|
Log-Analyse und Auswertung: Bei HP Druckertreiberinstallation öffnet Free youtube DownloaderWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.05.2015, 16:52 | #1 |
| Bei HP Druckertreiberinstallation öffnet Free youtube Downloader Hallo, ich habe folgendes Problem, das ich leider nicht alleine lösen kann. Beim Installieren des HP Druckertreibers bzw. Druckersoftware wird nicht das Setupprogramm von HP gestartet, sondern das Setupfenster von Free Youtube Downloader aufgemacht. Gleichzeitig meldet MWB die Blockierung von Open Candy. Jeder Versuch den Treiber irgendwie zu installieren schlug fehl. Stellenweise wird auch beim Programme deistallieren auf dieses Setup von Free Youtube Downloader zugegriffen anstatt das gewünschte Programm zu entfernen. Die erforderlichen Logdateien habe ich erstellt und hoffe jemand weiß Rat. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Protection, 10.05.2015 06:21:20, SYSTEM, PC-8675764, Protection, Malware Protection, Starting, Protection, 10.05.2015 06:21:20, SYSTEM, PC-8675764, Protection, Malware Protection, Started, Protection, 10.05.2015 06:21:20, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Starting, Protection, 10.05.2015 06:21:41, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Started, Update, 10.05.2015 06:23:03, SYSTEM, PC-8675764, Scheduler, Malware Database, 2015.5.9.4, 2015.5.10.2, Protection, 10.05.2015 06:23:03, SYSTEM, PC-8675764, Protection, Refresh, Starting, Protection, 10.05.2015 06:23:03, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Stopping, Protection, 10.05.2015 06:23:03, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Stopped, Protection, 10.05.2015 06:23:10, SYSTEM, PC-8675764, Protection, Refresh, Success, Protection, 10.05.2015 06:23:10, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Starting, Protection, 10.05.2015 06:23:10, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Started, Scan, 10.05.2015 07:43:59, SYSTEM, PC-8675764, Context, Start: 10.05.2015 06:23:08, Dauer: 1 Stunden 20 Minuten 51 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, "0" nicht-Malwareerkennung, Protection, 10.05.2015 09:43:43, SYSTEM, PC-8675764, Protection, Malware Protection, Starting, Protection, 10.05.2015 09:43:43, SYSTEM, PC-8675764, Protection, Malware Protection, Started, Protection, 10.05.2015 09:43:43, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Starting, Protection, 10.05.2015 09:43:49, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Started, Protection, 10.05.2015 10:31:25, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Stopping, Protection, 10.05.2015 10:31:25, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Stopped, Protection, 10.05.2015 10:31:25, SYSTEM, PC-8675764, Protection, Malware Protection, Stopping, Protection, 10.05.2015 10:32:08, SYSTEM, PC-8675764, Protection, Malware Protection, Stopped, Protection, 10.05.2015 12:04:59, SYSTEM, PC-8675764, Protection, Malware Protection, Starting, Protection, 10.05.2015 12:05:00, SYSTEM, PC-8675764, Protection, Malware Protection, Started, Protection, 10.05.2015 12:05:00, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Starting, Protection, 10.05.2015 12:05:45, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Started, Detection, 10.05.2015 12:33:57, Peter Maier, PC-8675764, Protection, Malwareschutz, Datei, PUP.Optional.OpenCandy, C:\Users\Peter Maier\AppData\Local\Temp\is-GCFA5.tmp\OCSetupHlp.dll, Quarantäne, [6496761ba1e943f3dc368db149bd6c94] Detection, 10.05.2015 12:49:25, Peter Maier, PC-8675764, Protection, Malwareschutz, Datei, PUP.Optional.OpenCandy, C:\Users\Peter Maier\AppData\Local\Temp\is-DB3R5.tmp\OCSetupHlp.dll, Quarantäne, [75850c85c7c348eeb55d3905fb0b8c74] Detection, 10.05.2015 12:50:14, SYSTEM, PC-8675764, Protection, Malwareschutz, Datei, PUP.Optional.OpenCandy, C:\Users\Peter Maier\AppData\Local\Temp\is-PKD10.tmp\OCSetupHlp.dll, Quarantäne, [7585771a97f385b18092ef4f9076847c] Protection, 10.05.2015 13:22:09, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Stopping, Protection, 10.05.2015 13:22:09, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Stopped, Protection, 10.05.2015 13:22:09, SYSTEM, PC-8675764, Protection, Malware Protection, Stopping, Protection, 10.05.2015 13:22:44, SYSTEM, PC-8675764, Protection, Malware Protection, Stopped, Protection, 10.05.2015 14:49:22, SYSTEM, PC-8675764, Protection, Malware Protection, Starting, Protection, 10.05.2015 14:49:22, SYSTEM, PC-8675764, Protection, Malware Protection, Started, Protection, 10.05.2015 14:49:22, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Starting, Protection, 10.05.2015 14:49:22, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Started, Update, 10.05.2015 14:53:24, SYSTEM, PC-8675764, Manual, Malware Database, 2015.5.10.2, 2015.5.10.3, Protection, 10.05.2015 14:53:24, SYSTEM, PC-8675764, Protection, Refresh, Starting, Protection, 10.05.2015 14:53:24, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Stopping, Protection, 10.05.2015 14:53:24, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Stopped, Protection, 10.05.2015 14:53:51, SYSTEM, PC-8675764, Protection, Refresh, Success, Protection, 10.05.2015 14:53:51, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Starting, Protection, 10.05.2015 14:53:52, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Started, Scan, 10.05.2015 16:24:35, SYSTEM, PC-8675764, Manual, Start: 10.05.2015 14:58:45, Dauer: 1 Stunden 25 Minuten 50 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, "0" nicht-Malwareerkennung, (end) Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015 Ran by Peter Maier (administrator) on PC-8675764 on 10-05-2015 13:22:39 Running from D:\Internetdownload Loaded Profiles: Peter Maier (Available profiles: Peter Maier & Test & UpdatusUser) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe (Transaction Software, D 81829 Munich) C:\Program Files (x86)\EWA net\database\TransBase EWA\tbmux32.exe (Transaction Software, D 81829 Munich) C:\Program Files (x86)\EWA net\database\TransBase EPC\tbmux32.exe (Transaction Software, D 81829 Munich) C:\Program Files (x86)\EWA net\database\TransBase WIS\tbmux32.exe (Alexandria Software Consulting) C:\Program Files (x86)\EWA net\server\bin\tomcat.