AFC8495AED2D26927566F61E3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
22:32:08.0344 0x0a5c Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
22:32:11.0043 0x0a5c Detect skipped due to KSN trusted
22:32:11.0043 0x0a5c Net Driver HPZ12 - ok
22:32:11.0121 0x0a5c [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:32:11.0215 0x0a5c NetBIOS - ok
22:32:11.0262 0x0a5c [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:32:11.0371 0x0a5c NetBT - ok
22:32:11.0418 0x0a5c [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] Netlogon C:\Windows\system32\lsass.exe
22:32:11.0449 0x0a5c Netlogon - ok
22:32:11.0511 0x0a5c [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
22:32:11.0605 0x0a5c Netman - ok
22:32:11.0667 0x0a5c [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:32:11.0698 0x0a5c NetMsmqActivator - ok
22:32:11.0745 0x0a5c [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:32:11.0761 0x0a5c NetPipeActivator - ok
22:32:11.0792 0x0a5c [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
22:32:11.0839 0x0a5c netprofm - ok
22:32:11.0948 0x0a5c [ BB534F960DBF0CD1E3B88FC3B0018860, AB40C1093092AA5FF61D9F82D67923BD5CD872965DC055380162CB2156BAD335 ] netr28u C:\Windows\system32\DRIVERS\netr28u.sys
22:32:12.0026 0x0a5c netr28u - ok
22:32:12.0073 0x0a5c [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:32:12.0104 0x0a5c NetTcpActivator - ok
22:32:12.0135 0x0a5c [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:32:12.0166 0x0a5c NetTcpPortSharing - ok
22:32:12.0198 0x0a5c [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:32:12.0229 0x0a5c nfrd960 - ok
22:32:12.0510 0x0a5c [ 94B8279FC0E27A8253944DFA47FC4A83, D799003BD163200F7DE0EC882756EF08AA70C45BF0518E3BC6DB8B8FB74BF663 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:32:12.0541 0x0a5c NisDrv - ok
22:32:12.0588 0x0a5c [ 1452F52471F2DC1515DD6C35B42FF06E, 57A2858B24D0C9C229A4C76F85DB453E867921C2B4E41835211C4EB5EBE99DE8 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
22:32:12.0619 0x0a5c NisSrv - ok
22:32:12.0666 0x0a5c [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:32:12.0837 0x0a5c NlaSvc - ok
22:32:12.0884 0x0a5c [ A00877C05933FBA8AFB3390DD72D4679, 684D9642173C4BF4B752F259D5E89F16BC8B4B1608F1E6E176AA692A9775CE38 ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys
22:32:12.0978 0x0a5c nmwcd - ok
22:32:13.0040 0x0a5c [ 9FF15F18E4E8758AC57BDB910D0238B3, F27C40BDD3818C54E1099AD525C7C19B424E0C4676DB366DE0E905CA3F82A310 ] nmwcdc C:\Windows\system32\drivers\ccdcmbo.sys
22:32:13.0087 0x0a5c nmwcdc - ok
22:32:13.0149 0x0a5c [ B0575681498D75E0C0432200702B4A0A, EE6037B038265562A4F59E92A9F665C7A8AA8E8C5DEB3481F1F7B6D39A4E4954 ] nmwcdnsu C:\Windows\system32\drivers\nmwcdnsu.sys
22:32:13.0196 0x0a5c nmwcdnsu - ok
22:32:13.0243 0x0a5c [ 9699486E10F89163979FCD48A40FE805, 04D05666920C91106FFF60F1DCE7D8B89F6F1419D0035A5BF7AB5F0BA5C39B31 ] nmwcdnsuc C:\Windows\system32\drivers\nmwcdnsuc.sys
22:32:13.0274 0x0a5c nmwcdnsuc - ok
22:32:13.0290 0x0a5c [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:32:13.0492 0x0a5c Npfs - ok
22:32:13.0539 0x0a5c [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
22:32:13.0711 0x0a5c nsi - ok
22:32:13.0804 0x0a5c [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:32:13.0836 0x0a5c nsiproxy - ok
22:32:13.0930 0x0a5c [ 198FF60A42802C319FBA58FDB13EEE49, 80F098727BE1452BD570F5A1A7F4883BB38B3B4F7F4797D6F276A6E9FFE3B7C1 ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
22:32:13.0946 0x0a5c nSvcIp - ok
22:32:14.0086 0x0a5c [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:32:14.0133 0x0a5c Ntfs - ok
22:32:14.0164 0x0a5c [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
22:32:14.0242 0x0a5c Null - ok
22:32:14.0321 0x0a5c [ B5E37E31C053BC9950455A257526514B, 16E2880621F3AA12BDADE71CD7682CA79E2A199D3C9E3E5927C49DCEF0F6183B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
22:32:14.0352 0x0a5c NVENETFD - ok
22:32:14.0384 0x0a5c [ 0219B05730635FCAB3A9925D3374C464, FD5ED0FAFA1DB8229B3963C29D7AC98684C5F75772AAE05A79D4452237CF7C1D ] NVNET C:\Windows\system32\DRIVERS\nvmf6232.sys
22:32:14.0399 0x0a5c NVNET - ok
22:32:14.0446 0x0a5c [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:32:14.0477 0x0a5c nvraid - ok
22:32:14.0508 0x0a5c [ 02A9F366BCB94B286E34825B2094CB38, 1F525EA1C9530FC5361745D0761C8E3AF9BF7CD80087A4791BB8DB8D5DF00115 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
22:32:14.0540 0x0a5c nvsmu - ok
22:32:14.0618 0x0a5c [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:32:14.0633 0x0a5c nvstor - ok
22:32:14.0680 0x0a5c [ 97778C3CB3AF6B2243648D0DCD4D8916, 344B77D9F0B8E09DA4898D1AD2F3223C11AD7691D6E4D101478D38B25EB0F7EF ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
22:32:14.0742 0x0a5c nvstor32 - ok
22:32:14.0774 0x0a5c [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:32:14.0805 0x0a5c nv_agp - ok
22:32:14.0898 0x0a5c [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:32:14.0945 0x0a5c odserv - ok
22:32:15.0117 0x0a5c [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:32:15.0179 0x0a5c ohci1394 - ok
22:32:15.0288 0x0a5c [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:32:15.0304 0x0a5c ose - ok
22:32:15.0351 0x0a5c [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:32:15.0460 0x0a5c p2pimsvc - ok
22:32:15.0507 0x0a5c [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
22:32:15.0569 0x0a5c p2psvc - ok
22:32:15.0616 0x0a5c [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:32:15.0647 0x0a5c Parport - ok
22:32:15.0710 0x0a5c [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:32:15.0725 0x0a5c partmgr - ok
22:32:15.0756 0x0a5c [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
22:32:15.0819 0x0a5c Parvdm - ok
22:32:15.0866 0x0a5c [ 52954BE460EC6C54C0ACB2B3B126FFC6, 9F9878EC5ABC74C5A8EE8E1D940F0934F081895B07D844F42F80A638FE713F7B ] PcaSvc C:\Windows\System32\pcasvc.dll
22:32:15.0928 0x0a5c PcaSvc - ok
22:32:15.0975 0x0a5c [ F451DCACBAA67F3307305EBD4A39EA07, C4435BF4C2D16F3DC0B35732BE3602FFA28DB0A5BC5576F45E0D32E5F4CD2DEA ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
22:32:16.0037 0x0a5c pccsmcfd - ok
22:32:16.0068 0x0a5c [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
22:32:16.0100 0x0a5c pci - ok
22:32:16.0115 0x0a5c [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
22:32:16.0131 0x0a5c pciide - ok
22:32:16.0209 0x0a5c [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:32:16.0224 0x0a5c pcmcia - ok
22:32:16.0256 0x0a5c [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
22:32:16.0271 0x0a5c pcw - ok
22:32:16.0318 0x0a5c [ AEBC369F7DC72AB3F5B9BDF34FA0D43F, 2A819154AC6C23E97C583D90B4D0C112188B7AE9D8D9B3F88811BFCED124E551 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:32:16.0380 0x0a5c PEAUTH - ok
22:32:16.0505 0x0a5c [ 8087AA9F425BEFD3D75C7FAC7C37363E, E78A5DA101B95B7AF37A696DF5C8E10AC0F8A22A8B1B75BBC7DA227047798415 ] Ph6xIB32 C:\Windows\system32\DRIVERS\Ph6xIB32.sys
22:32:16.0630 0x0a5c Ph6xIB32 - ok
22:32:16.0880 0x0a5c [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
22:32:16.0973 0x0a5c pla - ok
22:32:17.0036 0x0a5c [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:32:17.0114 0x0a5c PlugPlay - ok
22:32:17.0192 0x0a5c [ 65BC271F337637731D3C71455AE1F476, DAD32B61FE0147F8D2DA4C8F016920CD6BB2098F16E3CC2768009763E71DEFBC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
22:32:17.0192 0x0a5c Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
22:32:20.0592 0x0a5c Detect skipped due to KSN trusted
22:32:20.0592 0x0a5c Pml Driver HPZ12 - ok
22:32:20.0639 0x0a5c [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:32:20.0670 0x0a5c PNRPAutoReg - ok
22:32:20.0717 0x0a5c [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:32:20.0748 0x0a5c PNRPsvc - ok
22:32:20.0889 0x0a5c [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:32:20.0920 0x0a5c PolicyAgent - ok
22:32:20.0967 0x0a5c [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
22:32:21.0045 0x0a5c Power - ok
22:32:21.0092 0x0a5c [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:32:21.0170 0x0a5c PptpMiniport - ok
22:32:21.0232 0x0a5c [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:32:21.0263 0x0a5c Processor - ok
22:32:21.0310 0x0a5c [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc C:\Windows\system32\profsvc.dll
22:32:21.0388 0x0a5c ProfSvc - ok
22:32:21.0435 0x0a5c [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:32:21.0450 0x0a5c ProtectedStorage - ok
22:32:21.0497 0x0a5c [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:32:21.0560 0x0a5c Psched - ok
22:32:21.0622 0x0a5c [ 846FE8CBB31ECB1E8333FF395BAF5D5F, 02B9E3FC90403220B28E0E67397AC4F99FCE4CA5A573492F79CB4CE82633A0AC ] pwdrvio C:\Windows\system32\pwdrvio.sys
22:32:21.0638 0x0a5c pwdrvio - ok
22:32:21.0794 0x0a5c [ 3EB52E853F2F74178AC0034CA0719FB1, 2101A99D77AD18039D095A7086F79647A988223223E58AB3EB9A0F8ED14DA2B2 ] pwdspio C:\Windows\system32\pwdspio.sys
22:32:21.0809 0x0a5c pwdspio - ok
22:32:21.0887 0x0a5c [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:32:21.0950 0x0a5c ql2300 - ok
22:32:21.0981 0x0a5c [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:32:21.0996 0x0a5c ql40xx - ok
22:32:22.0028 0x0a5c [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
22:32:22.0090 0x0a5c QWAVE - ok
22:32:22.0121 0x0a5c [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:32:22.0152 0x0a5c QWAVEdrv - ok
22:32:22.0246 0x0a5c [ F4C083E290BCBC8DA05C6E2C7F8053B9, 968103B2F49A05B1DE99FA38CEB7B2F5E90B60901B9AF802A908F819DA64822E ] RalinkRegistryWriter C:\Program Files\Ralink\Common\RaRegistry.exe
22:32:22.0293 0x0a5c RalinkRegistryWriter - detected UnsignedFile.Multi.Generic ( 1 )
22:32:25.0038 0x0a5c Detect skipped due to KSN trusted
22:32:25.0038 0x0a5c RalinkRegistryWriter - ok
22:32:25.0116 0x0a5c [ ACCFA0846D9C7BD6A9F506982B812A5C, FE48D5016C2EBDB95A594D359E9F7873A1EF5C927E109F59755C892B6C3C5506 ] RaMediaServer C:\Program Files\Ralink\Common\RaMediaServer.exe
22:32:25.0148 0x0a5c RaMediaServer - ok
22:32:25.0163 0x0a5c [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:32:25.0226 0x0a5c RasAcd - ok
22:32:25.0304 0x0a5c [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:32:25.0382 0x0a5c RasAgileVpn - ok
22:32:25.0444 0x0a5c [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
22:32:25.0475 0x0a5c RasAuto - ok
22:32:25.0506 0x0a5c [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:32:25.0631 0x0a5c Rasl2tp - ok
22:32:25.0709 0x0a5c [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
22:32:25.0756 0x0a5c RasMan - ok
22:32:25.0787 0x0a5c [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:32:25.0850 0x0a5c RasPppoe - ok
22:32:25.0928 0x0a5c [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:32:26.0021 0x0a5c RasSstp - ok
22:32:26.0146 0x0a5c [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:32:26.0224 0x0a5c rdbss - ok
22:32:26.0255 0x0a5c [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:32:26.0302 0x0a5c rdpbus - ok
22:32:26.0333 0x0a5c [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:32:26.0427 0x0a5c RDPCDD - ok
22:32:26.0474 0x0a5c [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:32:26.0552 0x0a5c RDPENCDD - ok
22:32:26.0598 0x0a5c [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:32:26.0676 0x0a5c RDPREFMP - ok
22:32:26.0786 0x0a5c [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:32:26.0832 0x0a5c RdpVideoMiniport - ok
22:32:26.0864 0x0a5c [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:32:26.0942 0x0a5c RDPWD - ok
22:32:26.0988 0x0a5c [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:32:27.0020 0x0a5c rdyboost - ok
22:32:27.0066 0x0a5c [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:32:27.0144 0x0a5c RemoteAccess - ok
22:32:27.0191 0x0a5c [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:32:27.0285 0x0a5c RemoteRegistry - ok
22:32:27.0316 0x0a5c [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:32:27.0394 0x0a5c RpcEptMapper - ok
22:32:27.0472 0x0a5c [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
22:32:27.0488 0x0a5c RpcLocator - ok
22:32:27.0550 0x0a5c [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
22:32:27.0597 0x0a5c RpcSs - ok
22:32:27.0644 0x0a5c [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:32:27.0675 0x0a5c rspndr - ok
22:32:27.0706 0x0a5c [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] SamSs C:\Windows\system32\lsass.exe
22:32:27.0737 0x0a5c SamSs - ok
22:32:27.0784 0x0a5c [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:32:27.0800 0x0a5c sbp2port - ok
22:32:27.0846 0x0a5c [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:32:27.0956 0x0a5c SCardSvr - ok
22:32:28.0018 0x0a5c [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:32:28.0080 0x0a5c scfilter - ok
22:32:28.0158 0x0a5c [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
22:32:28.0268 0x0a5c Schedule - ok
22:32:28.0314 0x0a5c [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
22:32:28.0346 0x0a5c SCPolicySvc - ok
22:32:28.0408 0x0a5c [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:32:28.0486 0x0a5c SDRSVC - ok
22:32:28.0564 0x0a5c [ 78779EE07231C658B483B1F38B5088DF, 42DE06151DA17C218067CA3A22509BC626CB505F87238E39D024CE29554EF47D ] SeaPort C:\Program Files\Microsoft\BingBar\SeaPort.EXE
22:32:28.0595 0x0a5c SeaPort - ok
22:32:28.0642 0x0a5c [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:32:28.0704 0x0a5c secdrv - ok
22:32:28.0751 0x0a5c [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
22:32:28.0814 0x0a5c seclogon - ok
22:32:28.0860 0x0a5c [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\System32\sens.dll
22:32:28.0923 0x0a5c SENS - ok
22:32:28.0970 0x0a5c [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:32:29.0001 0x0a5c SensrSvc - ok
22:32:29.0048 0x0a5c [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:32:29.0094 0x0a5c Serenum - ok
22:32:29.0157 0x0a5c [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:32:29.0172 0x0a5c Serial - ok
22:32:29.0204 0x0a5c [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:32:29.0250 0x0a5c sermouse - ok
22:32:29.0391 0x0a5c [ 78F7BB9F4924BE164294C59B8C3FC096, 75051A6A8B0DBB16CD70855A408134270EEAF0C127BAAE5B592DB53BB87C085B ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
22:32:29.0422 0x0a5c ServiceLayer - ok
22:32:29.0516 0x0a5c [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
22:32:29.0609 0x0a5c SessionEnv - ok
22:32:29.0687 0x0a5c [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:32:29.0734 0x0a5c sffdisk - ok
22:32:29.0796 0x0a5c [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:32:29.0843 0x0a5c sffp_mmc - ok
22:32:29.0890 0x0a5c [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:32:29.0906 0x0a5c sffp_sd - ok
22:32:29.0937 0x0a5c [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:32:29.0968 0x0a5c sfloppy - ok
22:32:30.0030 0x0a5c [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:32:30.0093 0x0a5c SharedAccess - ok
22:32:30.0140 0x0a5c [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:32:30.0186 0x0a5c ShellHWDetection - ok
22:32:30.0218 0x0a5c [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
22:32:30.0233 0x0a5c sisagp - ok
22:32:30.0296 0x0a5c [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:32:30.0311 0x0a5c SiSRaid2 - ok
22:32:30.0342 0x0a5c [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:32:30.0358 0x0a5c SiSRaid4 - ok
22:32:30.0436 0x0a5c [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
22:32:30.0467 0x0a5c SkypeUpdate - ok
22:32:30.0530 0x0a5c [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:32:30.0576 0x0a5c Smb - ok
22:32:30.0639 0x0a5c [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:32:30.0701 0x0a5c SNMPTRAP - ok
22:32:30.0732 0x0a5c [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
22:32:30.0748 0x0a5c spldr - ok
22:32:30.0873 0x0a5c [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
22:32:30.0966 0x0a5c Spooler - ok
22:32:31.0169 0x0a5c [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
22:32:31.0294 0x0a5c sppsvc - ok
22:32:31.0372 0x0a5c [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:32:31.0434 0x0a5c sppuinotify - ok
22:32:31.0481 0x0a5c [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:32:31.0590 0x0a5c srv - ok
22:32:31.0622 0x0a5c [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:32:31.0668 0x0a5c srv2 - ok
22:32:31.0731 0x0a5c [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:32:31.0793 0x0a5c srvnet - ok
22:32:31.0824 0x0a5c [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:32:31.0902 0x0a5c SSDPSRV - ok
22:32:31.0949 0x0a5c [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:32:31.0980 0x0a5c SstpSvc - ok
22:32:32.0012 0x0a5c [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:32:32.0027 0x0a5c stexstor - ok
22:32:32.0105 0x0a5c [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
22:32:32.0168 0x0a5c StiSvc - ok
22:32:32.0230 0x0a5c [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\drivers\swenum.sys
22:32:32.0246 0x0a5c swenum - ok
22:32:32.0324 0x0a5c [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
22:32:32.0386 0x0a5c swprv - ok
22:32:32.0558 0x0a5c [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll
22:32:32.0651 0x0a5c SysMain - ok
22:32:32.0682 0x0a5c [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
22:32:32.0745 0x0a5c TabletInputService - ok
22:32:32.0838 0x0a5c [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
22:32:32.0901 0x0a5c TapiSrv - ok
22:32:32.0948 0x0a5c [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
22:32:32.0994 0x0a5c TBS - ok
22:32:33.0088 0x0a5c [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:32:33.0150 0x0a5c Tcpip - ok
22:32:33.0228 0x0a5c [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:32:33.0275 0x0a5c TCPIP6 - ok
22:32:33.0353 0x0a5c [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:32:33.0400 0x0a5c tcpipreg - ok
22:32:33.0447 0x0a5c [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:32:33.0494 0x0a5c TDPIPE - ok
22:32:33.0525 0x0a5c [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:32:33.0540 0x0a5c TDTCP - ok
22:32:33.0587 0x0a5c [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:32:33.0618 0x0a5c tdx - ok
22:32:33.0650 0x0a5c [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:32:33.0665 0x0a5c TermDD - ok
22:32:33.0728 0x0a5c [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService C:\Windows\System32\termsrv.dll
22:32:33.0868 0x0a5c TermService - ok
22:32:33.0899 0x0a5c [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
22:32:33.0930 0x0a5c Themes - ok
22:32:33.0962 0x0a5c [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
22:32:34.0008 0x0a5c THREADORDER - ok
22:32:34.0024 0x0a5c [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
22:32:34.0118 0x0a5c TrkWks - ok
22:32:34.0164 0x0a5c [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:32:34.0227 0x0a5c TrustedInstaller - ok
22:32:34.0305 0x0a5c [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:32:34.0320 0x0a5c tssecsrv - ok
22:32:34.0367 0x0a5c [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:32:34.0414 0x0a5c TsUsbFlt - ok
22:32:34.0476 0x0a5c [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:32:34.0554 0x0a5c tunnel - ok
22:32:34.0601 0x0a5c [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:32:34.0617 0x0a5c uagp35 - ok
22:32:34.0695 0x0a5c [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:32:34.0804 0x0a5c udfs - ok
22:32:34.0882 0x0a5c [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:32:34.0898 0x0a5c UI0Detect - ok
22:32:34.0944 0x0a5c [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:32:34.0960 0x0a5c uliagpkx - ok
22:32:35.0007 0x0a5c [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\drivers\umbus.sys
22:32:35.0038 0x0a5c umbus - ok
22:32:35.0054 0x0a5c [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:32:35.0116 0x0a5c UmPass - ok
22:32:35.0163 0x0a5c [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
22:32:35.0288 0x0a5c upnphost - ok
22:32:35.0350 0x0a5c [ 8721F55D8BC9F89E3A63CEBDF5EF4FA3, C0C82480014B646709869A6A6FA2B71B993F9FCD8E2DB9E8F7D341C21EE169CF ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
22:32:35.0381 0x0a5c upperdev - ok
22:32:35.0444 0x0a5c [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:32:35.0537 0x0a5c usbccgp - ok
22:32:35.0568 0x0a5c [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:32:35.0662 0x0a5c usbcir - ok
22:32:35.0740 0x0a5c [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:32:35.0802 0x0a5c usbehci - ok
22:32:35.0927 0x0a5c [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:32:35.0990 0x0a5c usbhub - ok
22:32:36.0099 0x0a5c [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:32:36.0146 0x0a5c usbohci - ok
22:32:36.0224 0x0a5c [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:32:36.0286 0x0a5c usbprint - ok
22:32:36.0411 0x0a5c [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:32:36.0676 0x0a5c usbscan - ok
22:32:36.0723 0x0a5c [ 007C0C8D5B01D82ACEB70431D15083F6, 7EAF68CD3C38D3CD2CDFEE9ECE1DFB38E274F1F9E6F70B73BCE1336E87D5496C ] usbser C:\Windows\system32\drivers\usbser.sys
22:32:36.0754 0x0a5c usbser - ok
22:32:36.0801 0x0a5c [ 4E66C71D8D010BFB0DF1042D25E9CB0F, E581ED3557A06FEE7F35DF1C18C7D74FEFD1FC5E6CDAD6692F66F4A033830F1C ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
22:32:36.0863 0x0a5c UsbserFilt - ok
22:32:36.0926 0x0a5c [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:32:36.0972 0x0a5c USBSTOR - ok
22:32:37.0035 0x0a5c [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:32:37.0113 0x0a5c usbuhci - ok
22:32:37.0160 0x0a5c [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
22:32:37.0238 0x0a5c UxSms - ok
22:32:37.0284 0x0a5c [ F65F365AC0D1657917EFDB52445C848B, 1BDCEFED2799B5507B28B4D72D13D2DD7A1102B21F3938E98BA65737985A4ED9 ] VaultSvc C:\Windows\system32\lsass.exe
22:32:37.0300 0x0a5c VaultSvc - ok
22:32:37.0347 0x0a5c [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:32:37.0362 0x0a5c vdrvroot - ok
22:32:37.0503 0x0a5c [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
22:32:37.0581 0x0a5c vds - ok
22:32:37.0659 0x0a5c [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:32:37.0768 0x0a5c vga - ok
22:32:37.0799 0x0a5c [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
22:32:37.0893 0x0a5c VgaSave - ok
22:32:37.0971 0x0a5c [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:32:37.0986 0x0a5c vhdmp - ok
22:32:38.0033 0x0a5c [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
22:32:38.0049 0x0a5c viaagp - ok
22:32:38.0111 0x0a5c [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