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Transaction Software, D 81829 Munich) C:\Program Files (x86)\EWA net\database\TransBase EWA\tbkern32.exe (Transaction Software, D 81829 Munich) C:\Program Files (x86)\EWA net\database\TransBase EPC\tbkern32.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\module\20013\ChromeExt\chromeextension\TmopChromeMsgHost32.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\chromeextension\NativeMessageHost\ToolbarNativeMsgHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\perfmon.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.) HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246304 2014-07-20] (Trend Micro Inc.) HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1266224 2014-07-20] (Trend Micro Inc.) HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3196272 2015-02-12] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation) HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-3683288306-3887556678-712919813-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation) HKU\S-1-5-21-3683288306-3887556678-712919813-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.) HKU\S-1-5-21-3683288306-3887556678-712919813-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.) HKU\S-1-5-21-3683288306-3887556678-712919813-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-03-11] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-03-11] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-03-11] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-11] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-11] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-11] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3683288306-3887556678-712919813-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3683288306-3887556678-712919813-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation) BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.) BHO: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll [2014-06-30] (Trend Micro Inc.) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll No File BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-03-10] (Microsoft Corporation) BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe64.dll [2014-07-11] (Trend Micro Inc.) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-28] (Oracle Corporation) BHO-x32: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll [2014-06-30] (Trend Micro Inc.) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2012-11-04] (Logitech, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-03-10] (Microsoft Corporation) BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll [2014-07-11] (Trend Micro Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-28] (Oracle Corporation) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll No File Toolbar: HKLM - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.) Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll [2009-09-22] (TerraTec Electronic GmbH) Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-720720720720} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe64.dll [2014-07-11] (Trend Micro Inc.) Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll [2014-07-11] (Trend Micro Inc.) Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll [2014-06-30] (Trend Micro Inc.) Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll [2014-06-30] (Trend Micro Inc.) Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.) Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.) Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2014-07-20] (Trend Micro Inc.) Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2014-07-20] (Trend Micro Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] () FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-06-23] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-03-14] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-03-14] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2011-04-07] FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2011-04-07] FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension [2015-03-10] FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-02-18] FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension FF Extension: Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2015-03-10] FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2015-03-10] Chrome: ======= CHR HomePage: Profile 1 -> hxxp://www.google.com/ CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/", "hxxp://www.sweet-page.com/?type=hp&ts=1416343250&from=cor&uid=HitachiXHDT721050SLA360_STF3L7ME0V5G6K0V5G6KX" CHR Profile: C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-22] CHR Extension: (Google Docs) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-22] CHR Extension: (Google Drive) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-22] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-22] CHR Extension: (YouTube) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-22] CHR Extension: (Google Search) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-22] CHR Extension: (Logitech SetPoint) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2015-02-22] CHR Extension: (Google Sheets) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-22] CHR Extension: (Google Wallet) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-22] CHR Extension: (Gmail) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-22] CHR Profile: C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Slides) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-22] CHR Extension: (Google Drive) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-22] CHR Extension: (YouTube) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-22] CHR Extension: (Google Search) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-22] CHR Extension: (Logitech SetPoint) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2015-02-22] CHR Extension: (Google Sheets) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-22] CHR Extension: (iCloud Bookmarks) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-04-30] CHR Extension: (Wetter Europa) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gdjjeekgglojebicfpgmiaeaadnhfaol [2015-02-22] CHR Extension: (Bookmark Manager) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14] CHR Extension: (Google Wallet) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-22] CHR Extension: (Trend Micro Toolbar) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2015-03-10] CHR Extension: (Gmail) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-22] CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-02-18] CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-22] (Microsoft Corporation) R2 EWA net DB Core; C:\Program Files (x86)\EWA net\database\TransBase EWA\tbmux32.exe [417792 2008-04-04] (Transaction Software, D 81829 Munich) [File not signed] R2 EWA net DB EPC; C:\Program Files (x86)\EWA net\database\TransBase EPC\tbmux32.exe [417792 2007-11-27] (Transaction Software, D 81829 Munich) [File not signed] R2 EWA net DB WIS; C:\Program Files (x86)\EWA net\database\TransBase WIS\tbmux32.exe [417792 2008-04-04] (Transaction Software, D 81829 Munich) [File not signed] R2 EWA net Server; C:\Program Files (x86)\EWA net\server\bin\tomcat.exe [65536 2003-07-31] (Alexandria Software Consulting) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [64552 2014-08-14] (Haufe-Lexware GmbH & Co. KG) S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1187376 2014-07-20] (Trend Micro Inc.) R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-02-12] (Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [302968 2015-02-12] (Western Digital Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [79872 2009-06-10] (AVM GmbH) S3 CSRBC; C:\Windows\System32\Drivers\rider64.sys [38400 2012-01-31] (CSR plc.) S3 FPCIBASE; C:\Windows\System32\DRIVERS\fpcibase.sys [899328 2009-06-10] (AVM Berlin) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [121944 2014-07-14] (Trend Micro Inc.) R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [305832 2014-07-14] (Trend Micro Inc.) R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2014-07-09] (Trend Micro Inc.) R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [106296 2014-07-09] (Trend Micro Inc.) R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [93664 2014-07-14] (Trend Micro Inc.) R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [407864 2014-07-09] (Trend Micro Inc.) R2 tmusa; C:\Windows\System32\DRIVERS\tmusa.sys [106296 2014-06-30] (Trend Micro Inc.) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed] S3 HWHandSet; system32\DRIVERS\hw_quusbmdm.sys [X] U2 TMAgent; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-10 12:38 - 2015-05-10 12:38 - 00000000 ____D () C:\LJP1100_P1560_P1600_SI_Utility 2015-05-10 12:05 - 2015-05-10 12:05 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat 2015-05-10 10:35 - 2015-05-10 10:35 - 00001668 _____ () C:\Users\Peter Maier\Desktop\JRT.txt 2015-05-10 10:32 - 2015-05-10 10:32 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PC-8675764-Windows-7-Professional-(64-bit).dat 2015-05-10 10:32 - 2015-05-10 10:32 - 00000000 ____D () C:\RegBackup 2015-05-10 00:41 - 2015-05-10 00:41 - 00000000 ____D () C:\Users\Peter Maier\AppData\Roaming\VSRevoGroup 2015-05-10 00:32 - 2015-05-10 00:32 - 00001270 _____ () C:\Users\Peter Maier\Desktop\Revo Uninstaller.lnk 2015-05-10 00:32 - 2015-05-10 00:32 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-05-09 20:20 - 2015-05-10 13:22 - 00000000 ____D () C:\FRST 2015-05-08 13:33 - 2015-05-08 13:33 - 00000000 ____D () C:\Program Files\HP 2015-05-08 13:33 - 2012-09-27 07:25 - 00056832 ____R () C:\Windows\system32\HP1100SMs.dll 2015-05-08 13:33 - 2012-09-27 07:25 - 00020480 ____R (Marvell Semiconductor, Inc.) C:\Windows\system32\Drivers\mvusbews.sys 2015-05-08 13:33 - 2012-08-31 15:10 - 00350720 _____ () C:\Windows\system32\mvhlewsi.DLL 2015-05-08 13:33 - 2012-08-31 15:03 - 01696256 _____ () C:\Windows\system32\HP1100SM.EXE 2015-05-08 13:33 - 2012-08-31 15:03 - 00288768 _____ () C:\Windows\system32\HP1100LM.DLL 2015-05-08 13:17 - 2015-05-08 13:17 - 00000000 ____D () C:\Program Files (x86)\Hp 2015-05-07 18:04 - 2015-05-07 18:04 - 00000000 ____D () C:\Windows\System32\Tasks\Western Digital 2015-05-07 17:57 - 2015-05-07 17:57 - 00000874 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Angry IP Scanner.lnk 2015-05-07 17:57 - 2015-05-07 17:57 - 00000000 ____D () C:\Program Files\Angry IP Scanner 2015-05-07 17:54 - 2015-05-07 17:54 - 00000000 ____D () C:\Users\Peter Maier\AppData\Local\Western_Digital_Technolog 2015-05-07 17:50 - 2015-05-07 17:50 - 00000000 ____D () C:\ProgramData\Western Digital 2015-05-07 17:50 - 2015-05-07 17:50 - 00000000 ____D () C:\Program Files\Western Digital 2015-05-07 17:50 - 2015-05-07 17:50 - 00000000 ____D () C:\Program Files\Common Files\Western Digital 2015-04-15 03:14 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-04-15 03:14 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-04-15 03:14 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-04-15 03:14 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-04-15 03:14 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-04-15 03:14 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-04-15 03:14 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-04-15 03:14 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-04-15 03:14 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-04-15 03:14 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-04-15 03:14 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-04-15 03:14 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-04-15 03:14 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-04-15 03:14 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-04-15 03:14 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-04-15 03:14 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-04-15 03:14 