22:32:38.0142 0x0a5c ViaC7 - ok
22:32:38.0205 0x0a5c [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
22:32:38.0220 0x0a5c viaide - ok
22:32:38.0236 0x0a5c [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:32:38.0267 0x0a5c volmgr - ok
22:32:38.0298 0x0a5c [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:32:38.0330 0x0a5c volmgrx - ok
22:32:38.0361 0x0a5c [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:32:38.0392 0x0a5c volsnap - ok
22:32:38.0439 0x0a5c [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:32:38.0454 0x0a5c vsmraid - ok
22:32:38.0626 0x0a5c [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
22:32:38.0720 0x0a5c VSS - ok
22:32:38.0766 0x0a5c [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:32:38.0798 0x0a5c vwifibus - ok
22:32:38.0844 0x0a5c [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:32:38.0907 0x0a5c vwififlt - ok
22:32:38.0938 0x0a5c [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:32:38.0985 0x0a5c vwifimp - ok
22:32:39.0141 0x0a5c [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
22:32:39.0250 0x0a5c W32Time - ok
22:32:39.0297 0x0a5c [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:32:39.0344 0x0a5c WacomPen - ok
22:32:39.0390 0x0a5c [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:32:39.0437 0x0a5c WANARP - ok
22:32:39.0453 0x0a5c [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:32:39.0484 0x0a5c Wanarpv6 - ok
22:32:39.0546 0x0a5c [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
22:32:39.0609 0x0a5c wbengine - ok
22:32:39.0640 0x0a5c [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:32:39.0671 0x0a5c WbioSrvc - ok
22:32:39.0718 0x0a5c [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:32:39.0780 0x0a5c wcncsvc - ok
22:32:39.0827 0x0a5c [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:32:39.0843 0x0a5c WcsPlugInService - ok
22:32:39.0874 0x0a5c [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:32:39.0905 0x0a5c Wd - ok
22:32:39.0952 0x0a5c [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:32:39.0999 0x0a5c Wdf01000 - ok
22:32:40.0030 0x0a5c [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:32:40.0077 0x0a5c WdiServiceHost - ok
22:32:40.0092 0x0a5c [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:32:40.0108 0x0a5c WdiSystemHost - ok
22:32:40.0155 0x0a5c [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\Windows\System32\webclnt.dll
22:32:40.0248 0x0a5c WebClient - ok
22:32:40.0264 0x0a5c [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:32:40.0311 0x0a5c Wecsvc - ok
22:32:40.0342 0x0a5c [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:32:40.0404 0x0a5c wercplsupport - ok
22:32:40.0467 0x0a5c [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
22:32:40.0514 0x0a5c WerSvc - ok
22:32:40.0560 0x0a5c [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:32:40.0592 0x0a5c WfpLwf - ok
22:32:40.0607 0x0a5c [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:32:40.0623 0x0a5c WIMMount - ok
22:32:40.0701 0x0a5c [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
22:32:40.0779 0x0a5c WinDefend - ok
22:32:40.0826 0x0a5c WinHttpAutoProxySvc - ok
22:32:40.0872 0x0a5c [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:32:40.0950 0x0a5c Winmgmt - ok
22:32:41.0044 0x0a5c [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM C:\Windows\system32\WsmSvc.dll
22:32:41.0138 0x0a5c WinRM - ok
22:32:41.0200 0x0a5c [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:32:41.0247 0x0a5c WinUsb - ok
22:32:41.0325 0x0a5c [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:32:41.0403 0x0a5c Wlansvc - ok
22:32:41.0465 0x0a5c [ 6067ACEF367E79914AF628FA1E9B5330, 491A705267B48C103E00B26BBD21FA8829DB03A88343CBC27264CEE5DE8C8DEF ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:32:41.0481 0x0a5c wlcrasvc - ok
22:32:41.0590 0x0a5c [ FB01D4AE207B9EFDBABFC55DC95C7E31, E0EFDBBE0BAC275230C8C1A053948C21BCF20B99B92E50939E95FFB9DC87F6BA ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:32:41.0668 0x0a5c wlidsvc - ok
22:32:41.0715 0x0a5c [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:32:41.0730 0x0a5c WmiAcpi - ok
22:32:41.0793 0x0a5c [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:32:41.0824 0x0a5c wmiApSrv - ok
22:32:41.0964 0x0a5c [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
22:32:42.0027 0x0a5c WMPNetworkSvc - ok
22:32:42.0058 0x0a5c [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:32:42.0089 0x0a5c WPCSvc - ok
22:32:42.0120 0x0a5c [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:32:42.0167 0x0a5c WPDBusEnum - ok
22:32:42.0198 0x0a5c [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:32:42.0230 0x0a5c ws2ifsl - ok
22:32:42.0261 0x0a5c [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\System32\wscsvc.dll
22:32:42.0276 0x0a5c wscsvc - ok
22:32:42.0292 0x0a5c WSearch - ok
22:32:42.0417 0x0a5c [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv C:\Windows\system32\wuaueng.dll
22:32:42.0495 0x0a5c wuauserv - ok
22:32:42.0526 0x0a5c [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:32:42.0557 0x0a5c WudfPf - ok
22:32:42.0604 0x0a5c [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:32:42.0666 0x0a5c WUDFRd - ok
22:32:42.0729 0x0a5c [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:32:42.0744 0x0a5c wudfsvc - ok
22:32:42.0791 0x0a5c [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\Windows\System32\wwansvc.dll
22:32:42.0822 0x0a5c WwanSvc - ok
22:32:42.0947 0x0a5c ================ Scan global ===============================
22:32:42.0978 0x0a5c [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
22:32:43.0010 0x0a5c [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
22:32:43.0025 0x0a5c [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
22:32:43.0056 0x0a5c [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
22:32:43.0103 0x0a5c [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
22:32:43.0119 0x0a5c [ Global ] - ok
22:32:43.0119 0x0a5c ================ Scan MBR ==================================
22:32:43.0134 0x0a5c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:32:43.0462 0x0a5c \Device\Harddisk0\DR0 - ok
22:32:43.0478 0x0a5c ================ Scan VBR ==================================
22:32:43.0478 0x0a5c [ 90DF092D2C93C953035026E059477D77 ] \Device\Harddisk0\DR0\Partition1
22:32:43.0478 0x0a5c \Device\Harddisk0\DR0\Partition1 - ok
22:32:43.0493 0x0a5c [ CF9174C0BA354E166F410D8C023956EA ] \Device\Harddisk0\DR0\Partition2
22:32:43.0493 0x0a5c \Device\Harddisk0\DR0\Partition2 - ok
22:32:43.0493 0x0a5c ================ Scan generic autorun ======================
22:32:43.0556 0x0a5c [ BBD1BA710A00842064BA038570C13CB2, 155FABD8323C95932C9F552E8827A87356E9FCED471B8F5E06466F920EEB56A4 ] c:\Program Files\Microsoft Security Client\msseces.exe
22:32:43.0634 0x0a5c MSC - ok
22:32:43.0774 0x0a5c [ AFF32534C8DEBC60607CDBCA3F18619C, 0701F91FFD15458383DD2AC40E538440F470A6BF5A5E53C55282083C8DF99912 ] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
22:32:43.0805 0x0a5c StartCCC - ok
22:32:43.0821 0x0a5c AMD AVT - ok
22:32:43.0946 0x0a5c [ 6F85F3875C387BEEA08A3A7D60B06036, 38C89B281B2453D2D8D7D9E908C2601A9B063BF106450BB53AB5711AEFB14B0A ] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe
22:32:44.0055 0x0a5c BingDesktop - ok
22:32:44.0117 0x0a5c [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
22:32:44.0133 0x0a5c HP Software Update - ok
22:32:44.0211 0x0a5c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
22:32:44.0273 0x0a5c Sidebar - ok
22:32:44.0320 0x0a5c [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
22:32:44.0351 0x0a5c mctadmin - ok
22:32:44.0414 0x0a5c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
22:32:44.0460 0x0a5c Sidebar - ok
22:32:44.0476 0x0a5c [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
22:32:44.0507 0x0a5c mctadmin - ok
22:32:44.0570 0x0a5c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\sidebar.exe
22:32:44.0616 0x0a5c Sidebar - ok
22:32:44.0632 0x0a5c DownloadAccelerator - ok
22:32:44.0679 0x0a5c [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\sidebar.exe
22:32:44.0741 0x0a5c Sidebar - ok
22:32:44.0882 0x0a5c [ ACD929D8754B63BBBB68B48B96F8A99E, E4DD488BA151AAB58FC00458F69D5A7AC191BA488F2BDAF88BE432C24250AF94 ] C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe
22:32:44.0960 0x0a5c Advanced SystemCare 8 - ok
22:32:45.0209 0x0a5c [ 67076E1C86044F2612E83A7894AF7A9D, D56261A1DA0687477C8DE66BA165585ADE81B7A720E9B47D2792355AA2F45A76 ] C:\Program Files\Internet Download Manager\IDMan.exe
22:32:45.0381 0x0a5c IDMan - ok
22:32:45.0396 0x0a5c Waiting for KSN requests completion. In queue: 177
22:32:46.0410 0x0a5c Waiting for KSN requests completion. In queue: 177
22:32:47.0424 0x0a5c Waiting for KSN requests completion. In queue: 177
22:32:48.0438 0x0a5c Waiting for KSN requests completion. In queue: 177
22:32:49.0452 0x0a5c Waiting for KSN requests completion. In queue: 177
22:32:50.0466 0x0a5c Waiting for KSN requests completion. In queue: 177
22:32:51.0480 0x0a5c Waiting for KSN requests completion. In queue: 177
22:32:52.0713 0x0a5c AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.7.205.0 ), 0x61000 ( enabled : updated )
22:32:52.0775 0x0a5c Win FW state via NFP2: enabled
22:32:55.0552 0x0a5c ============================================================
22:32:55.0552 0x0a5c Scan finished
22:32:55.0552 0x0a5c ============================================================
22:32:55.0568 0x13e0 Detected object count: 0
22:32:55.0568 0x13e0 Actual detected object count: 0
|
|
05.04.2015, 11:26
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7: Internet fasst zum Stillstand verlangsamt hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.04.2015, 13:00
| #5 |
| | Windows 7: Internet fasst zum Stillstand verlangsamt Hallo Schrauber, hier die Log-Datei von Combofix. LG von Daniela Code:
ATTFilter ComboFix 15-04-01.01 - Admin 05.04.2015 13:33:07.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3071.1836 [GMT 2:00]
ausgeführt von:: c:\users\Admin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-03-05 bis 2015-04-05 ))))))))))))))))))))))))))))))
.
.
2015-04-05 10:50 . 2015-04-05 10:50 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BADE68C7-530D-4359-9BFA-A4AD32D2E383}\MpKsl2506728e.sys
2015-04-05 09:37 . 2015-04-05 09:38 -------- dc----w- c:\users\Admin\AppData\Local\MigWiz
2015-04-05 08:52 . 2015-04-05 08:53 -------- d-----w- c:\users\Dani
2015-04-04 20:04 . 2015-04-04 20:27 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-04-04 19:10 . 2015-03-14 10:06 9119072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BADE68C7-530D-4359-9BFA-A4AD32D2E383}\mpengine.dll
2015-04-04 04:58 . 2015-04-04 05:03 -------- d-----w- c:\users\Admin\AppData\Roaming\IDM
2015-04-04 04:58 . 2015-04-04 04:58 -------- d-----w- c:\programdata\IDM
2015-04-04 04:58 . 2015-04-05 11:49 -------- d-----w- c:\users\Admin\AppData\Roaming\DMCache
2015-04-04 04:58 . 2015-04-04 05:56 -------- d-----w- c:\program files\Internet Download Manager
2015-04-04 04:47 . 2015-04-04 04:47 -------- d-----w- c:\programdata\Free Download Manager
2015-04-04 04:47 . 2015-04-04 04:55 -------- d-----w- c:\program files\Free Download Manager
2015-04-04 01:47 . 2015-03-14 10:06 9119072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-04-04 00:25 . 2015-04-04 00:27 -------- d-----w- C:\FRST
2015-04-03 11:55 . 2015-04-03 12:01 -------- d-----w- c:\users\Admin\AppData\Roaming\DirSync
2015-04-03 10:41 . 2015-03-27 07:52 924040 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2015-04-03 10:41 . 2015-03-27 05:01 187504 ----a-w- c:\program files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2015-04-03 10:41 . 2015-03-27 05:01 50800 ----a-w- c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2015-04-02 13:54 . 2015-03-27 00:10 122432 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2015-04-01 02:47 . 2015-04-05 11:48 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-01 02:47 . 2015-03-17 04:15 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-01 02:47 . 2015-03-17 04:15 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-01 02:47 . 2015-03-17 04:15 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-01 02:00 . 2015-04-01 02:00 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2015-04-01 01:39 . 2015-03-25 22:00 908832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C28C4660-A74B-444B-96C7-58E331EF7C51}\gapaengine.dll
2015-03-29 09:57 . 2015-03-29 09:57 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2015-03-29 09:52 . 2015-03-29 09:52 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2015-03-29 08:57 . 2009-02-26 17:18 29552 ----a-w- c:\windows\system32\mdimon.dll
2015-03-29 08:57 . 2006-10-26 17:58 30512 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2015-03-29 08:54 . 2015-03-29 09:51 -------- d-----w- c:\program files\Microsoft Works
2015-03-29 08:48 . 2015-03-29 08:48 -------- d-----w- C:\IDE
2015-03-29 08:48 . 2015-03-29 09:00 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2015-03-29 08:47 . 2015-03-29 08:47 -------- d-----w- c:\users\Admin\AppData\Local\Microsoft Help
2015-03-29 08:47 . 2015-03-31 07:41 -------- d-----w- c:\programdata\Microsoft Help
2015-03-29 08:46 . 2015-03-29 08:46 -------- d-----r- C:\MSOCache
2015-03-28 05:35 . 2015-03-31 07:04 -------- d-s---w- c:\windows\system32\GWX
2015-03-25 04:12 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll
2015-03-25 04:02 . 2015-03-25 04:02 -------- d-----w- c:\users\Default\AppData\Roaming\IObit
2015-03-25 03:34 . 2013-10-05 09:38 970912 ----a-w- c:\program files\Mozilla Firefox\msvcr120.dll
2015-03-25 03:34 . 2013-10-05 09:38 455328 ----a-w- c:\program files\Mozilla Firefox\msvcp120.dll
2015-03-25 03:34 . 2013-08-22 05:03 3466856 ----a-w- c:\program files\Mozilla Firefox\d3dcompiler_47.dll
2015-03-25 01:03 . 2015-03-25 01:03 -------- d-----w- c:\users\Admin\AppData\Local\Skype
2015-03-25 01:03 . 2015-03-25 01:05 -------- d-----w- c:\users\Admin\AppData\Roaming\Skype
2015-03-25 01:02 . 2015-03-25 01:02 -------- d-----w- c:\program files\Common Files\Skype
2015-03-25 01:02 . 2015-03-25 01:02 -------- d-----r- c:\program files\Skype
2015-03-25 01:02 . 2015-03-25 01:02 -------- d-----w- c:\programdata\Skype
2015-03-25 00:16 . 2015-03-25 00:16 -------- d-----w- c:\programdata\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-03-25 00:16 . 2015-03-25 00:16 -------- d-----w- c:\program files\Common Files\IObit
2015-03-25 00:15 . 2015-03-31 07:04 -------- d-----w- c:\users\Admin\AppData\Roaming\ProductData
2015-03-25 00:14 . 2015-03-25 00:16 -------- d-----w- c:\programdata\IObit
2015-03-25 00:14 . 2015-04-01 00:49 -------- d-----w- c:\programdata\ProductData
2015-03-25 00:14 . 2015-03-25 00:16 -------- d-----w- c:\program files\IObit
2015-03-25 00:14 . 2015-03-25 00:15 -------- d-----w- c:\users\Admin\AppData\Roaming\IObit
2015-03-24 23:58 . 2015-03-11 03:30 623616 ----a-w- c:\windows\system32\invagent.dll
2015-03-24 23:58 . 2015-03-11 03:29 327168 ----a-w- c:\windows\system32\devinv.dll
2015-03-24 23:58 . 2015-03-11 03:29 818176 ----a-w- c:\windows\system32\appraiser.dll
2015-03-24 23:58 . 2015-03-11 03:29 26112 ----a-w- c:\windows\system32\acmigration.dll
2015-03-24 23:58 . 2015-03-11 03:29 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-03-24 23:58 . 2015-03-11 03:29 159744 ----a-w- c:\windows\system32\aepic.dll
2015-03-24 23:58 . 2015-03-11 03:26 892928 ----a-w- c:\windows\system32\aeinv.dll
2015-03-24 23:58 . 2015-03-11 03:30 534528 ----a-w- c:\windows\system32\generaltel.dll
2015-03-24 01:01 . 2015-03-24 01:01 -------- d-----w- c:\programdata\ATI
2015-03-23 23:53 . 2015-03-23 23:53 -------- d-----w- c:\program files\Microsoft ASP.NET
2015-03-23 23:37 . 2015-03-24 00:38 -------- d-----w- c:\users\Admin\AppData\Local\NVIDIA Corporation
2015-03-23 22:45 . 2015-03-23 22:45 -------- d-----w- c:\program files\Hewlett-Packard
2015-03-23 03:22 . 2015-03-24 02:19 -------- d-----w- c:\programdata\NVIDIA
2015-03-23 03:20 . 2015-03-24 00:40 -------- d-----w- c:\programdata\NVIDIA Corporation
2015-03-19 04:58 . 2015-03-19 04:58 -------- d-----w- c:\program files\MyPhoneExplorer
2015-03-19 03:55 . 2015-04-01 02:49 -------- d-----w- c:\program files\ Malwarebytes Anti-Malware
2015-03-19 03:55 . 2015-03-19 03:55 -------- d-----w- c:\programdata\Malwarebytes
2015-03-19 02:21 . 2015-03-19 02:21 -------- d-----w- c:\users\Admin\AppData\Local\Microsoft Games
2015-03-10 20:29 . 2015-01-31 03:33 2744320 ----a-w- c:\windows\system32\rdpcorets.dll
2015-03-10 20:29 . 2015-01-31 03:33 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-03-10 20:29 . 2015-01-31 00:48 221184 ----a-w- c:\windows\system32\rdpudd.dll
2015-03-10 20:29 . 2015-02-03 03:12 3209728 ----a-w- c:\windows\system32\mf.dll
2015-03-10 20:27 . 2015-02-03 03:12 1230848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-03-10 20:26 . 2015-02-03 03:12 171520 ----a-w- c:\windows\system32\ubpm.dll
2015-03-10 20:26 . 2015-02-26 03:11 2381312 ----a-w- c:\windows\system32\win32k.sys
2015-03-10 20:26 . 2015-01-17 02:30 828928 ----a-w- c:\windows\system32\msctf.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-01 21:48 . 2015-03-14 01:30 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2015-03-25 22:00 . 2014-04-20 00:34 908832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-03-25 03:25 . 2014-07-27 03:09 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-03-25 03:18 . 2014-04-06 12:54 778928 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-03-25 03:18 . 2014-04-06 12:54 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-03 13:16 . 2014-04-06 06:07 246920 ------w- c:\windows\system32\MpSigStub.exe
2015-02-17 14:04 . 2015-02-17 14:04 1202848 ----a-w- c:\windows\system32\FM20.DLL
2015-01-27 23:36 . 2015-02-10 22:37 1167520 ----a-w- c:\windows\system32\aitstatic.exe
2015-01-09 02:48 . 2015-02-10 22:38 76800 ----a-w- c:\windows\system32\wdi.dll
2015-01-09 02:48 . 2015-02-10 22:38 27136 ----a-w- c:\windows\system32\powertracker.dll
2015-01-09 02:48 . 2015-02-10 22:38 635904 ----a-w- c:\windows\system32\perftrack.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Advanced SystemCare 8"="c:\program files\IObit\Advanced SystemCare 8\ASCTray.exe" [2015-01-20 2428704]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2015-04-02 3898960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 978520]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-29 642304]
"BingDesktop"="c:\program files\Microsoft\BingDesktop\BingDesktop.exe" [2013-11-01 2353880]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [2000-1-21 65588]
Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe -s [2015-1-6 12658536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-02-12 18:57 43848 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
2014-03-18 18:50 373760 ----a-w- c:\program files\FreePDF_XP\fpassist.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2012-06-26 11:10 1516632 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2014-07-04 10:40 191528 ----a-w- c:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-10-02 12:23 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2015-01-16 2724128]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-12-11 315496]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2008-07-29 904192]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 cpuz137;cpuz137;c:\program files\CPUID\PC Wizard 2013\pcwiz_x32.sys [2014-02-17 26856]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-02-20 102912]
R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [2012-03-02 1308736]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2015-01-30 284472]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2013-01-23 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2013-01-23 8576]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2013-07-01 15576]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2013-07-01 10200]
R3 RaMediaServer;Ralink UPnP Media Server;c:\program files\Ralink\Common\RaMediaServer.exe [2011-08-18 625728]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2015-03-17 92888]
S1 MpKsl2506728e;MpKsl2506728e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BADE68C7-530D-4359-9BFA-A4AD32D2E383}\MpKsl2506728e.sys [2015-04-05 39464]
S2 AdvancedSystemCareService8;Advanced SystemCare Service 8;c:\program files\IObit\Advanced SystemCare 8\ASCService.exe [2014-11-04 815392]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-04-30 217088]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-11-01 173272]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2015-03-27 122432]
S2 MBAMScheduler;MBAMScheduler;c:\program files\ Malwarebytes Anti-Malware \mbamscheduler.exe [2015-03-17 1871160]
S2 MBAMService;MBAMService;c:\program files\ Malwarebytes Anti-Malware \mbamservice.exe [2015-03-17 1080120]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-11-15 95408]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-05-14 86656]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-03-17 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-04-05 119512]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-03-17 51928]
S3 Ph6xIB32;NXP 716x PCIe TV Card;c:\windows\system32\DRIVERS\Ph6xIB32.sys [2009-07-13 1277952]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2015-04-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-06 03:18]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Download aller Links mit IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download mit IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubhm5qpi.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.url - hxxp://google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{10921475-03CE-4E04-90CE-E2E7EF20C814} - (no file)
BHO-{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - (no file)
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3240)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\IObit\Advanced SystemCare 8\Monitor.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Ralink\Common\RaRegistry.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\ Malwarebytes Anti-Malware \mbam.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Ralink\Common\RaUI.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Microsoft\BingDesktop\BDExtHost.exe
c:\program files\Microsoft\BingDesktop\BDAppHost.exe
c:\program files\Microsoft\BingDesktop\BDRuntimeHost.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-04-05 13:55:04 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-04-05 11:54
.