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-04-15 03:14 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-04-15 03:14 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-04-15 03:14 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-04-15 03:14 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-04-15 03:14 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-04-15 03:14 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-04-15 03:14 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-04-15 03:14 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-04-15 03:14 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-04-15 03:14 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-04-15 03:14 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-04-15 03:14 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-04-15 03:14 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-04-15 03:14 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-04-15 03:14 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-04-15 03:14 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-04-15 03:14 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-04-15 03:14 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-04-15 03:14 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-04-15 03:14 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-04-15 03:14 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-04-15 03:14 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-04-15 03:14 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-04-15 03:14 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-04-15 03:14 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-04-15 03:14 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-04-15 03:14 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-04-15 03:14 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-04-15 03:14 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-04-15 03:14 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-04-15 03:14 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-04-15 03:14 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-04-15 03:14 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-04-15 03:14 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-04-15 03:14 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-04-15 03:14 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-04-15 03:14 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2015-04-15 03:14 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-04-15 03:14 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-04-15 03:13 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-04-15 03:13 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-04-15 03:13 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-04-15 03:13 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-04-15 03:13 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-04-15 03:13 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-04-15 03:13 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-04-15 03:13 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-04-15 03:13 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-04-15 03:13 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-04-15 03:13 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-04-15 03:13 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-04-15 03:13 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-04-15 03:13 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-04-15 03:13 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-04-15 03:13 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-04-15 03:13 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-04-15 03:13 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-04-15 03:13 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-04-15 03:13 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-04-15 03:13 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-04-15 03:13 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-04-15 03:13 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-04-15 03:13 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-04-15 03:13 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-04-15 03:13 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-04-15 03:13 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-04-15 03:13 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-04-15 03:13 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-04-15 03:13 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-04-15 03:13 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-04-15 03:13 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-04-15 03:13 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-04-15 03:13 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-04-15 03:13 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-04-15 03:13 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-04-15 03:13 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-04-15 03:13 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-04-15 03:13 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-04-15 03:13 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-04-15 03:13 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-04-15 03:13 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-04-15 03:13 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-04-15 03:13 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-04-15 03:13 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-04-15 03:13 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-04-15 03:13 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-04-15 03:13 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-04-15 03:13 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-04-15 03:13 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-04-15 03:13 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-04-15 03:13 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-04-15 03:13 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-04-15 03:13 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-04-15 03:13 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-04-15 03:13 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-04-15 03:13 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-04-15 03:13 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-04-15 03:13 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-04-15 03:13 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-04-15 03:13 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-04-15 03:13 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-04-15 03:13 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-04-15 03:13 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-04-15 03:13 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-04-15 03:13 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-04-15 03:13 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-04-15 03:13 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-04-15 03:13 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-04-15 03:13 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-04-15 03:13 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-04-15 03:13 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-04-15 03:13 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-04-15 03:13 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-04-15 03:13 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-04-15 03:13 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-04-15 03:13 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-04-15 03:13 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-04-15 03:13 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-04-15 03:13 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-04-15 03:13 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-04-15 03:13 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-04-15 03:13 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-04-15 03:13 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-04-15 03:13 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-04-15 03:13 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-04-15 03:13 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2015-04-15 03:13 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll 2015-04-15 03:13 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll 2015-04-15 03:13 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-10 13:00 - 2013-12-10 12:48 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-10 12:33 - 2014-04-08 11:24 - 00000000 ____D () C:\Users\Peter Maier\AppData\Roaming\DVDVideoSoft 2015-05-10 12:26 - 2012-04-09 10:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-10 12:18 - 2014-10-06 13:36 - 00005168 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for PC-8675764-Peter Maier PC-8675764 2015-05-10 12:14 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-10 12:14 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-10 12:09 - 2009-12-02 14:53 - 01360754 _____ () C:\Windows\WindowsUpdate.log 2015-05-10 12:07 - 2015-02-07 08:13 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-10 12:05 - 2013-12-10 12:48 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-10 12:04 - 2012-02-21 18:01 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-05-10 12:04 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-10 12:04 - 2009-07-14 06:51 - 00235367 _____ () C:\Windows\setupact.log 2015-05-10 09:42 - 2009-12-02 18:42 - 00533898 _____ () C:\Windows\PFRO.log 2015-05-10 09:40 - 2013-12-15 16:33 - 00000000 ____D () C:\AdwCleaner 2015-05-10 07:30 - 2009-12-16 23:37 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{76264225-A4E2-48C4-AA99-AAB4CC01A17C} 2015-05-10 06:20 - 2009-07-14 06:45 - 00670992 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-05-10 06:03 - 2009-12-02 16:09 - 00199664 _____ () C:\Users\Peter Maier\AppData\Local\GDIPFONTCACHEV1.DAT 2015-05-09 13:39 - 2014-12-08 21:51 - 00007627 _____ () C:\Users\Peter Maier\AppData\Local\Resmon.ResmonCfg 2015-05-08 13:41 - 2009-07-14 19:58 - 00716356 _____ () C:\Windows\system32\perfh007.dat 2015-05-08 13:41 - 2009-07-14 19:58 - 00155096 _____ () C:\Windows\system32\perfc007.dat 2015-05-08 13:41 - 2009-07-14 07:13 - 01660476 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-08 10:20 - 2015-02-07 08:35 - 00000794 _____ () C:\Users\Peter Maier\Documents\psr6.lic 2015-05-07 18:03 - 2014-07-09 07:58 - 00000000 ____D () C:\Users\Peter Maier\AppData\Local\Western Digital 2015-05-07 17:51 - 2014-08-18 16:21 - 00032842 _____ () C:\Windows\DPINST.LOG 2015-05-07 17:50 - 2014-11-10 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital 2015-05-07 17:50 - 2014-11-10 19:23 - 00000000 ____D () C:\Program Files (x86)\Western Digital 2015-05-07 17:49 - 2014-01-24 13:02 - 00000000 ____D () C:\ProgramData\Package Cache 2015-05-07 11:26 - 2011-04-07 16:51 - 00000000 ____D () C:\ProgramData\SFirm 2015-05-07 11:23 - 2011-04-07 16:51 - 00000000 ____D () C:\Program Files (x86)\SFirm 2015-05-07 11:15 - 2011-05-02 17:40 - 00000000 ____D () C:\ProgramData\SFirm_Datensicherungen 2015-05-05 04:26 - 2014-06-23 12:48 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2015-05-01 02:02 - 2014-01-30 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2015-04-30 21:04 - 2015-02-22 11:29 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-04-26 03:56 - 2015-02-07 08:13 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-04-26 03:56 - 2015-02-07 08:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-04-26 03:56 - 2015-02-07 08:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-04-22 10:47 - 2014-06-07 09:21 - 00000000 ____D () C:\Users\Peter Maier\AppData\Roaming\Tyre 2015-04-17 00:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat 2015-04-16 04:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2015-04-16 03:44 - 2014-12-11 11:51 - 00000000 ____D () C:\Windows\system32\appraiser 2015-04-16 03:44 - 2014-04-30 18:05 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-04-16 03:23 - 2009-12-13 11:28 - 01637564 