Vor Suchlauf: 12 Verzeichnis(se), 125.310.586.880 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 125.350.281.216 Bytes frei
.
- - End Of File - - 17554396C96CF0F7CE1E3579D93EC02F
A36C5E4F47E84449FF07ED3517B43A31
|
|
05.04.2015, 16:56
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7: Internet fasst zum Stillstand verlangsamt Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Windows 7: Internet fasst zum Stillstand verlangsamt |
|
06.04.2015, 00:03
| #7 |
| | Windows 7: Internet fasst zum Stillstand verlangsamt Hallo Schrauber, du bekommst jetzt die Log-Dateien von Malwarebytes Anti-Malware, AdwCleaner, JRT + FRST. Von JRT erhältst du 2 Dateien, weil ich vergessen hatte, das Tool beim 1. Mal als Admin zu starten, aber ich befand mich ja im Admin-Konto... Übrigens habe ich beim Neustart eine Fehlermeldung von meinem Internet Download Manager bekommen (IDM): Eine Anwendung hat die Integration von IDM in die Browser beschädigt. Sie müssen IDM neu installieren. Oder versuchen Sie IDM über "Hilfe -> IDM aktualisieren..." zu aktualisieren. Überprüfen Sie auch, ob die Browser-Integration eingeschaltet ist. Ist IDM nicht sicher? Kannst du mir einen sicheren Download-Manager empfehlen? Nach der Installation von Download Accelerator Plus (DAP) hatte ich ja auf einmal die Malware Tuvaro auf dem Rechner. Warum gibt es immer Probleme mit den Download-Managern? LG von Dani Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 05.04.2015 Suchlauf-Zeit: 19:09:40 Logdatei: mbam.txt Administrator: Ja Version: 2.01.4.1018 Malware Datenbank: v2015.04.05.02 Rootkit Datenbank: v2015.03.31.01 Lizenz: Premium Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Aktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Admin Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 423175 Verstrichene Zeit: 29 Min, 12 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter # AdwCleaner v4.200 - Bericht erstellt 06/04/2015 um 00:06:20
# Aktualisiert 29/03/2015 von Xplode
# Datenbank : 2015-03-29.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x86)
# Benutzername : Admin - DANIELA-PC
# Gestarted von : C:\Users\Admin\Desktop\AdwCleaner 4.200.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17689
-\\ Mozilla Firefox v37.0 (x86 de)
*************************
AdwCleaner[R0].txt - [4682 Bytes] - [12/02/2015 04:39:20]
AdwCleaner[R10].txt - [2683 Bytes] - [01/04/2015 05:52:12]
AdwCleaner[R11].txt - [2079 Bytes] - [04/04/2015 07:53:23]
AdwCleaner[R12].txt - [2153 Bytes] - [06/04/2015 00:04:01]
AdwCleaner[R1].txt - [912 Bytes] - [12/02/2015 04:56:14]
AdwCleaner[R2].txt - [2596 Bytes] - [14/03/2015 04:01:49]
AdwCleaner[R3].txt - [2696 Bytes] - [19/03/2015 05:04:42]
AdwCleaner[R4].txt - [2473 Bytes] - [19/03/2015 05:16:55]
AdwCleaner[R5].txt - [2728 Bytes] - [19/03/2015 05:40:43]
AdwCleaner[R6].txt - [3187 Bytes] - [19/03/2015 21:25:25]
AdwCleaner[R7].txt - [3062 Bytes] - [19/03/2015 21:44:08]
AdwCleaner[R8].txt - [3751 Bytes] - [21/03/2015 04:56:50]
AdwCleaner[R9].txt - [4246 Bytes] - [01/04/2015 03:41:06]
AdwCleaner[S0].txt - [4766 Bytes] - [12/02/2015 04:46:24]
AdwCleaner[S10].txt - [2140 Bytes] - [04/04/2015 07:55:29]
AdwCleaner[S11].txt - [1543 Bytes] - [06/04/2015 00:06:20]
AdwCleaner[S1].txt - [972 Bytes] - [12/02/2015 05:00:33]
AdwCleaner[S2].txt - [2663 Bytes] - [14/03/2015 04:14:13]
AdwCleaner[S3].txt - [2771 Bytes] - [19/03/2015 05:09:41]
AdwCleaner[S4].txt - [2531 Bytes] - [19/03/2015 05:21:32]
AdwCleaner[S5].txt - [2819 Bytes] - [19/03/2015 05:45:12]
AdwCleaner[S6].txt - [3296 Bytes] - [19/03/2015 21:28:42]
AdwCleaner[S7].txt - [3162 Bytes] - [19/03/2015 21:48:22]
AdwCleaner[S8].txt - [7835 Bytes] - [21/03/2015 04:59:32]
AdwCleaner[S9].txt - [2795 Bytes] - [01/04/2015 05:54:15]
########## EOF - C:\AdwCleaner\AdwCleaner[S11].txt - [2133 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.1 (04.02.2015:1)
OS: Windows 7 Home Premium x86
Ran by Admin on 06.04.2015 at 0:21:49,47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [Folder] C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\ubhm5qpi.default\extensions\staged
Successfully deleted the following from C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\ubhm5qpi.default\prefs.js
user_pref("extensions.xpiState", "{\"app-profile\":{\"amazon-icon@giga.de\":{\"d\":\"C:\\\\Users\\\\Admin\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\ubhm5qpi.d
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.04.2015 at 0:25:41,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.1 (04.02.2015:1)
OS: Windows 7 Home Premium x86
Ran by Admin on 06.04.2015 at 0:29:38,75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\ubhm5qpi.default\prefs.js
user_pref("extensions.xpiState", "{\"app-profile\":{\"amazon-icon@giga.de\":{\"d\":\"C:\\\\Users\\\\Admin\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\ubhm5qpi.d
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.04.2015 at 0:33:19,70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015 Ran by Admin (administrator) on DANIELA-PC on 06-04-2015 00:34:24 Running from C:\Users\Admin\Desktop Loaded Profiles: Admin (Available profiles: Daniela & Admin & Dani) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaRegistry.exe (Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (IObit) C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe (Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaUI.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BDExtHost.exe (Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BDAppHost.exe (Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BDRuntimeHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.) HKLM\...\Run: [AMD AVT] => C:\Program Files\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] () HKLM\...\Run: [BingDesktop] => C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-11-01] (Microsoft Corp.) HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2428704 2015-01-20] (IObit) HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3898960 2015-04-02] (Tonec Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.) ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll (Tonec Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-25] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-25] (Oracle Corporation) BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.) DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubhm5qpi.default FF SelectedSearchEngine: Google FF Homepage: about:home FF Keyword.URL: hxxp://google.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-25] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-25] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-25] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll [2013-12-13] (Nullsoft, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-10-24] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-10-24] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-10-24] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-10-24] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-10-24] (Apple Inc.) FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubhm5qpi.default\searchplugins\search_engine.xml [2014-07-14] FF Extension: Amazon-Icon - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubhm5qpi.default\Extensions\amazon-icon@giga.de [2014-06-07] FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubhm5qpi.default\Extensions\iobitascsurfingprotection@iobit.com [2015-03-25] FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-04-08] FF HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Admin\AppData\Roaming\IDM\idmmzcc5 FF Extension: IDM CC - C:\Users\Admin\AppData\Roaming\IDM\idmmzcc5 [2015-04-04] FF HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Admin\AppData\Roaming\IDM\idmmzcc5 Chrome: ======= CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Admin\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-06-07] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-04-02] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit) R2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-11-01] (Microsoft Corp.) R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [370792 2010-01-21] () R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed] S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed] S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation) R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [167528 2010-01-21] () R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed] R2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [372736 2012-01-13] (Ralink Technology, Corp.) [File not signed] S3 RaMediaServer; C:\Program Files\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 cpuz137; C:\Program Files\CPUID\PC Wizard 2013\pcwiz_x32.sys [26856 2014-02-17] (CPUID) R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2015-03-17] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-06] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation) S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1308736 2012-03-02] (Ralink Technology Corp.) R3 Ph6xIB32; C:\Windows\System32\DRIVERS\Ph6xIB32.sys [1277952 2009-07-14] (NXP Semiconductors GmbH) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2013-07-01] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2013-07-01] () U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-06 00:34 - 2015-04-06 00:34 - 00014830 _____ () C:\Users\Admin\Desktop\FRST.txt 2015-04-06 00:33 - 2015-04-06 00:33 - 00000948 _____ () C:\Users\Admin\Desktop\JRT2.txt 2015-04-06 00:33 - 2015-04-06 00:25 - 00001344 _____ () C:\Users\Admin\Desktop\JRT.txt 2015-04-06 00:21 - 2015-04-06 00:21 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DANIELA-PC-Windows-7-Home-Premium-(32-bit).dat 2015-04-06 00:21 - 2015-04-06 00:21 - 00000000 ____D () C:\RegBackup 2015-04-06 00:20 - 2015-04-06 00:20 - 02690981 _____ (Thisisu) C:\Users\Admin\Desktop\JRT.exe 2015-04-06 00:10 - 2015-04-06 00:10 - 00002214 _____ () C:\Users\Admin\Desktop\AdwCleaner[S11].txt 2015-04-06 00:03 - 2015-04-01 03:30 - 02208768 _____ () C:\Users\Admin\Desktop\AdwCleaner 4.200.exe 2015-04-06 00:01 - 2015-04-06 00:01 - 00001201 _____ () C:\Users\Admin\Desktop\mbam.txt 2015-04-05 14:12 - 2015-04-05 14:12 - 01302528 _____ () C:\Users\Dani\Downloads\OLFix Outlook-Reperatur.exe 2015-04-05 14:03 - 2015-04-05 14:03 - 00002795 _____ () C:\Users\Dani\Desktop\Microsoft Office Outlook 2007.lnk 2015-04-05 14:03 - 2015-04-05 14:03 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\HP 2015-04-05 13:55 - 2015-04-05 13:55 - 00019524 _____ () C:\Users\Admin\Desktop\ComboFix.txt 2015-04-05 13:30 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-04-05 13:30 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-04-05 13:30 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-04-05 13:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-04-05 13:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-04-05 13:30 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2015-04-05 13:30 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2015-04-05 13:30 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2015-04-05 13:29 - 2015-04-05 13:55 - 00000000 ____D () C:\Qoobox 2015-04-05 13:29 - 2015-04-05 13:53 - 00000000 ____D () C:\Windows\erdnt 2015-04-05 13:28 - 2015-04-05 13:28 - 05617096 ____R (Swearware) C:\Users\Admin\Desktop\ComboFix.exe 2015-04-05 12:28 - 2015-04-05 12:28 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\Apple Computer 2015-04-05 11:15 - 2015-04-05 11:16 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\Mozilla 2015-04-05 11:15 - 2015-04-05 11:16 - 00000000 ____D () C:\Users\Dani\AppData\Local\Mozilla 2015-04-05 10:58 - 2015-04-05 10:58 - 00000000 __SHD () C:\Users\Dani\AppData\Local\EmieUserList 2015-04-05 10:58 - 2015-04-05 10:58 - 00000000 __SHD () C:\Users\Dani\AppData\Local\EmieSiteList 2015-04-05 10:58 - 2015-04-05 10:58 - 00000000 __SHD () C:\Users\Dani\AppData\Local\EmieBrowserModeList 2015-04-05 10:58 - 2015-04-05 10:58 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\Macromedia 2015-04-05 10:53 - 2015-04-05 10:53 - 00109664 _____ () C:\Users\Dani\AppData\Local\GDIPFONTCACHEV1.DAT 2015-04-05 10:53 - 2015-04-05 10:53 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\ATI 2015-04-05 10:53 - 2015-04-05 10:53 - 00000000 ____D () C:\Users\Dani\AppData\Local\ATI 2015-04-05 10:52 - 2015-04-05 10:53 - 00000000 ____D () C:\Users\Dani 2015-04-05 10:52 - 2015-04-05 10:52 - 00001425 _____ () C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-04-05 10:52 - 2015-04-05 10:52 - 00000020 ___SH () C:\Users\Dani\ntuser.ini 2015-04-05 10:52 - 2015-04-05 10:52 - 00000000 _SHDL () C:\Users\Dani\Startmenü 2015-04-05 10:52 - 2015-04-05 10:52 - 00000000 _SHDL () C:\Users\Dani\Netzwerkumgebung 2015-04-05 10:52 - 2015-04-05 10:52 - 00000000 _SHDL () C:\Users\Dani\Druckumgebung 2015-04-05 10:52 - 2015-04-05 10:52 - 00000000 _SHDL () C:\Users\Dani\Documents\Eigene Musik 2015-04-05 10:52 - 2015-04-05 10:52 - 00000000 _SHDL () C:\Users\Dani\Documents\Eigene Bilder 2015-04-05 10:52 - 2015-04-05 10:52 - 00000000 _SHDL () C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-04-05 10:52 - 2015-04-05 10:52 - 00000000 _SHDL () C:\Users\Dani\AppData\Local\Verlauf 2015-04-05 10:52 - 2015-04-05 10:52 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\Adobe 2015-04-05 10:52 - 2015-04-05 10:52 - 00000000 ____D () C:\Users\Dani\AppData\Local\VirtualStore 2015-04-05 10:52 - 2015-03-29 11:52 - 00000000 ____D () C:\Users\Dani\AppData\Local\Microsoft Help 2015-04-05 10:52 - 2015-03-25 06:02 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\IObit 2015-04-05 10:52 - 2009-07-14 06:42 - 00000000 ___RD () C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-04-05 10:52 - 2009-07-14 06:37 - 00000000 ___RD () C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-04-05 10:43 - 2015-04-06 00:27 - 00000000 ____D () C:\Users\Admin\Desktop\Trojaner-Board 2015-04-04 22:04 - 2015-04-04 22:27 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-04-04 07:56 - 2015-04-05 13:46 - 00001136 _____ () C:\Windows\PFRO.log 2015-04-04 07:53 - 2015-04-01 03:30 - 02208768 _____ () C:\Users\Admin\Downloads\AdwCleaner 4.200.exe 2015-04-04 07:41 - 2015-04-04 07:41 - 00000000 ____D () C:\Users\Admin\Downloads\OTRDecoder_2.0.0.22 2015-04-04 06:58 - 2015-04-05 14:01 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DMCache 2015-04-04 06:58 - 2015-04-04 07:56 - 00000000 ____D () C:\Program Files\Internet Download Manager 2015-04-04 06:58 - 2015-04-04 07:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\IDM 2015-04-04 06:58 - 2015-04-04 06:58 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager 2015-04-04 06:58 - 2015-04-04 06:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager 2015-04-04 06:58 - 2015-04-04 06:58 - 00000000 ____D () C:\ProgramData\IDM 2015-04-04 06:54 - 2015-04-04 06:54 - 06215640 _____ (Tonec Inc.) C:\Users\Admin\Downloads\idman623.exe 2015-04-04 06:47 - 2015-04-04 06:55 - 00000000 ____D () C:\Program Files\Free Download Manager 2015-04-04 06:47 - 2015-04-04 06:47 - 00000000 ____D () C:\ProgramData\Free Download Manager 2015-04-04 06:41 - 2015-04-04 09:29 - 00000000 ____D () C:\Users\Admin\Downloads\Filme 2015-04-04 02:25 - 2015-04-06 00:34 - 00000000 ____D () C:\FRST 2015-04-04 02:24 - 2015-04-04 02:24 - 01135104 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe 2015-04-04 02:22 - 2015-04-04 02:22 - 00000000 _____ () C:\Users\Admin\defogger_reenable 2015-04-04 02:07 - 2015-04-04 02:07 - 00109664 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2015-04-04 02:05 - 2015-04-06 00:07 - 00000448 _____ () C:\Windows\setupact.log 2015-04-04 02:05 - 2015-04-04 02:05 - 00411880 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-04-04 02:05 - 2015-04-04 02:05 - 00000000 _____ () C:\Windows\setuperr.log 2015-04-04 02:04 - 2015-04-04 02:04 - 00003608 ____N () C:\bootsqm.dat 2015-04-03 14:16 - 2015-03-14 03:58 - 02171392 _____ () C:\Users\Daniela\Downloads\adwcleaner_4.112.exe 2015-04-03 14:16 - 2014-04-07 19:23 - 27560794 _____ () C:\Users\Daniela\Downloads\ar11lite_11.0.0.379_deu Vorsicht.exe 2015-04-03 14:16 - 2013-10-16 18:55 - 29040552 _____ (Oracle Corporation) C:\Users\Daniela\Downloads\jre-7u45-windows-i586.exe 2015-04-03 14:16 - 2013-09-27 01:26 - 29036456 _____ (Oracle Corporation) C:\Users\Daniela\Downloads\jre-7u40-windows-i586.exe 2015-04-03 14:16 - 2013-09-15 23:28 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Daniela\Downloads\mbam-clean-1.60.2.0003.exe 2015-04-03 14:16 - 2013-09-05 01:04 - 31714728 _____ (Oracle Corporation) C:\Users\Daniela\Downloads\jre-7u25-windows-i586.exe 2015-04-03 14:16 - 2013-07-10 18:13 - 03866624 _____ (Microsoft Corporation) C:\Users\Daniela\Downloads\FreePDF4.08.EXE 2015-04-03 14:16 - 2013-01-18 14:23 - 27291400 _____ () C:\Users\Daniela\Downloads\arxlite_deu (2).exe 2015-04-03 14:16 - 2012-12-08 03:06 - 16979960 _____ (Sun Microsystems, Inc.) C:\Users\Daniela\Downloads\jre-6u37-windows-i586.exe 2015-04-03 14:16 - 2012-10-03 03:57 - 27291400 _____ () C:\Users\Daniela\Downloads\arxlite_deu (1).exe 2015-04-03 13:55 - 2015-04-03 14:01 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DirSync 2015-04-02 15:54 - 2015-03-27 02:10 - 00122432 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys 2015-04-01 04:47 - 2015-04-06 00:09 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-01 04:47 - 2015-04-01 04:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-04-01 04:47 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-04-01 04:47 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-04-01 04:47 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-04-01 04:00 - 2015-04-01 04:00 - 00002560 _____ () C:\Windows\_MSRSTRT.EXE 2015-04-01 03:29 - 2015-04-01 03:30 - 02208768 _____ () C:\Users\Daniela\Downloads\AdwCleaner 4.200.exe 2015-03-31 09:33 - 2015-03-31 09:33 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2015-03-29 11:57 - 2015-03-31 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in 2015-03-29 11:57 - 2015-03-29 11:57 - 00000000 ____D () C:\Program Files\Microsoft CAPICOM 2.1.0.2 2015-03-29 11:52 - 2015-03-29 11:52 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help 2015-03-29 11:52 - 2015-03-29 11:52 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help 2015-03-29 11:09 - 2015-03-29 11:09 - 00000000 ____D () C:\Users\Daniela\AppData\Local\Microsoft Help 2015-03-29 10:57 - 2015-03-29 10:57 - 00002639 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Neues Microsoft Office-Dokument.lnk 2015-03-29 10:57 - 2015-03-29 10:57 - 00002639 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Microsoft Office-Dokument öffnen.lnk 2015-03-29 10:57 - 2015-03-29 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2015-03-29 10:57 - 2009-02-26 19:18 - 00029552 _____ (Microsoft Corporation) C:\Windows\system32\mdimon.dll 2015-03-29 10:54 - 2015-03-29 11:51 - 00000000 ____D () C:\Program Files\Microsoft Works 2015-03-29 10:48 - 2015-03-29 11:00 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8 2015-03-29 10:48 - 2015-03-29 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005 2015-03-29 10:48 - 2015-03-29 10:48 - 00000000 ____D () C:\IDE 2015-03-29 10:47 - 2015-03-31 09:41 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-29 10:47 - 2015-03-29 10:47 - 00000000 ____D () C:\Users\Admin\AppData\Local\Microsoft Help 2015-03-29 10:46 - 2015-03-29 10:46 - 00000000 ___RD () C:\MSOCache 2015-03-29 10:41 - 2015-03-29 10:35 - 1122369536 _____ () C:\Users\Daniela\outlook.pst 2015-03-29 05:15 - 2015-03-29 10:43 - 00000000 ____D () C:\Users\Daniela\Downloads\Microsoft Office 2007 Professional Plus 2015-03-29 03:26 - 2015-03-29 03:26 - 00000000 ____D () C:\Users\Daniela\AppData\Local\Sun 2015-03-28 07:35 - 2015-03-31 09:04 - 00000000 ___SD () C:\Windows\system32\GWX 2015-03-27 04:05 - 2015-03-27 04:15 - 492980834 _____ () C:\Users\Daniela\Downloads\MSO2007P.exe 2015-03-25 06:12 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-03-25 06:02 - 2015-03-31 09:04 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\ProductData 2015-03-25 06:02 - 2015-03-25 06:02 - 00000000 ____D () C:\Users\Default\AppData\Roaming\IObit 2015-03-25 06:02 - 2015-03-25 06:02 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\IObit 2015-03-25 05:37 - 2015-03-25 05:37 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\IObit 2015-03-25 05:27 - 2015-03-25 05:28 - 40909304 _____ () C:\Users\Daniela\Downloads\Firefox Setup 36.0.4.exe 2015-03-25 05:23 - 2015-03-25 05:24 - 37064104 _____ (Oracle Corporation) C:\Users\Daniela\Downloads\jre-8u40-windows-i586.exe 2015-03-25 04:12 - 2015-04-03 15:25 - 58048512 _____ () C:\Windows\system32\config\SOFTWARE.iobit 2015-03-25 04:12 - 2015-04-03 15:25 - 34934784 _____ () C:\Windows\system32\config\components.iobit 2015-03-25 04:12 - 2015-04-03 15:25 - 00360448 _____ () C:\Windows\system32\config\DEFAULT.iobit 2015-03-25 04:12 - 2015-04-03 15:25 - 00098304 _____ () C:\Windows\system32\config\SAM.iobit 2015-03-25 04:12 - 2015-04-03 15:25 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iobit 2015-03-25 03:03 - 2015-03-25 03:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype 2015-03-25 03:03 - 2015-03-25 03:03 - 00000000 ____D () C:\Users\Admin\AppData\Local\Skype 2015-03-25 03:02 - 2015-03-25 03:02 - 00000000 ___RD () C:\Program Files\Skype 2015-03-25 03:02 - 2015-03-25 03:02 - 00000000 ____D () C:\ProgramData\Skype 2015-03-25 03:02 - 2015-03-25 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-03-25 03:02 - 2015-03-25 03:02 - 00000000 ____D () C:\Program Files\Common Files\Skype 2015-03-25 02:16 - 2015-03-25 02:16 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled 2015-03-25 02:16 - 2015-03-25 02:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8 2015-03-25 02:16 - 2015-03-25 02:16 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} 2015-03-25 02:16 - 2015-03-25 02:16 - 00000000 ____D () C:\Program Files\Common Files\IObit 2015-03-25 02:15 - 2015-03-31 09:04 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ProductData 2015-03-25 02:14 - 2015-04-01 02:49 - 00000000 ____D () C:\ProgramData\ProductData 2015-03-25 02:14 - 2015-03-25 02:16 - 00000000 ____D () C:\ProgramData\IObit 2015-03-25 02:14 - 2015-03-25 02:16 - 00000000 ____D () C:\Program Files\IObit 2015-03-25 02:14 - 2015-03-25 02:15 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\IObit 2015-03-25 02:14 - 2015-03-25 02:14 - 00000000 ____D () C:\Users\Admin\AppData\IObit 2015-03-25 01:58 - 2015-03-11 05:30 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-03-25 01:58 - 2015-03-11 05:30 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-03-25 01:58 - 2015-03-11 05:29 - 00818176 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-03-25 01:58 - 2015-03-11 05:29 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-03-25 01:58 - 2015-03-11 05:29 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-03-25 