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-04-16 03:20 - 2013-08-17 03:02 - 00000000 ____D () C:\Windows\system32\MRT 2015-04-16 03:06 - 2009-12-02 15:07 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-04-14 21:57 - 2012-04-09 10:13 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-04-14 21:57 - 2012-04-09 10:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-04-14 21:57 - 2011-06-05 08:26 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-04-14 09:37 - 2015-02-07 08:13 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-04-14 09:37 - 2015-02-07 08:13 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-04-14 09:37 - 2015-02-07 08:13 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys ==================== Files in the root of some directories ======= 2013-12-08 15:09 - 2013-12-15 16:45 - 0000055 _____ () C:\Users\Peter Maier\AppData\Roaming\mbam.context.scan 2010-04-24 22:50 - 2012-12-06 12:46 - 0009728 _____ () C:\Users\Peter Maier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-03-10 12:39 - 2015-03-10 12:39 - 0000036 _____ () C:\Users\Peter Maier\AppData\Local\housecall.guid.cache 2014-12-08 21:51 - 2015-05-09 13:39 - 0007627 _____ () C:\Users\Peter Maier\AppData\Local\Resmon.ResmonCfg Files to move or delete: ==================== C:\Users\Peter Maier\WDMyCloud_win.exe C:\Users\Public\TTi_50_MR_2012_TIS.exe Some content of TEMP: ==================== C:\Users\Peter Maier\AppData\Local\Temp\Quarantine.exe C:\Users\Peter Maier\AppData\Local\Temp\sqlite3.dll C:\Users\Test\AppData\Local\Temp\lpuninstall.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-04 00:25 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2015 Ran by Peter Maier at 2015-05-10 13:25:54 Running from D:\Internetdownload Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3683288306-3887556678-712919813-500 - Administrator - Disabled) Gast (S-1-5-21-3683288306-3887556678-712919813-501 - Limited - Enabled) Peter Maier (S-1-5-21-3683288306-3887556678-712919813-1000 - Administrator - Enabled) => C:\Users\Peter Maier PQPBSUSER (S-1-5-21-3683288306-3887556678-712919813-1011 - Administrator - Enabled) Test (S-1-5-21-3683288306-3887556678-712919813-1004 - Limited - Enabled) => C:\Users\Test UpdatusUser (S-1-5-21-3683288306-3887556678-712919813-1009 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Trend Micro Internet Security (Disabled - Up to date) {F2F88E6A-3C7A-545F-268A-5D0BDD38EE06} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Trend Micro Internet Security (Disabled - Up to date) {49996F8E-1A40-5BD1-1C3A-6679A6BFA4BB} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.3.1 - Angry IP Scanner) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Cardo Updater (HKLM-x32\...\Cardo Updater_is1) (Version: - Cardo Systems, Inc.) CorelDRAW Graphics Suite X3 (HKLM-x32\...\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}) (Version: 13.0 - Corel Corporation) dakota.ag (HKLM-x32\...\dakota.ag) (Version: 6.0.30 - ITSG GmbH) dakota.ag (x32 Version: 6.0.30 - ITSG GmbH) Hidden DE (x32 Version: 13.0 - Corel Corporation) Hidden Design & Print (HKLM-x32\...\Design & Print 1.0.5) (Version: 1.0.5 - Avery Zweckform) DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) Document_Installer (x32 Version: 1.00.0000 - DaimlerChrysler AG) Hidden EPC Compact plus 1.0 (HKLM-x32\...\dbcs1) (Version: - ) eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden EWA net (HKLM-x32\...\EWA net) (Version: - ) EWA_net_Admin (x32 Version: 1.00.0000 - DaimlerChrysler AG) Hidden EWA_net_Client_Applications (x32 Version: 1.00.0000 - DaimlerChrysler AG) Hidden EWA_net_Core (x32 Version: 1.00.0000 - DaimlerChrysler AG) Hidden EWA_net_EPC (x32 Version: 1.00.0000 - Daimler) Hidden EWA_net_Server (x32 Version: 1.00.0000 - DaimlerChrysler AG) Hidden EWA_net_WIS (x32 Version: 1.00.0000 - DaimlerChrysler AG) Hidden EWA_net_WIS_CaseOnline_Importer (x32 Version: 1.00.0000 - DaimlerChrysler AG) Hidden FontNav (x32 Version: 5.0 - Corel Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.) Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden HS/3 2011 (HKLM-x32\...\HS/3_is1) (Version: 2011 (2011.11.001) - HS/3 Hotelsoftware GmbH & Co. KG) iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 4.2.1909 - KYOCERA Document Solutions Inc.) Lexware Elster (HKLM-x32\...\{A4AAD5E5-1563-4A51-AFFC-F896AC979EAE}) (Version: 15.04.00.0028 - Haufe-Lexware GmbH & Co.KG) Lexware Info Service (x32 Version: 5.00.00.0044 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Installations Dienst (x32 Version: 4.00.00.0005 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware kassenbuch (HKLM-x32\...\{775A55F3-97B4-4574-BD15-8A4C1343B907}) (Version: 13.00.00.0091 - Haufe-Lexware GmbH Co.KG) Lexware lohn+gehalt 2015 (x32 Version: 19.05.00.0078 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware lohn+gehalt plus 2015 (HKLM-x32\...\{3c62bbd1-b4c3-4978-9201-ff5109b491f7}) (Version: 19.1.0.86 - Haufe-Lexware GmbH & Co.KG) Lexware online banking (x32 Version: 22.00.00.0035 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware PDF-Export 5 (x32 Version: 5.00.00.0005 - Haufe-Lexware GmbH & Co.KG) Hidden Logitech SetPoint 6.51 (HKLM\...\SP6) (Version: 6.51.8 - Logitech) Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Meter Drivers for OneTouch(R) Software (x32 Version: 1.6.0.0 - LifeScan) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4711.1003 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3683288306-3887556678-712919813-1000\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation) Microsoft OneNote 2013 - de-de (HKLM\...\OneNoteFreeRetail - de-de) (Version: 15.0.4711.1003 - Microsoft Corporation) Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Msxml4 for LDCF (HKLM-x32\...\{D6160F37-7638-4E56-9774-F3C88F30A4A9}) (Version: 1.0.0.0 - ) NVIDIA 3D Vision Controller-Treiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.22 - NVIDIA Corporation) NVIDIA Grafiktreiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden Password Safe and Repository 7 (HKLM\...\{7B6F4DF3-57DA-49AD-8A6B-5639E9D66E8B}) (Version: 7.2.0.2208 - MATESO GmbH) QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group) SFirm (HKLM-x32\...\{A600A500-6AAC-48AB-B29C-145483B3A127}) (Version: 2.39.13.250.1 - Star Finanz GmbH) TerraTec H5 V5.09.0813.00 (HKLM-x32\...\TerraTec H5) (Version: 5.09.0813.00 - ) TomTom HOME (HKLM-x32\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - Ihr Firmenname) TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) Trend Micro Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 8.0 - Trend Micro Inc.) Trend Micro Titanium (Version: 8.0 - Trend Micro Inc.) Hidden Tyre (HKLM-x32\...\Tyre_is1) (Version: 6.4.0.6 - 't Schrijverke) Update Manager (x32 Version: 4.60 - Corel Corporation) Hidden VBA (x32 Version: 6.2 - Corel Corporation) Hidden VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden WD My Cloud (HKLM\...\{432F3CFC-ED41-4CDC-9D8F-6643C8A71CEA}) (Version: 1.0.6.13 - Western Digital Technologies, Inc.) WD Quick View (HKLM-x32\...\{BE1B25F9-5A51-4DB8-81FA-CE0CABC14D07}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.) WD SmartWare (HKLM\...\{FECF90E3-FDEA-4A87-8A06-2683388C69C4}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.) WD SmartWare Installer (HKLM-x32\...\{647175e1-9944-4a82-bac1-102c95f0a99a}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.) Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3683288306-3887556678-712919813-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Peter Maier\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File CustomCLSID: HKU\S-1-5-21-3683288306-3887556678-712919813-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3683288306-3887556678-712919813-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3683288306-3887556678-712919813-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3683288306-3887556678-712919813-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3683288306-3887556678-712919813-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3683288306-3887556678-712919813-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3683288306-3887556678-712919813-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 03-05-2015 12:00:50 Windows-Sicherung 07-05-2015 17:48:35 WD SmartWare Installer 08-05-2015 12:45:58 Konfiguriert Messgerätetreiber für die OneTouch® Software 08-05-2015 13:16:23 Installed HP Support Solutions Framework 10-05-2015 00:34:38 Revo Uninstaller's restore point - Avery Wizard 5.0 10-05-2015 00:35:21 Avery Wizard 5.0 wurde entfernt. 10-05-2015 00:46:17 Revo Uninstaller's restore point - Messgerätetreiber für die OneTouch® Software v1.6 10-05-2015 00:46:38 Konfiguriert Messgerätetreiber für die OneTouch® Software 10-05-2015 06:02:49 Revo Uninstaller's restore point - Free YouTube Download version 3.2.49.1022 10-05-2015 11:53:40 Removed HP Support Solutions Framework 10-05-2015 12:00:31 Windows-Sicherung ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1543C57B-8E6E-4966-A0D5-05C701E31C7F} - System32\Tasks\{F6B6BB97-9D90-444E-8655-0AB7981B6267} => C:\bhps\Sys186\bin\launcher.exe [2014-10-13] () Task: {19C13B80-158C-462C-B9FC-79672668604A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-10] (Google Inc.) Task: {210060A9-94F8-49E3-A158-06F13A329C72} - \Plus-HD-4.9-updater No Task File <==== ATTENTION Task: {2A6AF256-1ED9-466A-99E5-41279B89C6B8} - System32\Tasks\{C4AF5F76-3732-4AF9-B40E-214BD319CA67} => pcalua.exe -a "D:\Internetdownload\DE_de_DP5_DL_20100525 (1).exe" -d D:\Internetdownload Task: {2D8CF4A1-7650-42C4-B26E-095CDD959348} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation) Task: {3A5F2EDA-BC34-433E-9C60-9155D2525403} - System32\Tasks\{282A274C-E9BB-44EC-8F20-175269CA0F83} => pcalua.exe -a "D:\Internetdownload\Setup (1).exe" -d D:\Internetdownload Task: {46B42DE3-2E61-46F9-A33B-1BD6DA73956D} - System32\Tasks\{DC681306-3E13-4F05-89DF-F4604678DBDD} => C:\bhps\Sys186\bin\launcher.exe [2014-10-13] () Task: {5649080F-AB53-4851-A1DE-1A27B9345604} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation) Task: {5687D392-21E9-4C48-8DAA-78AB47F0340A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-04-22] (Microsoft Corporation) Task: {574F9381-5F9E-4EBA-88CA-5F03F09E03B9} - System32\Tasks\{6B4366FB-FBE5-4929-8003-EF88A07A3CC7} => pcalua.exe -a C:\bhps\Sys186\bin\launcher.exe -d C:\bhps\Sys186\bin -c -aDBCS {"C:\bhps\dbcs1\bin\winmbww.exe" -aDBCS 0 1} Task: {5E3CF71A-C53A-4684-AECB-37B397729559} - \Plus-HD-4.9-enabler No Task File <==== ATTENTION Task: {5FFA3EA4-E718-4C2B-8654-B01D1A2722D0} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {6D4DE76F-309A-4D18-9D3D-BBDAF4FED753} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation) Task: {73637D49-B93F-4F26-8A9D-2C6398B486AC} - System32\Tasks\{DD5FC5D8-0162-46B6-8A1C-8524DC1C4F4C} => C:\bhps\Sys186\bin\launcher.exe [2014-10-13] () Task: {7E6267C2-8577-4FB9-9750-13B6417B7ECE} - \Plus-HD-4.9-codedownloader No Task File <==== ATTENTION Task: {8303BEA7-9834-40D1-80F9-78DFB079DDB1} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe Task: {832BABB5-5A41-4350-9600-CD611E8CA53E} - System32\Tasks\{707B91E9-53CE-4387-B058-E31E4A46B4C6} => pcalua.exe -a D:\Internetdownload\setup.exe -d D:\Internetdownload Task: {83A8EA0E-F6AB-4B49-8413-446D12B47005} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {867A8D03-6D75-453C-8672-ADB75019788B} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe Task: {87BAC021-9506-4148-B955-C88B941F32B8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {932CCBC0-3933-4B39-ADC5-FDA3E623B0D4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {952A9410-4AD0-43BC-BCCF-092E41E42332} - \Plus-HD-4.9-chromeinstaller No Task File <==== ATTENTION Task: {A0B949CD-5933-4E4C-B532-B3A5FFB1173D} - System32\Tasks\{881B582D-7E9E-4263-AC63-F51D1E1A9CA7} => E:\SETUP.EXE Task: {A3836003-21BE-4BCF-906C-22C4C746B141} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated) Task: {A6C8215A-D64C-40CE-892A-2B052E947D8E} - System32\Tasks\Amazon Music Helper => C:\Users\Peter Maier\AppData\Local\Amazon Music\Amazon Music Helper.exe Task: {A9F51D7B-0B3B-4AFA-8312-CD48E3CA370D} - System32\Tasks\Microsoft Office 15 Sync Maintenance