01:58 - 2015-03-11 05:29 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-03-25 01:58 - 2015-03-11 05:29 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-03-25 01:58 - 2015-03-11 05:26 - 00892928 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-03-24 05:01 - 2015-03-24 05:01 - 00000000 ____D () C:\Users\Daniela\Downloads\MSO2007P 2015-03-24 04:50 - 2015-03-24 04:54 - 498949156 _____ () C:\Users\Daniela\Downloads\MSO2007P.zip 2015-03-24 03:01 - 2015-03-24 03:01 - 00000000 ____D () C:\ProgramData\ATI 2015-03-24 01:53 - 2015-03-24 01:53 - 00000000 ____D () C:\Program Files\Microsoft ASP.NET 2015-03-24 01:37 - 2015-03-24 02:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\NVIDIA Corporation 2015-03-24 00:45 - 2015-03-24 00:45 - 00000000 ____D () C:\Program Files\Hewlett-Packard 2015-03-23 22:21 - 2015-03-23 22:21 - 00000000 ____D () C:\Users\Daniela\AppData\Local\NVIDIA Corporation 2015-03-23 05:24 - 2015-03-23 05:24 - 00000000 ____D () C:\Users\Daniela\AppData\Local\NVIDIA 2015-03-23 05:22 - 2015-03-24 04:19 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-03-23 05:20 - 2015-03-24 02:40 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2015-03-19 06:58 - 2015-03-19 06:58 - 00002019 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk 2015-03-19 06:58 - 2015-03-19 06:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer 2015-03-19 06:58 - 2015-03-19 06:58 - 00000000 ____D () C:\Program Files\MyPhoneExplorer 2015-03-19 05:55 - 2015-04-01 04:49 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-03-19 05:55 - 2015-03-19 05:55 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-19 05:52 - 2015-03-19 05:53 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Daniela\Downloads\Malwarebytes 2.0.4.exe 2015-03-19 04:21 - 2015-03-19 04:21 - 00000000 ____D () C:\Users\Admin\AppData\Local\Microsoft Games 2015-03-19 00:56 - 2015-03-19 00:56 - 00000000 ____D () C:\Users\Daniela\Documents\onetouch Manager 2015-03-18 23:49 - 2015-03-19 04:45 - 00000000 ____D () C:\Users\Daniela\Documents\MyPhoneExplorer 2015-03-18 23:25 - 2015-03-19 08:59 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\MyPhoneExplorer 2015-03-18 23:00 - 2015-03-18 23:00 - 07332272 _____ () C:\Users\Daniela\Downloads\MyPhoneExplorer.exe 2015-03-18 22:28 - 2015-03-18 22:28 - 00000000 ____D () C:\Users\Daniela\AppData\Local\{042FA28C-4DB3-4B64-94C0-A384193D060C} 2015-03-16 02:59 - 2015-03-16 04:08 - 00110080 _____ () C:\Users\Daniela\Documents\Lampenwelt Lieferantenliste Ersatzgläser 1.5.xls 2015-03-10 22:29 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-03-10 22:29 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-03-10 22:29 - 2015-01-31 05:33 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-03-10 22:29 - 2015-01-31 05:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2015-03-10 22:29 - 2015-01-31 02:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2015-03-10 22:28 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-10 22:28 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-10 22:28 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-10 22:28 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-10 22:28 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-10 22:28 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-10 22:28 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-10 22:28 - 2015-02-20 04:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-03-10 22:28 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-10 22:28 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-03-10 22:28 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-03-10 22:28 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-10 22:28 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-10 22:28 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-10 22:28 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-03-10 22:28 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-10 22:28 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-03-10 22:28 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-10 22:28 - 2015-02-20 03:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-03-10 22:28 - 2015-02-20 03:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-03-10 22:28 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-03-10 22:28 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-03-10 22:28 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-10 22:28 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-10 22:28 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-10 22:28 - 2015-02-20 03:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-03-10 22:28 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-03-10 22:28 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-10 22:28 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-10 22:28 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-10 22:28 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-10 22:28 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-03-10 22:28 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-10 22:28 - 2015-02-03 05:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-03-10 22:28 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-10 22:28 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-03-10 22:28 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-03-10 22:28 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-03-10 22:28 - 2015-02-03 05:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-03-10 22:28 - 2015-02-03 05:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-03-10 22:28 - 2015-02-03 05:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-03-10 22:28 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2015-03-10 22:28 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-03-10 22:28 - 2015-02-03 05:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-03-10 22:28 - 2015-02-03 05:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2015-03-10 22:28 - 2015-02-03 05:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2015-03-10 22:28 - 2015-02-03 05:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2015-03-10 22:28 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-03-10 22:28 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-03-10 22:28 - 2015-02-03 05:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2015-03-10 22:28 - 2015-02-03 04:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-03-10 22:28 - 2015-01-31 01:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-03-10 22:28 - 2014-11-01 00:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-03-10 22:27 - 2015-03-06 07:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-03-10 22:27 - 2015-03-06 07:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-03-10 22:27 - 2015-03-06 07:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-03-10 22:27 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-03-10 22:27 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-03-10 22:27 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-10 22:27 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-03-10 22:27 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-03-10 22:27 - 2015-03-06 07:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-03-10 22:27 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-03-10 22:27 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-03-10 22:27 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-10 22:27 - 2015-03-06 07:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-03-10 22:27 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-03-10 22:27 - 2015-03-06 07:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-03-10 22:27 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-03-10 22:27 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-03-10 22:27 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-03-10 22:27 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-03-10 22:27 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-10 22:27 - 2015-02-20 06:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-03-10 22:27 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-03-10 22:27 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-10 22:27 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-10 22:27 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-10 22:26 - 2015-02-26 05:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-10 22:26 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-10 22:26 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-09 00:09 - 2015-03-09 00:09 - 00107301 _____ () C:\Users\Admin\Desktop\DANIELA-PC.html 2015-03-08 03:50 - 2015-03-08 03:50 - 01710888 _____ (techPowerUp (www.techpowerup.com)) C:\Users\Daniela\Downloads\GPU+Z.exe 2015-03-08 03:44 - 2015-03-08 03:44 - 01582736 _____ ( ) C:\Users\Daniela\Downloads\CPU+Z.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-06 00:19 - 2014-04-06 07:33 - 01135789 _____ () C:\Windows\WindowsUpdate.log 2015-04-06 00:15 - 2009-07-14 06:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-06 00:15 - 2009-07-14 06:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-06 00:07 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-06 00:06 - 2015-02-12 04:38 - 00000000 ____D () C:\AdwCleaner 2015-04-05 23:46 - 2014-05-14 19:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-05 13:55 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default 2015-04-05 13:55 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public 2015-04-05 13:49 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini 2015-04-04 08:03 - 2014-08-20 17:45 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\HpUpdate 2015-04-04 02:22 - 2014-04-07 01:31 - 00000000 ____D () C:\Users\Admin 2015-04-03 15:19 - 2014-04-08 01:15 - 00000000 ____D () C:\Users\Daniela\Documents\Bewerbungen, Schriftverkehr 2015-04-03 15:09 - 2014-04-06 13:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-04-03 14:16 - 2014-05-26 00:59 - 00000000 ____D () C:\Users\Daniela\Downloads\Alcatel 2015-04-03 13:36 - 2014-04-06 07:44 - 01619272 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-03 12:41 - 2015-01-29 22:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-04-03 12:41 - 2014-04-06 13:08 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-04-02 21:37 - 2014-04-08 01:39 - 00000000 ____D () C:\Users\Daniela\Scans 2015-04-02 01:27 - 2014-04-08 01:17 - 00062464 _____ () C:\Users\Daniela\Documents\Finanzen.xls 2015-04-01 22:54 - 2014-04-08 01:17 - 00272384 _____ () C:\Users\Daniela\Documents\Lampenwelt_Arbeitszeiten.xls 2015-04-01 04:01 - 2015-01-24 04:01 - 00000000 ____D () C:\Program Files\DAP 2015-04-01 04:01 - 2015-01-24 03:59 - 00000000 ____D () C:\Program Files\Common Files\SpeedBit 2015-04-01 03:52 - 2015-01-24 04:01 - 00000000 ____D () C:\ProgramData\TEMP 2015-04-01 03:02 - 2015-01-29 03:52 - 00000000 ____D () C:\Users\Daniela\Downloads\Filme 2015-03-31 09:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\System 2015-03-31 09:26 - 2009-07-14 04:04 - 00000534 _____ () C:\Windows\win.ini 2015-03-31 09:05 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp 2015-03-31 09:04 - 2014-04-06 07:37 - 00000000 ____D () C:\Users\Daniela 2015-03-31 09:04 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration 2015-03-30 00:48 - 2014-04-06 07:55 - 00109664 _____ () C:\Users\Daniela\AppData\Local\GDIPFONTCACHEV1.DAT 2015-03-29 11:52 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-03-29 11:01 - 2009-07-14 10:57 - 00000000 ____D () C:\Windows\ShellNew 2015-03-29 10:54 - 2014-04-26 08:18 - 00000000 ____D () C:\Program Files\Microsoft Office 2015-03-29 10:54 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\MSBuild 2015-03-29 10:52 - 2014-04-06 14:00 - 00000000 ____D () C:\Program Files\Microsoft.NET 2015-03-29 10:52 - 2009-07-14 04:37 - 00000000 __RSD () C:\Windows\Media 2015-03-29 10:52 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Help 2015-03-29 10:51 - 2014-04-26 08:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2015-03-29 10:07 - 2014-04-08 01:42 - 00000000 ____D () C:\Users\Daniela\Ulk 2015-03-29 04:14 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF 2015-03-25 05:30 - 2014-04-07 18:43 - 00000000 ____D () C:\ProgramData\Oracle 2015-03-25 05:25 - 2014-07-27 05:09 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2015-03-25 05:25 - 2014-07-27 05:08 - 00000000 ____D () C:\Program Files\Java 2015-03-25 05:18 - 2014-10-15 04:18 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe 2015-03-25 05:18 - 2014-04-06 14:54 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-03-25 05:18 - 2014-04-06 14:54 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-03-25 04:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-03-25 04:19 - 2014-04-06 08:30 - 00000000 ____D () C:\Windows\Panther 2015-03-25 03:55 - 2014-06-09 14:39 - 00000000 ____D () C:\Windows\Minidump 2015-03-25 03:06 - 2014-12-09 23:46 - 00000000 ____D () C:\Windows\system32\appraiser 2015-03-25 03:06 - 2014-04-23 00:16 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-03-25 02:51 - 2014-11-19 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys 2015-03-25 02:16 - 2014-04-07 18:18 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Apple Computer 2015-03-25 02:03 - 2014-05-20 03:54 - 00000000 ____D () C:\ProgramData\Nokia 2015-03-25 02:03 - 2014-04-13 07:08 - 00000000 ____D () C:\Program Files\Common Files\Nokia 2015-03-25 02:03 - 2014-04-13 06:09 - 00000000 ____D () C:\Program Files\Nokia 2015-03-25 01:48 - 2014-06-20 23:59 - 00000000 ____D () C:\Program Files\Allway Sync 2015-03-25 01:47 - 2014-11-19 23:14 - 00000000 ____D () C:\Program Files\Lavalys 2015-03-25 01:47 - 2014-05-02 20:41 - 00000000 ____D () C:\Windows\pss 2015-03-25 01:47 - 2014-04-08 23:24 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\IrfanView 2015-03-25 01:47 - 2014-04-08 22:47 - 00000000 ____D () C:\ProgramData\HP Product Assistant 2015-03-25 01:47 - 2014-04-08 22:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2015-03-25 01:47 - 2014-04-08 22:42 - 00000000 ____D () C:\Program Files\HP 2015-03-25 01:47 - 2014-04-08 22:40 - 00000000 ____D () C:\ProgramData\HP 2015-03-25 01:47 - 2014-04-06 16:24 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-03-25 01:47 - 2014-04-06 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-03-25 01:47 - 2014-04-06 16:20 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2015-03-25 01:47 - 2014-04-06 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center 2015-03-25 01:47 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\twain_32 2015-03-25 01:47 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\security 2015-03-25 01:46 - 2014-04-08 22:45 - 00000000 ____D () C:\Program Files\Common Files\HP 2015-03-25 01:46 - 2014-04-06 11:58 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies 2015-03-25 01:46 - 2014-04-06 11:58 - 00000000 ____D () C:\Program Files\AMD APP 2015-03-25 01:43 - 2014-04-06 16:19 - 00000000 ____D () C:\NVIDIA 2015-03-25 01:43 - 2014-04-06 11:58 - 00000000 ____D () C:\Program Files\AMD AVT 2015-03-25 01:43 - 2014-04-06 11:55 - 00000000 ____D () C:\Program Files\ATI Technologies 2015-03-25 01:43 - 2014-04-06 11:55 - 00000000 ____D () C:\Program Files\ATI 2015-03-24 03:54 - 2014-04-08 22:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\HP 2015-03-24 03:53 - 2014-04-08 22:41 - 00012575 _____ () C:\ProgramData\hpzinstall.log 2015-03-24 03:49 - 2014-04-12 01:44 - 00000000 ____D () C:\Users\Admin\AppData\Local\HP 2015-03-24 03:00 - 2014-04-06 11:58 - 00000000 ____D () C:\ProgramData\AMD 2015-03-24 02:28 - 2014-08-19 03:59 - 00000000 ____D () C:\Users\Admin\AppData\Local\NokiaAccount 2015-03-24 00:35 - 2014-10-02 02:13 - 00000000 ____D () C:\Users\Daniela\AppData\Local\FreePDF_XP 2015-03-23 01:46 - 2014-04-13 03:41 - 1108410368 _____ () C:\Users\Daniela\outlook_alt.pst 2015-03-19 04:46 - 2014-04-08 23:24 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\IrfanView 2015-03-19 04:45 - 2014-04-06 14:54 - 00000000 ____D () C:\Windows\system32\Macromed 2015-03-19 04:44 - 2014-06-11 02:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Mobile Action 2015-03-19 02:38 - 2014-04-13 06:11 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\PC Suite 2015-03-18 23:35 - 2014-06-21 01:19 - 00000000 ____D () C:\Users\Daniela\Documents\Nokia 2015-03-18 23:35 - 2014-05-25 22:51 - 00000000 ____D () C:\Users\Daniela\Documents\Android Manager 2015-03-18 22:12 - 2014-04-08 01:15 - 00000000 ____D () C:\Users\Daniela\Documents\Eigene Scans 2015-03-10 22:50 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE 2015-03-08 23:52 - 2014-09-14 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID 2015-03-08 23:52 - 2014-09-14 20:43 - 00000000 ____D () C:\Program Files\CPUID 2015-03-08 04:01 - 2014-04-06 12:23 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-08 03:49 - 2014-04-06 12:23 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Files in the root of some directories ======= 2014-08-05 00:03 - 2014-10-07 05:56 - 0128621 _____ () C:\Users\Admin\AppData\Local\ars.cache 2014-08-05 00:04 - 2014-10-07 05:57 - 0367993 _____ () C:\Users\Admin\AppData\Local\census.cache 2014-08-04 18:38 - 2014-08-04 18:38 - 0000036 _____ () C:\Users\Admin\AppData\Local\housecall.guid.cache 2014-04-08 22:41 - 2015-03-24 03:53 - 0012575 _____ () C:\ProgramData\hpzinstall.log Files to move or delete: ==================== C:\Users\Daniela\Registry.reg Some content of TEMP: ==================== C:\Users\Admin\AppData\Local\Temp\Quarantine.exe C:\Users\Admin\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-26 02:56 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Admin at 2015-04-06 00:35:29
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
4500_G510af_Help (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510af (Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510af_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI Lite - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Advanced SystemCare 8 (HKLM\...\Advanced SystemCare 8_is1) (Version: 8.1.0 - IObit)
Alcatel onetouch Manager (HKLM\...\{C32EDA33-2F6F-0200-0000-000000000000}) (Version: 13.05.2155 - Mobile Action)
AMD Catalyst Install Manager (HKLM\...\{B448BC74-1CB7-7A57-3313-5E075AFB413E}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar (HKLM\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
Bing-Desktop (HKLM\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.347.0 - Microsoft Corporation)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
concept/design online.TiVi (HKLM\...\{2EC5640C-A426-4CFA-8737-656D1FE58128}_is1) (Version: 1.6.0.0 - concept/design GmbH)
concept/design onlineTV 11 (HKLM\...\{8A4C3184-DA2F-4553-BF61-83F5690C3048}_is1) (Version: 11.0.0.0 - concept/design GmbH)
CoolSoft VirtualMIDISynth 1.9.2 (HKLM\...\CoolSoft VirtualMIDISynth) (Version: 1.9.2.0 - CoolSoft)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DirSync 2.96 (HKLM\...\DirSync) (Version: - Stephen Kalisch)
DocMgr (Version: 130.0.000.000 - Ihr Firmenname) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
EGVP (HKLM\...\{EDA192EA-4DA3-416D-965D-65BFDA0E3715}) (Version: 1.5.3.0 - Governikus KG)
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version: - )
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510a-f (HKLM\...\{C98517B6-DCE9-49B7-B19E-E384178D3986}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
hpPrintProjects (Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (Version: 130.0.303.000 - Hewlett-Packard) Hidden
inSSIDer Home (HKLM\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Premium (HKLM\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.0 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
MKV Player 2.1.17 (HKLM\...\MKV Player_is1) (Version: - )
Mozilla Firefox 37.0 (x86 de) (HKLM\...\Mozilla Firefox 37.0 (x86 de)) (Version: 37.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (Version: 7.1.180.94 - Nokia) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM\...\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7325.0 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PC Wizard 2013.2.12 (HKLM\...\PC Wizard 2013_is1) (Version: - CPUID)
PDF reDirect (remove only) (HKLM\...\PDF reDirect) (Version: v2.5.2 - EXP Systems LLC)
PDF24 Creator 6.7.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PixelNet Software 4.14.4 (HKLM\...\PixelNet Software) (Version: 4.14.4 - ORWO Net)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.17.0 - Ralink)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
29-03-2015 06:34:04 Installed Microsoft Fix it 50848
29-03-2015 10:45:52 Installed Microsoft Office Professional Plus 2007
29-03-2015 11:46:06 Windows Update
29-03-2015 12:06:20 Windows Update
30-03-2015 01:04:48 Windows Update
30-03-2015 02:29:09 Windows Update
31-03-2015 07:17:04 Microsoft Office File Validation Add-In wird entfernt
31-03-2015 07:37:13 Microsoft Office Live Add-in 1.5 wird entfernt
31-03-2015 08:29:58 Wiederherstellungsvorgang
31-03-2015 09:23:23 Windows Update
31-03-2015 09:38:06 Windows Update
01-04-2015 03:18:51 Installed Microsoft Fix it 50195
03-04-2015 12:22:14 Windows Update
05-04-2015 10:39:08 Installed Microsoft Fix it 50848
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2015-04-05 13:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {3625605D-9736-4E0D-ADED-80AB17549529} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-25] (Adobe Systems Incorporated)
Task: {3A05D166-9113-4EC4-9566-5F56785457AF} - System32\Tasks\ASC8_SkipUac_Admin => C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe [2015-01-27] (IObit)
Task: {4A95605E-2F72-413F-9F4A-4F9B662C3B70} - System32\Tasks\{5589489F-BCF7-4E4E-A924-E7FCCE636DA8} => pcalua.exe -a "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Task: {653435B1-E8BB-4611-8BBB-E2FE2CBE8B8C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {690E5BA0-2B04-4E7B-906A-6CCA9CB3331D} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe [2015-01-23] (IObit)
Task: {7FEA1C05-5956-47C1-9720-5580AA7A98CB} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {8734083E-A084-4978-A36C-CA4115FD8883} - System32\Tasks\{085A87EE-090C-40C6-B1AC-A2A6111D4864} => C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
Task: {BDAC862A-E650-4CF1-B04B-EDEB1AB59011} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {F2CAD89D-9A42-4025-8876-58161729CDCB} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {F815A518-89BD-445C-8A71-0D92281353F8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) ==============
2015-03-25 02:16 - 2013-10-25 13:08 - 00517408 _____ () C:\Program Files\IObit\Advanced SystemCare 8\sqlite3.dll
2010-06-06 16:20 - 2010-06-06 16:20 - 00065344 _____ () C:\Windows\System32\PDFreDirectMonNT.dll
2014-10-02 02:12 - 2012-06-21 07:25 - 00094208 _____ () C:\Windows\System32\redmon32.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-06 16:24 - 2010-01-21 01:52 - 00370792 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2014-04-06 16:24 - 2010-01-21 01:51 - 00062568 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2014-04-06 16:24 - 2010-01-21 01:52 - 00565864 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2014-04-06 16:24 - 2010-01-21 01:52 - 00167528 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2015-03-25 02:16 - 2013-01-15 19:48 - 00348992 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madExcept_.bpl
2015-03-25 02:16 - 2013-01-15 19:48 - 00183616 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madBasic_.bpl
2015-03-25 02:16 - 2013-01-15 19:48 - 00051008 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madDisAsm_.bpl
2015-03-25 02:16 - 2013-01-15 19:47 - 00893248 _____ () C:\Program Files\IObit\Advanced SystemCare 8\webres.dll
2015-01-06 20:50 - 2012-02-20 13:59 - 01087336 _____ () C:\Program Files\Ralink\Common\RaWLAPI.dll
2013-06-18 15:49 - 2013-06-18 15:49 - 00016384 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-04-29 23:08 - 2013-04-29 23:08 - 00369152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: FreePDF Assistant => "C:\Program Files\FreePDF_XP\fpassist.exe"
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: PDFPrint => C:\Program Files\PDF24\pdf24.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
==================== Accounts: =============================
Admin (S-1-5-21-3046395627-4054670192-1170409365-1003 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3046395627-4054670192-1170409365-500 - Administrator - Disabled)
Dani (S-1-5-21-3046395627-4054670192-1170409365-1005 - Limited - Enabled) => C:\Users\Dani
Daniela (S-1-5-21-3046395627-4054670192-1170409365-1000 - Limited - Enabled) => C:\Users\Daniela
Gast (S-1-5-21-3046395627-4054670192-1170409365-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3046395627-4054670192-1170409365-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz
Percentage of memory in use: 37%
Total physical RAM: 3071.3 MB
Available physical RAM: 1930.3 MB
Total Pagefile: 6140.9 MB
Available Pagefile: 4640.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1920.11 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:218.24 GB) (Free:116.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:14.52 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 2BAB359D)
Partition 1: (Active) - (Size=218.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=14.6 GB) - (Type=OF Extended)
==================== End Of Log ============================
LG von Daniela |
|
06.04.2015, 13:59
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7: Internet fasst zum Stillstand verlangsamtESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.04.2015, 21:50
| #9 |
| | Windows 7: Internet fasst zum Stillstand verlangsamt Hallo Schrauber, es könnte sein, dass ich Bockmist gebaut habe. Auf dem Bild mit den Auswahlmöglichkeiten vom Eset Online Scanner deutet der Pfeil auf "Auf potentiell unsichere Anwendungen" prüfen. Also habe ich dort einen Haken gemacht + jetzt hat Eset 27 infizierte Dateien gefunden. Übrigens gibt es mittlerweile auch die zusätzliche Auswahlmöglichkeit "Archivdateien scannen". Von den 27 infizierten Dateien weiß ich, dass ich das Jokeprogramm Mona wiederherstellen kann, aber was mache ich mit den anderen 25? Er hat in fast jedem Programm etwas gefunden. Kann ich die alle wiederherstellen? Bitte gibt mir Bescheid. LG von Daniela Hier ist die Log-Datei der gefundenen Bedrohungen. Ich habe sie aus der Quarantäne exportiert. Ich habe Eset immer noch offen, damit ich gefundene Sachen aus der Quarantäne wiederherstellen kann, wenn du mir grünes Licht gibst. LG von Daniela Code:
ATTFilter C:\Program Files\CPUID\PC Wizard 2013\systweakasp_c.exe MSIL/AdvancedSystemProtector.D evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Daniela\Downloads\Alcatel_ONE_TOUCH_997D_Treiber_Update_06-2014.exe Variante von Win32/Systweak.H evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Daniela\Downloads\avira_antivir_personal_de.exe Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Daniela\Downloads\avira_free_antivirus_de.exe Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Daniela\Downloads\ccsetup318.exe Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Daniela\Downloads\disk-defrag-setup321.exe Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Daniela\Downloads\FoxitReader513.1201_enu_Setup.exe Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Daniela\Downloads\FreeYouTubeToMP3Converter31011.exe Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Daniela\Downloads\pc-wizard_2014.2.13-setup.exe MSIL/AdvancedSystemProtector.D evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Daniela\Downloads\PDFCreator-1_7_0_setup.exe Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Daniela\Downloads\unlocker1.9.0.exe Win32/Adware.ADON evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Daniela\Downloads\zaSetup_92_058_000_de.exe Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Daniela\Downloads\Alcatel\SuperOneClickv2.3.3-ShortFuse\Exploits\psneuter Android/Exploit.Lotoor.AK Trojaner Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\Daniela\Ulk\INFECTED\Mona1.exe Joke.Mona.A potenziell unsichere Anwendung gelöscht - in Quarantäne kopiert
J:\Downloads\Alcatel_ONE_TOUCH_997D_Treiber_Update_06-2014.exe Variante von Win32/Systweak.H evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
J:\Downloads\avira_antivir_personal_de.exe Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung gelöscht - in Quarantäne kopiert
J:\Downloads\avira_free_antivirus_de.exe Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung gelöscht - in Quarantäne kopiert
J:\Downloads\ccsetup318.exe Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung gelöscht - in Quarantäne kopiert
J:\Downloads\disk-defrag-setup321.exe Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung gelöscht - in Quarantäne kopiert
J:\Downloads\FoxitReader513.1201_enu_Setup.exe Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung gelöscht - in Quarantäne kopiert
J:\Downloads\FreeYouTubeToMP3Converter31011.exe Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
J:\Downloads\pc-wizard_2014.2.13-setup.exe MSIL/AdvancedSystemProtector.D evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
J:\Downloads\PDFCreator-1_7_0_setup.exe Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
J:\Downloads\unlocker1.9.0.exe Win32/Adware.ADON evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
J:\Downloads\zaSetup_92_058_000_de.exe Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung gelöscht - in Quarantäne kopiert
J:\Downloads\Alcatel\SuperOneClickv2.3.3-ShortFuse\Exploits\psneuter Android/Exploit.Lotoor.AK Trojaner Gesäubert durch Löschen - in Quarantäne kopiert
J:\Ulk\INFECTED\Mona1.exe Joke.Mona.A potenziell unsichere Anwendung gelöscht - in Quarantäne kopiert
LG von Daniela Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=422fda0664a79a43a19615b110f8e90d
# engine=20211
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-04-06 08:22:03
# local_time=2015-04-06 10:22:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 4747183 51335717 0 0
# scanned=228218
# found=27
# cleaned=27
# scan_time=5237
sh=ABA32A0BF4960B1AB88953C36CF160625C78AC9B ft=1 fh=47eacc88b34b8f30 vn="MSIL/AdvancedSystemProtector.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Program Files\CPUID\PC Wizard 2013\systweakasp_c.exe"
sh=AEE0B5F1AE8564D7E4CCD032EDF7AD88339BFF4E ft=1 fh=88c3bdc65b0afccf vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Daniela\Downloads\Alcatel_ONE_TOUCH_997D_Treiber_Update_06-2014.exe"
sh=39CE0C48EBF2E925048173DFDA62D83319FBE75C ft=1 fh=08064668fc05246e vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Daniela\Downloads\avira_antivir_personal_de.exe"
sh=9ED22B17AF956934B73F176C0AEB87AFA2F2B5B3 ft=1 fh=f57fa58ae860c262 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Daniela\Downloads\avira_free_antivirus_de.exe"
sh=2E9FC5EE22DDB3588857BAEB1EC51885EB3D3C27 ft=1 fh=78aa2c558c3526a3 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Daniela\Downloads\ccsetup318.exe"
sh=1EACA9B902BDEDC0D664499D520B9A28EEB23C12 ft=1 fh=ec1b02fa0ed165e3 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Daniela\Downloads\disk-defrag-setup321.exe"
sh=44CDB5E61680A78D679DDC8F5E09FBCAD2671A99 ft=1 fh=a6f47056357cbbaa vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Daniela\Downloads\FoxitReader513.1201_enu_Setup.exe"
sh=FF42995D8E24E05FF9EBA12DCB27B9AAB183A290 ft=1 fh=605214e765268a80 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Daniela\Downloads\FreeYouTubeToMP3Converter31011.exe"
sh=6BACEE658526F4F1597581AE945F3B2A5150CD8E ft=1 fh=04a3da4c16b7212f vn="MSIL/AdvancedSystemProtector.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Daniela\Downloads\pc-wizard_2014.2.13-setup.exe"
sh=D0357617961BF3D526BEFAAB0048CBB983EA4DF9 ft=1 fh=c604c933e8b9509f vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Daniela\Downloads\PDFCreator-1_7_0_setup.exe"
sh=E115AC80776D091765ED3EA022A001E0D8AA4DC9 ft=1 fh=85ce5afd4a88c17f vn="Win32/Adware.ADON evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Daniela\Downloads\unlocker1.9.0.exe"
sh=6994FC133F3D99F1B1257370C9BC01BD54AF5D30 ft=1 fh=d1eb868415c0b931 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Daniela\Downloads\zaSetup_92_058_000_de.exe"
sh=CA5FBAEFE7F0923A65CA47B86013D7ED9AEBBF2F ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.AK Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Daniela\Downloads\Alcatel\SuperOneClickv2.3.3-ShortFuse\Exploits\psneuter"
sh=AE2D4F5383CE23382006DA6ED368C3D45239C11C ft=1 fh=2a7a9ac07cbef117 vn="Joke.Mona.A potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Daniela\Ulk\INFECTED\Mona1.exe"
sh=AEE0B5F1AE8564D7E4CCD032EDF7AD88339BFF4E ft=1 fh=88c3bdc65b0afccf vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="J:\Downloads\Alcatel_ONE_TOUCH_997D_Treiber_Update_06-2014.exe"
sh=39CE0C48EBF2E925048173DFDA62D83319FBE75C ft=1 fh=08064668fc05246e vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="J:\Downloads\avira_antivir_personal_de.exe"
sh=9ED22B17AF956934B73F176C0AEB87AFA2F2B5B3 ft=1 fh=f57fa58ae860c262 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="J:\Downloads\avira_free_antivirus_de.exe"
sh=2E9FC5EE22DDB3588857BAEB1EC51885EB3D3C27 ft=1 fh=78aa2c558c3526a3 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="J:\Downloads\ccsetup318.exe"
sh=1EACA9B902BDEDC0D664499D520B9A28EEB23C12 ft=1 fh=ec1b02fa0ed165e3 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="J:\Downloads\disk-defrag-setup321.exe"
sh=44CDB5E61680A78D679DDC8F5E09FBCAD2671A99 ft=1 fh=a6f47056357cbbaa vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="J:\Downloads\FoxitReader513.1201_enu_Setup.exe"
sh=FF42995D8E24E05FF9EBA12DCB27B9AAB183A290 ft=1 fh=605214e765268a80 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="J:\Downloads\FreeYouTubeToMP3Converter31011.exe"
sh=6BACEE658526F4F1597581AE945F3B2A5150CD8E ft=1 fh=04a3da4c16b7212f vn="MSIL/AdvancedSystemProtector.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="J:\Downloads\pc-wizard_2014.2.13-setup.exe"
sh=D0357617961BF3D526BEFAAB0048CBB983EA4DF9 ft=1 fh=c604c933e8b9509f vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="J:\Downloads\PDFCreator-1_7_0_setup.exe"
sh=E115AC80776D091765ED3EA022A001E0D8AA4DC9 ft=1 fh=85ce5afd4a88c17f vn="Win32/Adware.ADON evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="J:\Downloads\unlocker1.9.0.exe"
sh=6994FC133F3D99F1B1257370C9BC01BD54AF5D30 ft=1 fh=d1eb868415c0b931 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="J:\Downloads\zaSetup_92_058_000_de.exe"
sh=CA5FBAEFE7F0923A65CA47B86013D7ED9AEBBF2F ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.AK Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="J:\Downloads\Alcatel\SuperOneClickv2.3.3-ShortFuse\Exploits\psneuter"
sh=AE2D4F5383CE23382006DA6ED368C3D45239C11C ft=1 fh=2a7a9ac07cbef117 vn="Joke.Mona.A potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="J:\Ulk\INFECTED\Mona1.exe"
|
|
07.04.2015, 17:07
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7: Internet fasst zum Stillstand verlangsamt Bis auf den ersten Fund sind das alles nur downloads, also Installer. Alle löschen. Und mal über das Surfverhalten nachdenken. CPUID komplett deinstallieren. Und den Ordner INFECTED gleich komplett killen. Dann den Rest von Oben
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.04.2015, 03:16
| #11 |
| | Windows 7: Internet fasst zum Stillstand verlangsamt Hallo Schrauber, ich habe den Eset Online Scanner noch mal laufen lassen + er hat tatsächlich in dem Installer vom MKV-Player auch noch etwas gefunden. Das war aber der einzigste Fund. Leider habe ich keine Log-Datei, weil ich vor dem Schließen "Fälle in Quarantände löschen" + "Eset Scanner deinstallieren" angegeben hatte. CPUID habe ich gelöscht + den Ordner INFECT auch, aber im Ordner INFECT waren nur Scherzprogramme. Die Datei Mona ist leicht unzüchtig gewesen: Mona Lisa hat darin ihre Bluse gelüftet + dabei richtig gelächelt. Aber was hat das denn mit den vielen Funden in den Installern auf sich? Normalerweise lade ich Programme bei Chip runter. Bedeutet das, dass Chip verseuchte Dateien zum Download anbietet? Ich meine, die Installationsdatei von Avira Antivirus z.B. kann doch nicht schlecht sein oder hängen sich diese verseuchten Dinger erst irgendwann später an die Downloaddateien? Hier jetzt noch die Log-Dateien von SecurityCheck und FRST. LG von Daniela Code:
ATTFilter Results of screen317's Security Check version 0.99.99 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 8 Update 40 Adobe Flash Player 17.0.0.134 Adobe Reader XI Mozilla Firefox (37.0) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015 Ran by Admin (administrator) on DANIELA-PC on 08-04-2015 03:43:27 Running from C:\Users\Admin\Desktop Loaded Profiles: Admin (Available profiles: Daniela & Admin & Dani) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaRegistry.exe (Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (IObit) C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (G Data Software AG) C:\Program Files\G DATA\USB KEYBOARD GUARD\GD2NDKBB.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe (Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe (Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaUI.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BDExtHost.exe (Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BDAppHost.exe (Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BDRuntimeHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.) HKLM\...\Run: [AMD AVT] => C:\Program Files\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] () HKLM\...\Run: [BingDesktop] => C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-11-01] (Microsoft Corp.) HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM\...\Run: [GDataUsbProtection] => C:\Program Files\G DATA\USB KEYBOARD GUARD\GD2NDKBB.exe [1405560 2014-09-03] (G Data Software AG) HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2428704 2015-01-20] (IObit) HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3898960 2015-04-02] (Tonec Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.) ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll (Tonec Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-25] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-25] (Oracle Corporation) BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.) DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubhm5qpi.default FF SelectedSearchEngine: Google FF Homepage: about:home FF Keyword.URL: hxxp://google.de FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-25] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-25] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-25] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll [2013-12-13] (Nullsoft, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-10-24] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-10-24] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-10-24] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-10-24] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-10-24] (Apple Inc.) FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubhm5qpi.default\searchplugins\search_engine.xml [2014-07-14] FF Extension: Amazon-Icon - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubhm5qpi.default\Extensions\amazon-icon@giga.de [2014-06-07] FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubhm5qpi.default\Extensions\iobitascsurfingprotection@iobit.com [2015-03-25] FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-04-08] FF HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Admin\AppData\Roaming\IDM\idmmzcc5 FF Extension: IDM CC - C:\Users\Admin\AppData\Roaming\IDM\idmmzcc5 [2015-04-04] FF HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Admin\AppData\Roaming\IDM\idmmzcc5 Chrome: ======= CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Admin\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-06-07] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-04-02] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit) R2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-11-01] (Microsoft Corp.) R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [370792 2010-01-21] () R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed] S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed] R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation) R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [167528 2010-01-21] () R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed] R2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [372736 2012-01-13] (Ralink Technology, Corp.) [File not signed] S3 RaMediaServer; C:\Program Files\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 cpuz137; C:\Program Files\CPUID\PC Wizard 2013\pcwiz_x32.sys [26856 2014-02-17] (CPUID) R3 GDKBBlocker; C:\Windows\system32\drivers\GDKBBlocker32.sys [27648 2015-04-06] (G Data Software AG) R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2015-03-17] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-08] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation) S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1308736 2012-03-02] (Ralink Technology Corp.) R3 Ph6xIB32; C:\Windows\System32\DRIVERS\Ph6xIB32.sys [1277952 2009-07-14] (NXP Semiconductors GmbH) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2013-07-01] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2013-07-01] () U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\Users\Admin\AppData\Local\Temp\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-08 03:43 - 2015-04-08 03:44 - 00015365 _____ () C:\Users\Admin\Desktop\FRST.txt 2015-04-08 03:41 - 2015-04-08 03:41 - 00000905 _____ () C:\Users\Admin\Desktop\checkup.txt 2015-04-08 03:15 - 2014-12-03 00:10 - 00000000 ____D () C:\Users\Dani\.egvp2_client 2015-04-08 01:35 - 2015-03-23 05:06 - 00860160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-04-08 01:35 - 2015-03-23 05:06 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-04-08 01:35 - 2015-03-23 05:06 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-04-08 01:35 - 2015-03-23 05:06 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-04-08 01:35 - 2015-03-23 05:06 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-04-08 01:35 - 2015-03-23 05:06 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-04-08 01:35 - 2015-03-23 05:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-04-08 01:35 - 2015-03-23 04:59 - 00896000 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-04-08 01:01 - 2015-04-08 01:01 - 00000000 ___HD () C:\Users\Dani\Documents\_SYNCAPP 2015-04-08 01:01 - 2015-04-08 01:01 - 00000000 ____D () C:\Users\Dani\Documents\X-Box Einrichtung der EasyBox 802 2015-04-08 01:01 - 2015-04-08 01:01 - 00000000 ____D () C:\Users\Dani\Documents\xbox 2015-04-08 01:01 - 2015-04-08 01:01 - 00000000 ____D () C:\Users\Dani\Documents\Wolfsberg 2015-04-08 01:01 - 2015-04-08 01:01 - 00000000 ____D () C:\Users\Dani\Documents\Turbo Lister Backup 2015-04-08 01:01 - 2015-04-08 01:01 - 00000000 ____D () C:\Users\Dani\Documents\TRC 2015-04-08 01:01 - 2015-04-08 01:01 - 00000000 ____D () C:\Users\Dani\Documents\Quiz 2015-04-08 01:01 - 2015-04-08 01:01 - 00000000 ____D () C:\Users\Dani\Documents\Projektarbeit 2015-04-08 01:01 - 2015-04-08 01:01 - 00000000 ____D () C:\Users\Dani\Documents\Outlook 2015-04-08 01:01 - 2015-04-08 01:01 - 00000000 ____D () C:\Users\Dani\Documents\onetouch Manager 2015-04-08 00:59 - 2015-04-08 01:00 - 00000000 ____D () C:\Users\Dani\Documents\Nokia 2015-04-08 00:56 - 2015-04-08 00:58 - 00000000 ____D () C:\Users\Dani\Documents\MyPhoneExplorer 2015-04-08 00:56 - 2015-04-08 00:56 - 00000000 ____D () C:\Users\Dani\Documents\Memorycard Handy 2015-04-08 00:56 - 2015-04-08 00:56 - 00000000 ____D () C:\Users\Dani\Documents\Kinderzuschlag 2015-04-08 00:56 - 2015-04-08 00:56 - 00000000 ____D () C:\Users\Dani\Documents\Handelsschule Herrmann 2015-04-08 00:56 - 2015-04-08 00:56 - 00000000 ____D () C:\Users\Dani\Documents\gegl-0.0 2015-04-08 00:56 - 2015-04-08 00:56 - 00000000 ____D () C:\Users\Dani\Documents\Fotos ibis acam 2015-04-08 00:56 - 2015-04-08 00:56 - 00000000 ____D () C:\Users\Dani\Documents\Fax 2015-04-08 00:56 - 2015-04-08 00:56 - 00000000 ____D () C:\Users\Dani\Documents\Elster 2015-04-08 00:56 - 2015-04-08 00:56 - 00000000 ____D () C:\Users\Dani\Documents\Eigene Webs 2015-04-08 00:56 - 2015-04-08 00:56 - 00000000 ____D () C:\Users\Dani\Documents\EGVP2 2015-04-08 00:56 - 2015-04-08 00:56 - 00000000 ____D () C:\Users\Dani\Documents\EGVP1 2015-04-08 00:56 - 2015-04-08 00:56 - 00000000 ____D () C:\Users\Dani\Documents\EGVP 2015-04-08 00:56 - 2015-04-08 00:56 - 00000000 ____D () C:\Users\Dani\Documents\Dozenten Handelsschule 2015-04-08 00:56 - 2014-07-11 17:18 - 00000000 ____D () C:\Users\Dani\Documents\Eigene Scans 2015-04-08 00:56 - 2010-03-25 22:08 - 00000000 ____D () C:\Users\Dani\Documents\My Art 2015-04-08 00:56 - 2010-03-24 20:26 - 00000000 ____D () C:\Users\Dani\Documents\ForceField Shared Files 2015-04-08 00:56 - 2007-12-15 00:01 - 00000000 ____D () C:\Users\Dani\Documents\Eigene eBooks 2015-04-08 00:55 - 2015-04-08 00:55 - 00000000 ____D () C:\Users\Dani\Documents\Commerzbank 2015-04-08 00:55 - 2015-04-08 00:55 - 00000000 ____D () C:\Users\Dani\Documents\Bewerbungen, Schriftverkehr 2015-04-08 00:55 - 2015-04-08 00:55 - 00000000 ____D () C:\Users\Dani\Documents\Anschluss FritzBox 2015-04-08 00:55 - 2015-04-08 00:55 - 00000000 ____D () C:\Users\Dani\Documents\ANNEN-POST 2015-04-08 00:55 - 2010-03-24 16:34 - 00000000 ____D () C:\Users\Dani\Documents\Bluetooth-Exchange-Ordner 2015-04-08 00:53 - 2015-04-08 00:55 - 00000000 ____D () C:\Users\Dani\Documents\Anlagen Outlook 2015-04-08 00:53 - 2015-04-08 00:53 - 00000000 ____D () C:\Users\Dani\Documents\Android Manager 2015-04-08 00:53 - 2014-12-05 03:04 - 00028160 _____ () C:\Users\Dani\Documents\XBOX360 ohne Batman+Halo3.xls 2015-04-08 00:53 - 2014-05-24 06:19 - 00023040 _____ () C:\Users\Dani\Documents\Torsten.xls 2015-04-08 00:53 - 2011-04-15 13:52 - 00024064 _____ () C:\Users\Dani\Documents\TRC_Gehälter.xls 2015-04-08 00:53 - 2011-03-08 22:52 - 00029696 _____ () C:\Users\Dani\Documents\TRC_Okt10.xls 2015-04-08 00:53 - 2011-03-08 22:50 - 00029184 _____ () C:\Users\Dani\Documents\TRC_Sept10.xls 2015-04-08 00:53 - 2011-03-08 22:49 - 00029184 _____ () C:\Users\Dani\Documents\TRC_Nov10.xls 2015-04-08 00:53 - 2011-01-14 16:29 - 00018944 _____ () C:\Users\Dani\Documents\TRC_Arbeitszeiten2.xls 2015-04-08 00:53 - 2010-11-27 21:38 - 00033792 _____ () C:\Users\Dani\Documents\TRC_Arbeitsplan.xls 2015-04-08 00:53 - 2010-08-31 08:42 - 00094720 _____ () C:\Users\Dani\Documents\TRC_Strichliste.xls 2015-04-08 00:53 - 2010-03-17 01:46 - 00083968 _____ () C:\Users\Dani\Documents\xp_gewinn_verlust.xls 2015-04-08 00:53 - 2009-07-14 15:20 - 00053760 _____ () C:\Users\Dani\Documents\TRC_Arbeitszeiten.xls 2015-04-08 00:53 - 2009-06-25 00:55 - 14149830 _____ () C:\Users\Dani\Documents\Spiegel TV - Über die TRC Telemedia, MC Multimedia &amp; Allinkasso.AVI 2015-04-08 00:53 - 2009-03-04 15:00 - 00013824 _____ () C:\Users\Dani\Documents\Tilgung.xls 2015-04-08 00:53 - 2009-01-30 00:39 - 00019456 _____ () C:\Users\Dani\Documents\TRC_Jan.xls 2015-04-08 00:53 - 2009-01-18 10:21 - 00018944 _____ () C:\Users\Dani\Documents\TRC_Dez.xls 2015-04-08 00:53 - 2008-11-02 12:57 - 00018944 _____ () C:\Users\Dani\Documents\TSW.xls 2015-04-08 00:53 - 2008-09-16 01:36 - 00017408 _____ () C:\Users\Dani\Documents\TRC_Tätigkeitenüberblick.xls 2015-04-08 00:53 - 2008-03-24 01:54 - 03232845 _____ () C:\Users\Dani\Documents\Sonderheft_Netzwerke.zip 2015-04-08 00:53 - 2007-10-13 22:27 - 03254784 ____R () C:\Users\Dani\Documents\WelcomeToRomania[1].pps 2015-04-08 00:53 - 2007-04-29 17:32 - 00127488 ____R () C:\Users\Dani\Documents\Vodafone_April2007.xls 2015-04-08 00:53 - 2005-09-09 17:04 - 00015872 ____R () C:\Users\Dani\Documents\Stundenpläne.xls 2015-04-08 00:52 - 2015-04-08 01:05 - 00272384 _____ () C:\Users\Dani\Documents\Lampenwelt_Arbeitszeiten.xls 2015-04-08 00:52 - 2015-04-02 01:27 - 00062464 _____ () C:\Users\Dani\Documents\Finanzen.xls 2015-04-08 00:52 - 2015-03-16 04:08 - 00110080 _____ () C:\Users\Dani\Documents\Lampenwelt Lieferantenliste Ersatzgläser 1.5.xls 2015-04-08 00:52 - 2014-12-28 08:30 - 00112640 _____ () C:\Users\Dani\Documents\Lampenwelt Ersatz-Lieferantenliste Ersatzgläser Dezember 2014.xls 2015-04-08 00:52 - 2014-12-28 04:54 - 00061645 _____ () C:\Users\Dani\Documents\Lampenwelt Ersatz-Lieferantenliste Ersatzgläser Oktober 2014 1.3.xlsx 2015-04-08 00:52 - 2014-06-28 02:42 - 12971704 _____ () C:\Users\Dani\Documents\Donata verbrennt 16.06.14.mp4 2015-04-08 00:52 - 2013-06-01 01:13 - 00023552 _____ () C:\Users\Dani\Documents\Krampftagebuch.xls 2015-04-08 00:52 - 2013-01-26 23:20 - 00015039 _____ () C:\Users\Dani\Documents\ESt2012_Palancianu_Daniela.elfo 2015-04-08 00:52 - 2012-06-05 00:21 - 00024064 _____ () C:\Users\Dani\Documents\Senior-Katzenfutter.xls 2015-04-08 00:52 - 2012-05-17 22:42 - 00004080 _____ () C:\Users\Dani\Documents\cc_20120517_223836.reg 2015-04-08 00:52 - 2012-04-07 17:33 - 00097394 _____ () C:\Users\Dani\Documents\ESt2011_Palancianu_Daniela.elfo 2015-04-08 00:52 - 2012-02-23 23:13 - 00055296 _____ () C:\Users\Dani\Documents\FRITZ!Box_Anrufliste2.xls 2015-04-08 00:52 - 2012-02-15 03:37 - 00023552 _____ () C:\Users\Dani\Documents\Kreditkarten.xls 2015-04-08 00:52 - 2012-02-14 18:43 - 00013824 _____ () C:\Users\Dani\Documents\Adrian.xls 2015-04-08 00:52 - 2012-02-14 01:35 - 00055808 _____ () C:\Users\Dani\Documents\FRITZ!Box_Anrufliste.xls 2015-04-08 00:52 - 2012-01-04 01:10 - 00049152 _____ () C:\Users\Dani\Documents\Lampenwelt_Statistik.xls 2015-04-08 00:52 - 2011-01-10 21:19 - 00048334 _____ () C:\Users\Dani\Documents\Handleiding JIM² Foon.txt 2015-04-08 00:52 - 2010-10-04 17:01 - 00525779 _____ () C:\Users\Dani\Documents\PferdeStehlen.zip 2015-04-08 00:52 - 2010-05-28 09:34 - 01905664 _____ () C:\Users\Dani\Documents\Kläranlage.ppt 2015-04-08 00:52 - 2010-03-28 03:01 - 00000185 _____ () C:\Users\Dani\Documents\GB.txt 2015-04-08 00:52 - 2009-08-06 16:12 - 01793536 _____ () C:\Users\Dani\Documents\Bsp_Unikate2.xls 2015-04-08 00:52 - 2009-08-05 12:59 - 04265984 _____ () C:\Users\Dani\Documents\Bsp_Unikate1.xls 2015-04-08 00:52 - 2009-07-08 15:18 - 235049700 _____ () C:\Users\Dani\Documents\2009-07-08 Nokia N78.nbu 2015-04-08 00:52 - 2009-06-25 01:26 - 25401786 _____ () C:\Users\Dani\Documents\Akte 09 - Bei Anruf Abzocke! Wie die TRC Telemedia Sie jetzt um ihr Geld bringt.AVI 2015-04-08 00:52 - 2009-06-25 00:38 - 18346640 _____ () C:\Users\Dani\Documents\BiZZ in Fulda MC Multimedia TRC Telemedia.AVI 2015-04-08 00:52 - 2009-03-24 23:16 - 00024576 _____ () C:\Users\Dani\Documents\Adressen Konfer.xls 2015-04-08 00:52 - 2008-10-05 21:22 - 00256512 _____ () C:\Users\Dani\Documents\Deutsch-Englisch-Funktionen.xls 2015-04-08 00:52 - 2008-10-04 03:52 - 01788928 _____ () C:\Users\Dani\Documents\BeispielFuerDaniela2.xls 2015-04-08 00:52 - 2008-10-04 02:43 - 01792000 _____ () C:\Users\Dani\Documents\BeispielFuerDaniela.xls 2015-04-08 00:52 - 2008-03-21 17:22 - 00714377 _____ () C:\Users\Dani\Documents\ISO1_DVD.nri 2015-04-08 00:52 - 2008-01-15 02:57 - 00025600 _____ () C:\Users\Dani\Documents\Bewerbungsliste1.xls 2015-04-08 00:52 - 2007-02-13 03:38 - 00016896 _____ () C:\Users\Dani\Documents\Bewerbungsliste.xls 2015-04-08 00:52 - 2006-10-29 23:55 - 00005976 ____R () C:\Users\Dani\Documents\cc_20061029_2254.reg 2015-04-08 00:52 - 2006-10-01 01:58 - 00003466 _____ () C:\Users\Dani\Documents\Erklärung2005.05 2015-04-08 00:52 - 2006-08-07 03:33 - 159318937 _____ () C:\Users\Dani\Documents\karpaten.wmv 2015-04-08 00:52 - 2006-04-22 20:56 - 01949090 _____ () C:\Users\Dani\Documents\Rumänische Musik.wmv 2015-04-08 00:52 - 2004-11-08 23:40 - 01507443 _____ () C:\Users\Dani\Documents\Dupli-Color.dat 2015-04-08 00:52 - 2004-11-08 23:34 - 00865053 _____ () C:\Users\Dani\Documents\Motip.dat 2015-04-08 00:52 - 2004-09-28 16:02 - 00031232 _____ () C:\Users\Dani\Documents\Betreuungsabrechnung.xls 2015-04-08 00:52 - 2004-07-16 21:50 - 00000125 ____H () C:\Users\Dani\Documents\desktop (2).ini 2015-04-08 00:42 - 2015-04-08 00:44 - 00000000 ____D () C:\Users\Dani\Scans 2015-04-06 07:40 - 2015-04-06 07:40 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\MyPhoneExplorer 2015-04-06 07:39 - 2015-04-08 00:45 - 00000000 ____D () C:\Users\Dani\Ulk 2015-04-06 07:33 - 2015-04-06 07:33 - 00027648 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBBlocker32.sys 2015-04-06 07:33 - 2015-04-06 07:33 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_GDKBBlocker32_01007.Wdf 2015-04-06 07:33 - 2015-04-06 07:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA USB KEYBOARD GUARD 2015-04-06 07:33 - 2015-04-06 07:33 - 00000000 ____D () C:\Program Files\G DATA 2015-04-06 07:32 - 2015-04-06 07:32 - 00000000 ____D () C:\ProgramData\G Data 2015-04-06 07:30 - 2015-04-06 07:30 - 11893880 _____ (G Data Software AG) C:\Users\Dani\Downloads\INT_GD_USB_KEYBOARD_GUARD.exe 2015-04-06 04:23 - 2015-04-06 04:51 - 03735552 ___HT () C:\Users\Dani\Desktop\~backup.pst.tmp 2015-04-06 03:18 - 2015-04-06 03:18 - 00000000 ____D () C:\Users\Dani\AppData\Local\Adobe 2015-04-06 03:07 - 2015-04-06 03:07 - 00000000 ____D () C:\Users\Dani\AppData\Local\Apple Computer 2015-04-06 02:49 - 2015-04-06 02:50 - 00000000 ____D () C:\Datensicherung 2015-04-06 02:45 - 2015-04-06 02:49 - 00001150 _____ () C:\Users\Dani\Desktop\Registry-Sicherung.lnk 2015-04-06 02:33 - 2015-04-06 02:33 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\IrfanView 2015-04-06 02:10 - 2015-04-04 06:54 - 06215640 _____ (Tonec Inc.) C:\Users\Dani\Downloads\idman623.exe 2015-04-06 02:10 - 2015-04-01 03:30 - 02208768 _____ () C:\Users\Dani\Downloads\AdwCleaner 4.200.exe 2015-04-06 01:31 - 2015-04-06 01:31 - 00000000 ____D () C:\Users\Dani\Downloads\OTRDecoder_2.0.0.22 2015-04-06 01:25 - 2015-04-06 07:31 - 00000000 ____D () C:\Users\Dani\Downloads\Filme 2015-04-06 01:12 - 2015-04-06 01:12 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\ProductData 2015-04-06 00:21 - 2015-04-06 00:21 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DANIELA-PC-Windows-7-Home-Premium-(32-bit).dat 2015-04-06 00:21 - 2015-04-06 00:21 - 00000000 ____D () C:\RegBackup 2015-04-05 14:12 - 2015-04-05 14:12 - 01302528 _____ () C:\Users\Dani\Downloads\OLFix Outlook-Reperatur.exe 2015-04-05 14:03 - 2015-04-05 14:03 - 00002795 _____ () C:\Users\Dani\Desktop\Microsoft Office Outlook 2007.lnk 2015-04-05 14:03 - 2015-04-05 14:03 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\HP 2015-04-05 13:30 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-04-05 13:30 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-04-05 13:30 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-04-05 13:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-04-05 13:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-04-05 13:30 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2015-04-05 13:30 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2015-04-05 13:30 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2015-04-05 13:29 - 2015-04-05 13:55 - 00000000 ____D () C:\Qoobox 2015-04-05 13:29 - 2015-04-05 13:53 - 00000000 ____D () C:\Windows\erdnt 2015-04-05 12:28 - 2015-04-05 12:28 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\Apple Computer 2015-04-05 11:15 - 2015-04-05 11:16 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\Mozilla 2015-04-05 11:15 - 2015-04-05 11:16 - 00000000 ____D () C:\Users\Dani\AppData\Local\Mozilla 2015-04-05 10:58 - 2015-04-05 10:58 - 00000000 __SHD () C:\Users\Dani\AppData\Local\EmieUserList 2015-04-05 10:58 - 2015-04-05 10:58 - 00000000 __SHD () C:\Users\Dani\AppData\Local\EmieSiteList 2015-04-05 10:58 - 2015-04-05 10:58 - 00000000 __SHD () C:\Users\Dani\AppData\Local\EmieBrowserModeList 2015-04-05 10:58 - 2015-04-05 10:58 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\Macromedia 2015-04-05 10:53 - 2015-04-05 10:53 - 00109664 _____ () C:\Users\Dani\AppData\Local\GDIPFONTCACHEV1.DAT 2015-04-05 10:53 - 2015-04-05 10:53 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\ATI 2015-04-05 10:53 - 2015-04-05 10:53 - 00000000 ____D () C:\Users\Dani\AppData\Local\ATI 2015-04-05 10:52 - 2015-04-08 03:15 - 00000000 ____D () C:\Users\Dani 2015-04-05 10:52 - 2015-04-06 03:18 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\Adobe 2015-04-05 10:52 - 2015-04-05 10:52 - 00001425 _____ () C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-04-05 10:52 - 2015-04-05 10:52 - 00000020 ___SH () C:\Users\Dani\ntuser.ini 2015-04-05 10:52 - 2015-04-05 10:52 - 00000000 _SHDL () C:\Users\Dani\Startmenü 2015-04-05 10:52 - 2015-04-05 10:52 - 00000000 _SHDL () C:\Users\Dani\Netzwerkumgebung 2015-04-05 10:52 - 2015-04-05 10:52 - 00000000 _SHDL () C:\Users\Dani\Druckumgebung 2015-04-05 10:52 - 2015-04-05 10:52 - 00000000 _SHDL () C:\Users\Dani\Documents\Eigene Musik 2015-04-05 10:52 - 2015-04-05 10:52 - 00000000 _SHDL () C:\Users\Dani\Documents\Eigene Bilder 2015-04-05 10:52 - 2015-04-05 10:52 - 00000000 _SHDL () C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-04-05 10:52 - 2015-04-05 10:52 - 00000000 _SHDL () C:\Users\Dani\AppData\Local\Verlauf 2015-04-05 10:52 - 2015-04-05 10:52 - 00000000 ____D () C:\Users\Dani\AppData\Local\VirtualStore 2015-04-05 10:52 - 2015-03-29 11:52 - 00000000 ____D () C:\Users\Dani\AppData\Local\Microsoft Help 2015-04-05 10:52 - 2015-03-25 06:02 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\IObit 2015-04-05 10:52 - 2009-07-14 06:42 - 00000000 ___RD () C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-04-05 10:52 - 2009-07-14 06:37 - 00000000 ___RD () C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-04-05 10:43 - 2015-04-08 03:42 - 00000000 ____D () C:\Users\Admin\Desktop\Trojaner-Board 2015-04-04 22:04 - 2015-04-04 22:27 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-04-04 07:56 - 2015-04-05 13:46 - 00001136 _____ () C:\Windows\PFRO.log 2015-04-04 07:53 - 2015-04-01 03:30 - 02208768 _____ () C:\Users\Admin\Downloads\AdwCleaner 4.200.exe 2015-04-04 07:41 - 2015-04-04 07:41 - 00000000 ____D () C:\Users\Admin\Downloads\OTRDecoder_2.0.0.22 2015-04-04 06:58 - 2015-04-08 00:16 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DMCache 2015-04-04 06:58 - 2015-04-04 07:56 - 00000000 ____D () C:\Program Files\Internet Download Manager 2015-04-04 06:58 - 2015-04-04 07:03 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\IDM 2015-04-04 06:58 - 2015-04-04 06:58 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager 2015-04-04 06:58 - 2015-04-04 06:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager 2015-04-04 06:58 - 2015-04-04 06:58 - 00000000 ____D () C:\ProgramData\IDM 2015-04-04 06:54 - 2015-04-04 06:54 - 06215640 _____ (Tonec Inc.) C:\Users\Admin\Downloads\idman623.exe 2015-04-04 06:47 - 2015-04-04 06:55 - 00000000 ____D () C:\Program Files\Free Download Manager 2015-04-04 06:47 - 2015-04-04 06:47 - 00000000 ____D () C:\ProgramData\Free Download Manager 2015-04-04 06:41 - 2015-04-04 09:29 - 00000000 ____D () C:\Users\Admin\Downloads\Filme 2015-04-04 02:25 - 2015-04-08 03:43 - 00000000 ____D () C:\FRST 2015-04-04 02:24 - 2015-04-04 02:24 - 01135104 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe 2015-04-04 02:22 - 2015-04-04 02:22 - 00000000 _____ () C:\Users\Admin\defogger_reenable 2015-04-04 02:07 - 2015-04-04 02:07 - 00109664 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT 2015-04-04 02:05 - 2015-04-08 01:40 - 00001447 _____ () C:\Windows\setupact.log 2015-04-04 02:05 - 2015-04-04 02:05 - 00411880 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-04-04 02:05 - 2015-04-04 02:05 - 00000000 _____ () C:\Windows\setuperr.log 2015-04-04 02:04 - 2015-04-04 02:04 - 00003608 ____N () C:\bootsqm.dat 2015-04-03 14:16 - 2015-03-14 03:58 - 02171392 _____ () C:\Users\Daniela\Downloads\adwcleaner_4.112.exe 2015-04-03 14:16 - 2014-04-07 19:23 - 27560794 _____ () C:\Users\Daniela\Downloads\ar11lite_11.0.0.379_deu Vorsicht.exe 2015-04-03 14:16 - 2013-10-16 18:55 - 29040552 _____ (Oracle Corporation) C:\Users\Daniela\Downloads\jre-7u45-windows-i586.exe 2015-04-03 14:16 - 2013-09-27 01:26 - 29036456 _____ (Oracle Corporation) C:\Users\Daniela\Downloads\jre-7u40-windows-i586.exe 2015-04-03 14:16 - 2013-09-15 23:28 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Daniela\Downloads\mbam-clean-1.60.2.0003.exe 2015-04-03 14:16 - 2013-09-05 01:04 - 31714728 _____ (Oracle Corporation) C:\Users\Daniela\Downloads\jre-7u25-windows-i586.exe 2015-04-03 14:16 - 2013-07-10 18:13 - 03866624 _____ (Microsoft Corporation) C:\Users\Daniela\Downloads\FreePDF4.08.EXE 2015-04-03 14:16 - 2013-01-18 14:23 - 27291400 _____ () C:\Users\Daniela\Downloads\arxlite_deu (2).exe 2015-04-03 14:16 - 2012-12-08 03:06 - 16979960 _____ (Sun Microsystems, Inc.) C:\Users\Daniela\Downloads\jre-6u37-windows-i586.exe 2015-04-03 14:16 - 2012-10-03 03:57 - 27291400 _____ () C:\Users\Daniela\Downloads\arxlite_deu (1).exe 2015-04-03 13:55 - 2015-04-03 14:01 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DirSync 2015-04-02 15:54 - 2015-03-27 02:10 - 00122432 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys 2015-04-01 04:47 - 2015-04-08 01:42 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-01 04:47 - 2015-04-01 04:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-04-01 04:47 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-04-01 04:47 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-04-01 04:47 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-04-01 04:00 - 2015-04-01 04:00 - 00002560 _____ () C:\Windows\_MSRSTRT.EXE 2015-04-01 03:29 - 2015-04-01 03:30 - 02208768 _____ () C:\Users\Daniela\Downloads\AdwCleaner 4.200.exe 2015-03-31 09:33 - 2015-03-31 09:33 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2015-03-29 11:57 - 2015-03-31 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in 2015-03-29 11:57 - 2015-03-29 11:57 - 00000000 ____D () C:\Program Files\Microsoft CAPICOM 2.1.0.2 2015-03-29 11:52 - 2015-03-29 11:52 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help 2015-03-29 11:52 - 2015-03-29 11:52 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help 2015-03-29 11:09 - 2015-03-29 11:09 - 00000000 ____D () C:\Users\Daniela\AppData\Local\Microsoft Help 2015-03-29 10:57 - 2015-03-29 10:57 - 00002639 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Neues Microsoft Office-Dokument.lnk 2015-03-29 10:57 - 2015-03-29 10:57 - 00002639 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Microsoft Office-Dokument öffnen.lnk 2015-03-29 10:57 - 2015-03-29 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2015-03-29 10:57 - 2009-02-26 19:18 - 00029552 _____ (Microsoft Corporation) C:\Windows\system32\mdimon.dll 2015-03-29 10:54 - 2015-03-29 11:51 - 00000000 ____D () C:\Program Files\Microsoft Works 2015-03-29 10:48 - 2015-03-29 11:00 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8 2015-03-29 10:48 - 2015-03-29 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005 2015-03-29 10:48 - 2015-03-29 10:48 - 00000000 ____D () C:\IDE 2015-03-29 10:47 - 2015-03-31 09:41 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-29 10:47 - 2015-03-29 10:47 - 00000000 ____D () C:\Users\Admin\AppData\Local\Microsoft Help 2015-03-29 10:46 - 2015-03-29 10:46 - 00000000 ___RD () C:\MSOCache 2015-03-29 10:41 - 2015-03-29 10:35 - 1122369536 _____ () C:\Users\Daniela\outlook.pst 2015-03-29 05:15 - 2015-03-29 10:43 - 00000000 ____D () C:\Users\Daniela\Downloads\Microsoft Office 2007 Professional Plus 2015-03-29 03:26 - 2015-03-29 03:26 - 00000000 ____D () C:\Users\Daniela\AppData\Local\Sun 2015-03-28 07:35 - 2015-03-31 09:04 - 00000000 ___SD () C:\Windows\system32\GWX 2015-03-27 04:05 - 2015-03-27 04:15 - 492980834 _____ () C:\Users\Daniela\Downloads\MSO2007P.exe 2015-03-25 06:12 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-03-25 06:02 - 2015-03-31 09:04 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\ProductData 2015-03-25 06:02 - 2015-03-25 06:02 - 00000000 ____D () C:\Users\Default\AppData\Roaming\IObit 2015-03-25 06:02 - 2015-03-25 06:02 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\IObit 2015-03-25 05:37 - 2015-03-25 05:37 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\IObit 2015-03-25 05:27 - 2015-03-25 05:28 - 40909304 _____ () C:\Users\Daniela\Downloads\Firefox Setup 36.0.4.exe 2015-03-25 05:23 - 2015-03-25 05:24 - 37064104 _____ (Oracle Corporation) C:\Users\Daniela\Downloads\jre-8u40-windows-i586.exe 2015-03-25 04:12 - 2015-04-03 15:25 - 58048512 _____ () C:\Windows\system32\config\SOFTWARE.iobit 2015-03-25 04:12 - 2015-04-03 15:25 - 34934784 _____ () C:\Windows\system32\config\components.iobit 2015-03-25 04:12 - 2015-04-03 15:25 - 00360448 _____ () C:\Windows\system32\config\DEFAULT.iobit 2015-03-25 04:12 - 2015-04-03 15:25 - 00098304 _____ () C:\Windows\system32\config\SAM.iobit 2015-03-25 04:12 - 2015-04-03 15:25 - 00024576 _____ () C:\Windows\system32\config\SECURITY.iobit 2015-03-25 03:03 - 2015-03-25 03:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype 2015-03-25 03:03 - 2015-03-25 03:03 - 00000000 ____D () C:\Users\Admin\AppData\Local\Skype 2015-03-25 03:02 - 2015-03-25 03:02 - 00000000 ___RD () C:\Program Files\Skype 2015-03-25 03:02 - 2015-03-25 03:02 - 00000000 ____D () C:\ProgramData\Skype 2015-03-25 03:02 - 2015-03-25 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-03-25 03:02 - 2015-03-25 03:02 - 00000000 ____D () C:\Program Files\Common Files\Skype 2015-03-25 02:16 - 2015-03-25 02:16 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled 2015-03-25 02:16 - 2015-03-25 02:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8 2015-03-25 02:16 - 2015-03-25 02:16 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} 2015-03-25 02:16 - 2015-03-25 02:16 - 00000000 ____D () C:\Program Files\Common Files\IObit 2015-03-25 02:15 - 2015-03-31 09:04 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ProductData 2015-03-25 02:14 - 2015-04-01 02:49 - 00000000 ____D () C:\ProgramData\ProductData 2015-03-25 02:14 - 2015-03-25 02:16 - 00000000 ____D () C:\ProgramData\IObit 2015-03-25 02:14 - 2015-03-25 02:16 - 00000000 ____D () C:\Program Files\IObit 2015-03-25 02:14 - 2015-03-25 02:15 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\IObit 2015-03-25 02:14 - 2015-03-25 02:14 - 00000000 ____D () C:\Users\Admin\AppData\IObit 2015-03-24 05:01 - 2015-03-24 05:01 - 00000000 ____D () C:\Users\Daniela\Downloads\MSO2007P 2015-03-24 04:50 - 2015-03-24 04:54 - 498949156 _____ () C:\Users\Daniela\Downloads\MSO2007P.zip 2015-03-24 03:01 - 2015-03-24 03:01 - 00000000 ____D () C:\ProgramData\ATI 2015-03-24 01:53 - 2015-03-24 01:53 - 00000000 ____D () C:\Program Files\Microsoft ASP.NET 2015-03-24 01:37 - 2015-03-24 02:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\NVIDIA Corporation 2015-03-24 00:45 - 2015-03-24 00:45 - 00000000 ____D () C:\Program Files\Hewlett-Packard 2015-03-23 22:21 - 2015-03-23 22:21 - 00000000 ____D () C:\Users\Daniela\AppData\Local\NVIDIA Corporation 2015-03-23 05:24 - 2015-03-23 05:24 - 00000000 ____D () C:\Users\Daniela\AppData\Local\NVIDIA 2015-03-23 05:22 - 2015-03-24 04:19 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-03-23 05:20 - 2015-03-24 02:40 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2015-03-19 06:58 - 2015-03-19 06:58 - 00002019 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk 2015-03-19 06:58 - 2015-03-19 06:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer 2015-03-19 06:58 - 2015-03-19 06:58 - 00000000 ____D () C:\Program Files\MyPhoneExplorer 2015-03-19 05:55 - 2015-04-01 04:49 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-03-19 05:55 - 2015-03-19 05:55 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-19 05:52 - 2015-03-19 05:53 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Daniela\Downloads\Malwarebytes 2.0.4.exe 2015-03-19 04:21 - 2015-03-19 04:21 - 00000000 ____D () C:\Users\Admin\AppData\Local\Microsoft Games 2015-03-18 23:25 - 2015-03-19 08:59 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\MyPhoneExplorer 2015-03-18 23:00 - 2015-03-18 23:00 - 07332272 _____ () C:\Users\Daniela\Downloads\MyPhoneExplorer.exe 2015-03-18 22:28 - 2015-03-18 22:28 - 00000000 ____D () C:\Users\Daniela\AppData\Local\{042FA28C-4DB3-4B64-94C0-A384193D060C} 2015-03-10 22:29 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-03-10 22:29 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-03-10 22:29 - 2015-01-31 05:33 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-03-10 22:29 - 2015-01-31 05:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2015-03-10 22:29 - 2015-01-31 02:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2015-03-10 22:28 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-10 22:28 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-10 22:28 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-10 22:28 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-10 22:28 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-10 22:28 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-10 22:28 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-10 22:28 - 2015-02-20 04:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-03-10 22:28 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-10 22:28 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-03-10 22:28 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-03-10 22:28 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-10 22:28 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-10 22:28 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-10 22:28 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-03-10 22:28 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-10 22:28 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-03-10 22:28 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-10 22:28 - 2015-02-20 03:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-03-10 22:28 - 2015-02-20 03:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-03-10 22:28 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-03-10 22:28 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-03-10 22:28 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-10 22:28 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-10 22:28 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-10 22:28 - 2015-02-20 03:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-03-10 22:28 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-03-10 22:28 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-10 22:28 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-10 22:28 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-10 22:28 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-10 22:28 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-03-10 22:28 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-10 22:28 - 2015-02-03 05:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-03-10 22:28 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-10 22:28 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-03-10 22:28 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-03-10 22:28 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-03-10 22:28 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-03-10 22:28 - 2015-02-03 05:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-03-10 22:28 - 2015-02-03 05:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-03-10 22:28 - 2015-02-03 05:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-03-10 22:28 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2015-03-10 22:28 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-03-10 22:28 - 2015-02-03 05:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-03-10 22:28 - 2015-02-03 05:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2015-03-10 22:28 - 2015-02-03 05:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2015-03-10 22:28 - 2015-02-03 05:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2015-03-10 22:28 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-03-10 22:28 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-03-10 22:28 - 2015-02-03 05:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2015-03-10 22:28 - 2015-02-03 04:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-03-10 22:28 - 2015-01-31 01:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-03-10 22:28 - 2014-11-01 00:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-03-10 22:27 - 2015-03-06 07:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-03-10 22:27 - 2015-03-06 07:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-03-10 22:27 - 2015-03-06 07:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-03-10 22:27 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-03-10 22:27 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-03-10 22:27 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-10 22:27 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-03-10 22:27 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-03-10 22:27 - 2015-03-06 07:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-03-10 22:27 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-03-10 22:27 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-03-10 22:27 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-10 22:27 - 2015-03-06 07:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-03-10 22:27 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-03-10 22:27 - 2015-03-06 07:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-03-10 22:27 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-03-10 22:27 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-03-10 22:27 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-03-10 22:27 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-03-10 22:27 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-10 22:27 - 2015-02-20 06:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-03-10 22:27 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-03-10 22:27 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-10 22:27 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-10 22:27 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-10 22:26 - 2015-02-26 05:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-10 22:26 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-10 22:26 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-09 00:09 - 2015-03-09 00:09 - 00107301 _____ () C:\Users\Admin\Desktop\DANIELA-PC.html ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-08 03:29 - 2014-04-06 07:33 - 01333517 _____ () C:\Windows\WindowsUpdate.log 2015-04-08 02:46 - 2014-05-14 19:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-08 01:48 - 2009-07-14 06:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-08 01:48 - 2009-07-14 06:34 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-08 01:40 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-08 01:39 - 2014-12-09 23:46 - 00000000 ____D () C:\Windows\system32\appraiser 2015-04-08 01:39 - 2014-04-23 00:16 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-04-08 01:22 - 2014-04-08 01:42 - 00000000 ____D () C:\Users\Daniela\Ulk 2015-04-08 01:20 - 2014-04-08 01:39 - 00000000 ____D () C:\Users\Daniela\Scans 2015-04-08 00:08 - 2014-09-14 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID 2015-04-08 00:08 - 2014-09-14 20:43 - 00000000 ____D () C:\Program Files\CPUID 2015-04-06 00:06 - 2015-02-12 04:38 - 00000000 ____D () C:\AdwCleaner 2015-04-05 13:55 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default 2015-04-05 13:55 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public 2015-04-05 13:49 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini 2015-04-04 08:03 - 2014-08-20 17:45 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\HpUpdate 2015-04-04 02:22 - 2014-04-07 01:31 - 00000000 ____D () C:\Users\Admin 2015-04-03 15:09 - 2014-04-06 13:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-04-03 14:16 - 2014-05-26 00:59 - 00000000 ____D () C:\Users\Daniela\Downloads\Alcatel 2015-04-03 13:36 - 2014-04-06 07:44 - 01619272 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-03 12:41 - 2015-01-29 22:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-04-03 12:41 - 2014-04-06 13:08 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-04-01 04:01 - 2015-01-24 04:01 - 00000000 ____D () C:\Program Files\DAP 2015-04-01 04:01 - 2015-01-24 03:59 - 00000000 ____D () C:\Program Files\Common Files\SpeedBit 2015-04-01 03:52 - 2015-01-24 04:01 - 00000000 ____D () C:\ProgramData\TEMP 2015-04-01 03:02 - 2015-01-29 03:52 - 00000000 ____D () C:\Users\Daniela\Downloads\Filme 2015-03-31 09:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\System 2015-03-31 09:26 - 2009-07-14 04:04 - 00000534 _____ () C:\Windows\win.ini 2015-03-31 09:05 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp 2015-03-31 09:04 - 2014-04-06 07:37 - 00000000 ____D () C:\Users\Daniela 2015-03-31 09:04 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration 2015-03-30 00:48 - 2014-04-06 07:55 - 00109664 _____ () C:\Users\Daniela\AppData\Local\GDIPFONTCACHEV1.DAT 2015-03-29 11:52 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2015-03-29 11:01 - 2009-07-14 10:57 - 00000000 ____D () C:\Windows\ShellNew 2015-03-29 10:54 - 2014-04-26 08:18 - 00000000 ____D () C:\Program Files\Microsoft Office 2015-03-29 10:54 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\MSBuild 2015-03-29 10:52 - 2014-04-06 14:00 - 00000000 ____D () C:\Program Files\Microsoft.NET 2015-03-29 10:52 - 2009-07-14 04:37 - 00000000 __RSD () C:\Windows\Media 2015-03-29 10:52 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Help 2015-03-29 10:51 - 2014-04-26 08:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2015-03-29 04:14 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF 2015-03-25 05:30 - 2014-04-07 18:43 - 00000000 ____D () C:\ProgramData\Oracle 2015-03-25 05:25 - 2014-07-27 05:09 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2015-03-25 05:25 - 2014-07-27 05:08 - 00000000 ____D () C:\Program Files\Java 2015-03-25 05:18 - 2014-10-15 04:18 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe 2015-03-25 05:18 - 2014-04-06 14:54 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-03-25 05:18 - 2014-04-06 14:54 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-03-25 04:38 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-03-25 04:19 - 2014-04-06 08:30 - 00000000 ____D () C:\Windows\Panther 2015-03-25 03:55 - 2014-06-09 14:39 - 00000000 ____D () C:\Windows\Minidump 2015-03-25 02:51 - 2014-11-19 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys 2015-03-25 02:16 - 2014-04-07 18:18 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Apple Computer 2015-03-25 02:03 - 2014-05-20 03:54 - 00000000 ____D () C:\ProgramData\Nokia 2015-03-25 02:03 - 2014-04-13 07:08 - 00000000 ____D () C:\Program Files\Common Files\Nokia 2015-03-25 02:03 - 2014-04-13 06:09 - 00000000 ____D () C:\Program Files\Nokia 2015-03-25 01:48 - 2014-06-20 23:59 - 00000000 ____D () C:\Program Files\Allway Sync 2015-03-25 01:47 - 2014-11-19 23:14 - 00000000 ____D () C:\Program Files\Lavalys 2015-03-25 01:47 - 2014-05-02 20:41 - 00000000 ____D () C:\Windows\pss 2015-03-25 01:47 - 2014-04-08 23:24 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\IrfanView 2015-03-25 01:47 - 2014-04-08 22:47 - 00000000 ____D () C:\ProgramData\HP Product Assistant 2015-03-25 01:47 - 2014-04-08 22:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2015-03-25 01:47 - 2014-04-08 22:42 - 00000000 ____D () C:\Program Files\HP 2015-03-25 01:47 - 2014-04-08 22:40 - 00000000 ____D () C:\ProgramData\HP 2015-03-25 01:47 - 2014-04-06 16:24 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2015-03-25 01:47 - 2014-04-06 16:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2015-03-25 01:47 - 2014-04-06 16:20 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2015-03-25 01:47 - 2014-04-06 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center 2015-03-25 01:47 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\twain_32 2015-03-25 01:47 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\security 2015-03-25 01:46 - 2014-04-08 22:45 - 00000000 ____D () C:\Program Files\Common Files\HP 2015-03-25 01:46 - 2014-04-06 11:58 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies 2015-03-25 01:46 - 2014-04-06 11:58 - 00000000 ____D () C:\Program Files\AMD APP 2015-03-25 01:43 - 2014-04-06 16:19 - 00000000 ____D () C:\NVIDIA 2015-03-25 01:43 - 2014-04-06 11:58 - 00000000 ____D () C:\Program Files\AMD AVT 2015-03-25 01:43 - 2014-04-06 11:55 - 00000000 ____D () C:\Program Files\ATI Technologies 2015-03-25 01:43 - 2014-04-06 11:55 - 00000000 ____D () C:\Program Files\ATI 2015-03-24 03:54 - 2014-04-08 22:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\HP 2015-03-24 03:53 - 2014-04-08 22:41 - 00012575 _____ () C:\ProgramData\hpzinstall.log 2015-03-24 03:49 - 2014-04-12 01:44 - 00000000 ____D () C:\Users\Admin\AppData\Local\HP 2015-03-24 03:00 - 2014-04-06 11:58 - 00000000 ____D () C:\ProgramData\AMD 2015-03-24 02:28 - 2014-08-19 03:59 - 00000000 ____D () C:\Users\Admin\AppData\Local\NokiaAccount 2015-03-24 00:35 - 2014-10-02 02:13 - 00000000 ____D () C:\Users\Daniela\AppData\Local\FreePDF_XP 2015-03-23 01:46 - 2014-04-13 03:41 - 1108410368 _____ () C:\Users\Daniela\outlook_alt.pst 2015-03-19 04:46 - 2014-04-08 23:24 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\IrfanView 2015-03-19 04:45 - 2014-04-06 14:54 - 00000000 ____D () C:\Windows\system32\Macromed 2015-03-19 04:44 - 2014-06-11 02:05 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Mobile Action 2015-03-19 02:38 - 2014-04-13 06:11 - 00000000 ____D () C:\Users\Daniela\AppData\Roaming\PC Suite 2015-03-10 22:50 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE ==================== Files in the root of some directories ======= 2014-08-05 00:03 - 2014-10-07 05:56 - 0128621 _____ () C:\Users\Admin\AppData\Local\ars.cache 2014-08-05 00:04 - 2014-10-07 05:57 - 0367993 _____ () C:\Users\Admin\AppData\Local\census.cache 2014-08-04 18:38 - 2014-08-04 18:38 - 0000036 _____ () C:\Users\Admin\AppData\Local\housecall.guid.cache 2014-04-08 22:41 - 2015-03-24 03:53 - 0012575 _____ () C:\ProgramData\hpzinstall.log Files to move or delete: ==================== C:\Users\Daniela\Registry.reg Some content of TEMP: ==================== C:\Users\Admin\AppData\Local\Temp\Quarantine.exe C:\Users\Admin\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-26 02:56 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Admin at 2015-04-08 03:45:13
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
4500_G510af_Help (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510af (Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510af_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI Lite - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Advanced SystemCare 8 (HKLM\...\Advanced SystemCare 8_is1) (Version: 8.1.0 - IObit)
Alcatel onetouch Manager (HKLM\...\{C32EDA33-2F6F-0200-0000-000000000000}) (Version: 13.05.2155 - Mobile Action)
AMD Catalyst Install Manager (HKLM\...\{B448BC74-1CB7-7A57-3313-5E075AFB413E}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar (HKLM\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
Bing-Desktop (HKLM\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.347.0 - Microsoft Corporation)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
concept/design online.TiVi (HKLM\...\{2EC5640C-A426-4CFA-8737-656D1FE58128}_is1) (Version: 1.6.0.0 - concept/design GmbH)
concept/design onlineTV 11 (HKLM\...\{8A4C3184-DA2F-4553-BF61-83F5690C3048}_is1) (Version: 11.0.0.0 - concept/design GmbH)
CoolSoft VirtualMIDISynth 1.9.2 (HKLM\...\CoolSoft VirtualMIDISynth) (Version: 1.9.2.0 - CoolSoft)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DirSync 2.96 (HKLM\...\DirSync) (Version: - Stephen Kalisch)
DocMgr (Version: 130.0.000.000 - Ihr Firmenname) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
EGVP (HKLM\...\{EDA192EA-4DA3-416D-965D-65BFDA0E3715}) (Version: 1.5.3.0 - Governikus KG)
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version: - )
G DATA USB KEYBOARD GUARD (HKLM\...\{D8CBD59F-B29D-4E38-9D66-DEAEAB473FA9}) (Version: 1.0.0.32 - G DATA Software AG)
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510a-f (HKLM\...\{C98517B6-DCE9-49B7-B19E-E384178D3986}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
hpPrintProjects (Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (Version: 130.0.303.000 - Hewlett-Packard) Hidden
inSSIDer Home (HKLM\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Premium (HKLM\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.0 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
MKV Player 2.1.17 (HKLM\...\MKV Player_is1) (Version: - )
Mozilla Firefox 37.0 (x86 de) (HKLM\...\Mozilla Firefox 37.0 (x86 de)) (Version: 37.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (Version: 7.1.180.94 - Nokia) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM\...\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7325.0 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PC Wizard 2013.2.12 (HKLM\...\PC Wizard 2013_is1) (Version: - CPUID)
PDF reDirect (remove only) (HKLM\...\PDF reDirect) (Version: v2.5.2 - EXP Systems LLC)
PDF24 Creator 6.7.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PixelNet Software 4.14.4 (HKLM\...\PixelNet Software) (Version: 4.14.4 - ORWO Net)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.17.0 - Ralink)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
05-04-2015 10:39:08 Installed Microsoft Fix it 50848
06-04-2015 20:26:05 Windows Update
08-04-2015 01:35:38 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2015-04-05 13:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {3625605D-9736-4E0D-ADED-80AB17549529} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-25] (Adobe Systems Incorporated)
Task: {3A05D166-9113-4EC4-9566-5F56785457AF} - System32\Tasks\ASC8_SkipUac_Admin => C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe [2015-01-27] (IObit)
Task: {4A95605E-2F72-413F-9F4A-4F9B662C3B70} - System32\Tasks\{5589489F-BCF7-4E4E-A924-E7FCCE636DA8} => pcalua.exe -a "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Task: {653435B1-E8BB-4611-8BBB-E2FE2CBE8B8C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {690E5BA0-2B04-4E7B-906A-6CCA9CB3331D} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe [2015-01-23] (IObit)
Task: {7FEA1C05-5956-47C1-9720-5580AA7A98CB} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {8734083E-A084-4978-A36C-CA4115FD8883} - System32\Tasks\{085A87EE-090C-40C6-B1AC-A2A6111D4864} => C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
Task: {BDAC862A-E650-4CF1-B04B-EDEB1AB59011} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {F2CAD89D-9A42-4025-8876-58161729CDCB} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {F815A518-89BD-445C-8A71-0D92281353F8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) ==============
2015-03-25 02:16 - 2013-10-25 13:08 - 00517408 _____ () C:\Program Files\IObit\Advanced SystemCare 8\sqlite3.dll
2010-06-06 16:20 - 2010-06-06 16:20 - 00065344 _____ () C:\Windows\System32\PDFreDirectMonNT.dll
2014-10-02 02:12 - 2012-06-21 07:25 - 00094208 _____ () C:\Windows\System32\redmon32.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-06 16:24 - 2010-01-21 01:52 - 00370792 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2014-04-06 16:24 - 2010-01-21 01:51 - 00062568 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2014-04-06 16:24 - 2010-01-21 01:52 - 00565864 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2014-04-06 16:24 - 2010-01-21 01:52 - 00167528 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2015-03-25 02:16 - 2013-01-15 19:48 - 00348992 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madExcept_.bpl
2015-03-25 02:16 - 2013-01-15 19:48 - 00183616 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madBasic_.bpl
2015-03-25 02:16 - 2013-01-15 19:48 - 00051008 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madDisAsm_.bpl
2015-03-25 02:16 - 2013-01-15 19:47 - 00893248 _____ () C:\Program Files\IObit\Advanced SystemCare 8\webres.dll
2015-01-06 20:50 - 2012-02-20 13:59 - 01087336 _____ () C:\Program Files\Ralink\Common\RaWLAPI.dll
2013-06-18 15:49 - 2013-06-18 15:49 - 00016384 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-04-29 23:08 - 2013-04-29 23:08 - 00369152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3046395627-4054670192-1170409365-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: FreePDF Assistant => "C:\Program Files\FreePDF_XP\fpassist.exe"
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: PDFPrint => C:\Program Files\PDF24\pdf24.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
==================== Accounts: =============================
Admin (S-1-5-21-3046395627-4054670192-1170409365-1003 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3046395627-4054670192-1170409365-500 - Administrator - Disabled)
Dani (S-1-5-21-3046395627-4054670192-1170409365-1005 - Limited - Enabled) => C:\Users\Dani
Daniela (S-1-5-21-3046395627-4054670192-1170409365-1000 - Limited - Enabled) => C:\Users\Daniela
Gast (S-1-5-21-3046395627-4054670192-1170409365-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3046395627-4054670192-1170409365-1002 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/08/2015 00:40:16 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
Error: (04/07/2015 03:47:56 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig
Error: (04/07/2015 03:47:56 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig
Error: (04/07/2015 01:07:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17689, Zeitstempel: 0x54e68526
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.17690, Zeitstempel: 0x54e7d023
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00f45e49
ID des fehlerhaften Prozesses: 0x15f4
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (04/07/2015 01:07:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17689, Zeitstempel: 0x54e68526
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.17690, Zeitstempel: 0x54e7d023
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00f45e49
ID des fehlerhaften Prozesses: 0x16f0
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (04/07/2015 00:58:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17689, Zeitstempel: 0x54e68526
Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.17690, Zeitstempel: 0x54e7d023
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00f45e49
ID des fehlerhaften Prozesses: 0xd70
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (04/06/2015 09:17:40 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
Error: (04/06/2015 07:47:58 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig
Error: (04/06/2015 07:47:58 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig
System errors:
=============
Error: (04/08/2015 03:25:25 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt
Feature: %%886
Fehlercode: 0x80070005
Fehlerbeschreibung: Zugriff verweigert
Grund: %%858
Error: (04/08/2015 03:25:22 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (04/08/2015 02:17:59 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (04/08/2015 01:50:42 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (04/08/2015 01:41:45 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (04/07/2015 01:36:13 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.
Error: (04/07/2015 01:36:13 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.
Error: (04/07/2015 01:34:42 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.
Error: (04/07/2015 01:34:42 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252.
Error: (04/06/2015 08:23:53 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz
Percentage of memory in use: 40%
Total physical RAM: 3071.3 MB
Available physical RAM: 1838.16 MB
Total Pagefile: 6140.9 MB
Available Pagefile: 4480.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1924.98 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:218.24 GB) (Free:117.24 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:14.52 GB) NTFS
Drive i: (KINGSTON) (Removable) (Total:7.44 GB) (Free:3.44 GB) FAT32
Drive j: (Intenso) (Fixed) (Total:465.76 GB) (Free:349.54 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 2BAB359D)
Partition 1: (Active) - (Size=218.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=14.6 GB) - (Type=OF Extended)
========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0C)
========================================================
Disk: 5 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: AF084B5D)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
08.04.2015, 15:34
| #12 |
| /// the machine /// TB-Ausbilder | Windows 7: Internet fasst zum Stillstand verlangsamt Zum Lesen: CHIP-Installer - was ist das? - Anleitungen  Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Empfehlung:  Emsisoft Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.04.2015, 23:05
| #13 |
| | Windows 7: Internet fasst zum Stillstand verlangsamt Hallo Schrauber, das mit Chip ist ja der Hammer. Ich habe das leider bisher noch nie gehört. :-( Ich habe was falsch gemacht mit Defogger: Ich bin 2x auf Re-enable gegangen. Beim ersten Mal kam eine Meldung, dass Anti-Malware-Software beendet werden soll. Das habe ich gemacht + bin dann auf Ja gegangen + Defogger war danach immer noch offen. Deshalb habe ich gedacht, dass ich noch mal auf Re-enable gehen muss. Es kam wieder die Meldung + als ich dann auf Ja geklickt habe, kam "Enable to open Files" oder so ähnlich. Was soll ich jetzt machen? LG von Daniela |
|
09.04.2015, 15:50
| #14 |
| /// the machine /// TB-Ausbilder | Windows 7: Internet fasst zum Stillstand verlangsamt asst schon, es wurde ja auch nix deaktiviert am Anfang
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.04.2015, 19:28
| #15 |
| | Windows 7: Internet fasst zum Stillstand verlangsamt Hallo Schrauber, auch mit der Deinstallation von Combofix hatte ich Probleme... Beim ersten Mal hat er irgendwas gemeldet wie Combofix ist nicht installiert. Ich habe es vergessen, sorry... Ich habe es einfach noch mal laufen lassen + dann hat auch die Deinstallation funktioniert. Ich poste hier jetzt noch die letzte Log-Datei von Combofix. Ich hatte zwischendurch alle Programme in einen Ordner Trojaner-Board geschoben + nur das Programm auf dem Desktop gelassen, das ich gerade ausführen sollte. Vielleicht ließ sich Combofix deswegen nicht deinstallieren? LG von Daniela Code:
ATTFilter ComboFix 15-04-09.01 - Admin 09.04.2015 19:54:24.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3071.1992 [GMT 2:00]
ausgeführt von:: c:\users\Admin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-03-09 bis 2015-04-09 ))))))))))))))))))))))))))))))
.
.
2015-04-09 18:08 . 2015-04-09 18:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-09 07:21 . 2015-04-09 07:21 -------- d-----w- c:\users\Default\AppData\Roaming\ProductData
2015-04-09 00:30 . 2015-03-14 10:06 9119072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{888F727F-50C0-48DD-ABDD-5D7F836569D4}\mpengine.dll
2015-04-09 00:24 . 2015-04-09 00:24 -------- d-----w- c:\program files\Qualcomm Atheros
2015-04-09 00:22 . 2015-04-09 00:23 -------- d-----w- c:\program files\WinPcap
2015-04-08 21:59 . 2015-03-14 10:06 9119072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-04-07 23:35 . 2015-03-23 03:06 576000 ----a-w- c:\windows\system32\generaltel.dll
2015-04-07 23:35 . 2015-03-23 03:06 630784 ----a-w- c:\windows\system32\invagent.dll
2015-04-07 23:35 . 2015-03-23 03:06 331264 ----a-w- c:\windows\system32\devinv.dll
2015-04-07 23:35 . 2015-03-23 03:06 860160 ----a-w- c:\windows\system32\appraiser.dll
2015-04-07 23:35 . 2015-03-23 03:06 26112 ----a-w- c:\windows\system32\acmigration.dll
2015-04-07 23:35 . 2015-03-23 03:06 159744 ----a-w- c:\windows\system32\aepic.dll
2015-04-07 23:35 . 2015-03-23 02:59 896000 ----a-w- c:\windows\system32\aeinv.dll
2015-04-07 23:35 . 2015-03-23 03:06 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-04-06 05:33 . 2015-04-06 05:33 27648 ----a-w- c:\windows\system32\drivers\GDKBBlocker32.sys
2015-04-06 05:33 . 2015-04-06 05:33 -------- d-----w- c:\program files\G DATA
2015-04-06 05:32 . 2015-04-06 05:32 -------- d-----w- c:\programdata\G Data
2015-04-06 00:49 . 2015-04-06 00:50 -------- d-----w- C:\Datensicherung
2015-04-05 22:21 . 2015-04-05 22:21 -------- d-----w- C:\RegBackup
2015-04-05 09:37 . 2015-04-08 02:37 -------- dc----w- c:\users\Admin\AppData\Local\MigWiz
2015-04-05 08:52 . 2015-04-08 01:15 -------- d-----w- c:\users\Dani
2015-04-04 20:04 . 2015-04-04 20:27 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-04-04 04:58 . 2015-04-04 05:03 -------- d-----w- c:\users\Admin\AppData\Roaming\IDM
2015-04-04 04:58 . 2015-04-04 04:58 -------- d-----w- c:\programdata\IDM
2015-04-04 04:58 . 2015-04-09 18:11 -------- d-----w- c:\users\Admin\AppData\Roaming\DMCache
2015-04-04 04:58 . 2015-04-04 05:56 -------- d-----w- c:\program files\Internet Download Manager
2015-04-04 04:47 . 2015-04-04 04:47 -------- d-----w- c:\programdata\Free Download Manager
2015-04-04 04:47 . 2015-04-04 04:55 -------- d-----w- c:\program files\Free Download Manager
2015-04-04 00:25 . 2015-04-08 01:46 -------- d-----w- C:\FRST
2015-04-03 11:55 . 2015-04-03 12:01 -------- d-----w- c:\users\Admin\AppData\Roaming\DirSync
2015-04-03 10:41 . 2015-03-27 07:52 924040 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2015-04-03 10:41 . 2015-03-27 05:01 187504 ----a-w- c:\program files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2015-04-03 10:41 . 2015-03-27 05:01 50800 ----a-w- c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2015-04-02 13:54 . 2015-03-27 00:10 122432 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2015-04-01 02:47 . 2015-04-09 18:10 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-01 02:47 . 2015-03-17 04:15 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-01 02:47 . 2015-03-17 04:15 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-01 02:47 . 2015-03-17 04:15 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-01 02:00 . 2015-04-01 02:00 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2015-04-01 01:39 . 2015-03-25 22:00 908832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C28C4660-A74B-444B-96C7-58E331EF7C51}\gapaengine.dll
2015-03-29 09:57 . 2015-03-29 09:57 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2015-03-29 09:52 . 2015-03-29 09:52 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2015-03-29 08:57 . 2009-02-26 17:18 29552 ----a-w- c:\windows\system32\mdimon.dll
2015-03-29 08:57 . 2006-10-26 17:58 30512 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2015-03-29 08:54 . 2015-03-29 09:51 -------- d-----w- c:\program files\Microsoft Works
2015-03-29 08:48 . 2015-03-29 08:48 -------- d-----w- C:\IDE
2015-03-29 08:48 . 2015-03-29 09:00 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2015-03-29 08:47 . 2015-03-29 08:47 -------- d-----w- c:\users\Admin\AppData\Local\Microsoft Help
2015-03-29 08:47 . 2015-03-31 07:41 -------- d-----w- c:\programdata\Microsoft Help
2015-03-29 08:46 . 2015-03-29 08:46 -------- d-----r- C:\MSOCache
2015-03-28 05:35 . 2015-03-31 07:04 -------- d-s---w- c:\windows\system32\GWX
2015-03-25 04:12 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll
2015-03-25 04:02 . 2015-04-09 07:20 -------- d-----w- c:\users\Default\AppData\Roaming\IObit
2015-03-25 03:34 . 2013-10-05 09:38 970912 ----a-w- c:\program files\Mozilla Firefox\msvcr120.dll
2015-03-25 03:34 . 2013-10-05 09:38 455328 ----a-w- c:\program files\Mozilla Firefox\msvcp120.dll
2015-03-25 03:34 . 2013-08-22 05:03 3466856 ----a-w- c:\program files\Mozilla Firefox\d3dcompiler_47.dll
2015-03-25 01:03 . 2015-03-25 01:03 -------- d-----w- c:\users\Admin\AppData\Local\Skype
2015-03-25 01:03 . 2015-03-25 01:05 -------- d-----w- c:\users\Admin\AppData\Roaming\Skype
2015-03-25 01:02 . 2015-03-25 01:02 -------- d-----w- c:\program files\Common Files\Skype
2015-03-25 01:02 . 2015-03-25 01:02 -------- d-----r- c:\program files\Skype
2015-03-25 01:02 . 2015-03-25 01:02 -------- d-----w- c:\programdata\Skype
2015-03-25 00:16 . 2015-03-25 00:16 -------- d-----w- c:\programdata\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-03-25 00:16 . 2015-03-25 00:16 -------- d-----w- c:\program files\Common Files\IObit
2015-03-25 00:15 . 2015-03-31 07:04 -------- d-----w- c:\users\Admin\AppData\Roaming\ProductData
2015-03-25 00:14 . 2015-03-25 00:16 -------- d-----w- c:\programdata\IObit
2015-03-25 00:14 . 2015-04-08 02:02 -------- d-----w- c:\programdata\ProductData
2015-03-25 00:14 . 2015-03-25 00:16 -------- d-----w- c:\program files\IObit
2015-03-25 00:14 . 2015-03-25 00:15 -------- d-----w- c:\users\Admin\AppData\Roaming\IObit
2015-03-24 01:01 . 2015-03-24 01:01 -------- d-----w- c:\programdata\ATI
2015-03-23 23:53 . 2015-03-23 23:53 -------- d-----w- c:\program files\Microsoft ASP.NET
2015-03-23 23:37 . 2015-03-24 00:38 -------- d-----w- c:\users\Admin\AppData\Local\NVIDIA Corporation
2015-03-23 22:45 . 2015-03-23 22:45 -------- d-----w- c:\program files\Hewlett-Packard
2015-03-23 03:22 . 2015-03-24 02:19 -------- d-----w- c:\programdata\NVIDIA
2015-03-23 03:20 . 2015-03-24 00:40 -------- d-----w- c:\programdata\NVIDIA Corporation
2015-03-19 04:58 . 2015-03-19 04:58 -------- d-----w- c:\program files\MyPhoneExplorer
2015-03-19 03:55 . 2015-04-01 02:49 -------- d-----w- c:\program files\ Malwarebytes Anti-Malware
2015-03-19 03:55 . 2015-03-19 03:55 -------- d-----w- c:\programdata\Malwarebytes
2015-03-19 02:21 . 2015-03-19 02:21 -------- d-----w- c:\users\Admin\AppData\Local\Microsoft Games
2015-03-10 20:29 . 2015-01-31 03:33 2744320 ----a-w- c:\windows\system32\rdpcorets.dll
2015-03-10 20:29 . 2015-01-31 03:33 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-03-10 20:29 . 2015-01-31 00:48 221184 ----a-w- c:\windows\system32\rdpudd.dll
2015-03-10 20:29 . 2015-02-03 03:12 3209728 ----a-w- c:\windows\system32\mf.dll
2015-03-10 20:27 . 2015-02-03 03:12 1230848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-03-10 20:26 . 2015-02-03 03:12 171520 ----a-w- c:\windows\system32\ubpm.dll
2015-03-10 20:26 . 2015-02-26 03:11 2381312 ----a-w- c:\windows\system32\win32k.sys
2015-03-10 20:26 . 2015-01-17 02:30 828928 ----a-w- c:\windows\system32\msctf.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-01 21:48 . 2015-03-14 01:30 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2015-03-25 22:00 . 2014-04-20 00:34 908832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-03-25 03:25 . 2014-07-27 03:09 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-03-25 03:18 . 2014-04-06 12:54 778928 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-03-25 03:18 . 2014-04-06 12:54 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-03 13:16 . 2014-04-06 06:07 246920 ------w- c:\windows\system32\MpSigStub.exe
2015-02-17 14:04 . 2015-02-17 14:04 1202848 ----a-w- c:\windows\system32\FM20.DLL
2015-01-27 23:36 . 2015-02-10 22:37 1167520 ----a-w- c:\windows\system32\aitstatic.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02 23008 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Advanced SystemCare 8"="c:\program files\IObit\Advanced SystemCare 8\ASCTray.exe" [2015-01-20 2428704]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2015-04-02 3898960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 978520]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-29 642304]
"BingDesktop"="c:\program files\Microsoft\BingDesktop\BingDesktop.exe" [2013-11-01 2353880]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"GDataUsbProtection"="c:\program files\G DATA\USB KEYBOARD GUARD\GD2NDKBB.exe" [2014-09-03 1405560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [2000-1-21 65588]
Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe -s [2015-1-6 12658536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-02-12 18:57 43848 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
2014-03-18 18:50 373760 ----a-w- c:\program files\FreePDF_XP\fpassist.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2012-06-26 11:10 1516632 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2014-07-04 10:40 191528 ----a-w- c:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-10-02 12:23 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2015-01-16 2724128]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-12-11 315496]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2008-07-29 904192]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 cpuz137;cpuz137;c:\program files\CPUID\PC Wizard 2013\pcwiz_x32.sys [2014-02-17 26856]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-02-20 102912]
R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [2012-03-02 1308736]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-11-15 95408]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2015-01-30 284472]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2013-01-23 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2013-01-23 8576]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2013-07-01 15576]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2013-07-01 10200]
R3 RaMediaServer;Ralink UPnP Media Server;c:\program files\Ralink\Common\RaMediaServer.exe [2011-08-18 625728]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2015-03-17 92888]
S2 AdvancedSystemCareService8;Advanced SystemCare Service 8;c:\program files\IObit\Advanced SystemCare 8\ASCService.exe [2014-11-04 815392]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-04-30 217088]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-11-01 173272]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2015-03-27 122432]
S2 MBAMScheduler;MBAMScheduler;c:\program files\ Malwarebytes Anti-Malware \mbamscheduler.exe [2015-03-17 1871160]
S2 MBAMService;MBAMService;c:\program files\ Malwarebytes Anti-Malware \mbamservice.exe [2015-03-17 1080120]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-05-14 86656]
S3 GDKBBlocker;G Data GDKBBlocker Driver;c:\windows\system32\drivers\GDKBBlocker32.sys [2015-04-06 27648]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-03-17 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-04-09 119512]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-03-17 51928]
S3 Ph6xIB32;NXP 716x PCIe TV Card;c:\windows\system32\DRIVERS\Ph6xIB32.sys [2009-07-13 1277952]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2015-04-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-06 03:18]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Download aller Links mit IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download mit IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ubhm5qpi.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.url - hxxp://google.de
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3046395627-4054670192-1170409365-1003_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):0d,66,d3,4a,ae,28,0f,a2,23,22,29,e5,af,72,92,1d,b3,f4,03,d5,d3,
37,47,08,a1,e1,13,29,ed,cd,e5,9e,e8,4b,7c,35,d9,6b,14,50,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3046395627-4054670192-1170409365-1003_Classes\CLSID\{f776ad71-9d81-4c26-a3de-cdd7228fe4c5}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000062
"Therad"=dword:00000006
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5188)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Ralink\Common\RaRegistry.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\taskhost.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\ Malwarebytes Anti-Malware \mbam.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\program files\IObit\Advanced SystemCare 8\Monitor.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Ralink\Common\RaUI.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Microsoft\BingDesktop\BDExtHost.exe
c:\program files\Microsoft\BingDesktop\BDAppHost.exe
c:\program files\Microsoft\BingDesktop\BDRuntimeHost.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-04-09 20:17:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-04-09 18:17
.
Vor Suchlauf: 19 Verzeichnis(se), 125.415.809.024 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 125.517.176.832 Bytes frei
.
- - End Of File - - AE21A4CEC69F454856125C9E2B441D17
A36C5E4F47E84449FF07ED3517B43A31
|
|
| Themen zu Windows 7: Internet fasst zum Stillstand verlangsamt |
| avira, branding, browser, cpu-z, desktop, excel, fehler, firefox, flash player, helper, home, homepage, installation, internet, launch, microsoft fix it, mozilla, officejet, problem, scan, security, software, svchost.exe, system, updates, viren, warnung, windows, windows updates, windows xp |
WARNUNG an die MITLESER: 
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