for PC-8675764-Peter Maier PC-8675764 => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation) Task: {B20D795C-230B-492D-BFA6-099A67A843F2} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe Task: {B9E59A2F-71BF-4684-A154-71D37C6C6A9A} - System32\Tasks\{D0BB2061-ED66-4D1B-9DBE-402AF27E6D38} => E:\SETUP.EXE Task: {BE87B7E9-6561-4A7B-B7BB-098E56A6D693} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-10] (Google Inc.) Task: {D1AA3BB6-9F1C-4C7A-B9A2-92BA8C8443B6} - System32\Tasks\{17BB5240-1395-451F-847B-E8044B09ED9F} => C:\Program Files (x86)\Sfirm32\SFirm32.exe Task: {D4888BAD-9C71-46A5-B24E-7E6F2151DF14} - System32\Tasks\{BAE4C050-1FCA-4BFB-96FA-9FD953AFF402} => C:\bhps\Sys186\bin\launcher.exe [2014-10-13] () Task: {E0355066-CCF2-4291-9F37-AF0A7681ADBD} - System32\Tasks\{A207691B-BB71-491D-8C20-0A25D15B0604} => pcalua.exe -a C:\bhps\Instlr4\bin\uninstaller.exe -c -iDBCS -lg -n"EPC Compact plus 1.0" -p"C:\bhps\dbcs1" -r"C:\bhps\Instlr4" Task: {E94E0D12-1AE6-4B34-B017-33BDC3E60D67} - System32\Tasks\{BBEB252E-D5E6-4774-8FE8-7960E114443E} => E:\SETUP.EXE Task: {F06788A7-B1E9-4F71-A8CF-343533D1BA57} - System32\Tasks\Western Digital\SmartWare\____Volume_1a175e4c_df64_11de_acc7_00241dd8bd54__uuid_73656761_7465_7375_636b_0090a9448272_SmartWare_ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2015-02-12] (Western Digital Technologies, Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2012-02-21 18:01 - 2013-03-15 06:16 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-06-23 12:48 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2015-03-10 12:44 - 2014-07-20 21:05 - 00089088 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_thread-vc110-mt-1_52.dll 2015-03-10 12:44 - 2014-07-20 21:05 - 00018944 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_system-vc110-mt-1_52.dll 2015-03-10 12:44 - 2014-07-20 21:05 - 00049664 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_date_time-vc110-mt-1_52.dll 2015-03-10 12:44 - 2014-07-20 21:05 - 00761856 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_regex-vc110-mt-1_52.dll 2015-04-30 21:03 - 2015-04-28 01:59 - 01633608 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libglesv2.dll 2015-04-30 21:03 - 2015-04-28 01:59 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libegl.dll 2015-04-30 21:03 - 2015-04-28 01:59 - 26783560 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\PepperFlash\pepflashplayer.dll 2012-05-03 12:11 - 2011-03-23 12:33 - 00147456 _____ () C:\Program Files (x86)\EWA net\apps\jre\private_jre\bin\server\jvm.dll 2012-05-03 12:13 - 2008-04-04 14:23 - 00036864 ____N () C:\Program Files (x86)\EWA net\database\TransBase EWA\polycsr.dll 2012-05-03 12:13 - 2008-04-04 14:23 - 00166912 ____N () C:\Program Files (x86)\EWA net\database\TransBase EWA\libmcrypt.dll 2012-05-03 12:16 - 2005-03-21 16:54 - 00036864 ____N () C:\Program Files (x86)\EWA net\database\TransBase EPC\polycsr.dll 2012-05-03 12:16 - 2007-11-26 17:26 - 00166912 ____N () C:\Program Files (x86)\EWA net\database\TransBase EPC\libmcrypt.dll 2015-03-10 12:23 - 2014-07-20 21:05 - 00039424 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc110-mt-1_49.dll 2015-03-10 12:23 - 2014-07-20 21:05 - 00049152 _____ () C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc110-mt-1_49.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3683288306-3887556678-712919813-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Peter Maier\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.2.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Amazon Music => "C:\Users\Peter Maier\AppData\Local\Amazon Music\Amazon Music Helper.exe" MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe MSCONFIG\startupreg: PocketCloud Location => "C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: Remote Control Editor => C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTVRC.exe MSCONFIG\startupreg: SfWinStartInfo => "C:\Program Files (x86)\SFirm\sfWinStartupInfo.exe" ==================== FirewallRules (whitelisted) =============== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{4B7DBCE0-6CE8-4B71-892E-8012C23FB813}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\InstTool.exe FirewallRules: [{399CB9C5-A6F8-4E89-8BC0-EDD62894FBD2}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\InstTool.exe FirewallRules: [{BD97A8DC-6573-4EE8-BD49-9B5E30B35B6F}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\CinergyDvr.exe FirewallRules: [{C9CB1051-E3C8-4608-A70F-D6EA532A9370}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\CinergyDvr.exe FirewallRules: [{6050D991-FCC3-4D04-99F1-D9FFAD78AB74}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe FirewallRules: [{263848C5-AF37-4263-9065-70FFCCAD6148}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe FirewallRules: [TCP Query User{26E3CBD9-9E23-4E80-8F2C-C20F3F10F13D}C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe] => (Allow) C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe FirewallRules: [UDP Query User{811782A2-27D1-4F94-A2D1-F14DC5559BC4}C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe] => (Allow) C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [TCP Query User{CEC9E652-3C73-4710-B965-732A1B8D47F0}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [UDP Query User{BCE2C536-917D-4E3E-A770-B17B6AA33C08}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [{20B46BEC-F654-425A-BBC3-9DA14395E1B6}] => (Allow) C:\Users\Peter Maier\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{09544B2B-CA88-4C61-86EF-F4413E54EC03}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{1600A03D-D29F-4389-A407-3052B40CD998}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [TCP Query User{D0F28F19-7DB4-4AE6-93A2-080A512BA5AB}C:\program files (x86)\password safe and repository 7\psr.exe] => (Allow) C:\program files (x86)\password safe and repository 7\psr.exe FirewallRules: [UDP Query User{B5091A54-5561-4420-A56F-854C2A3603FF}C:\program files (x86)\password safe and repository 7\psr.exe] => (Allow) C:\program files (x86)\password safe and repository 7\psr.exe FirewallRules: [{DDB356A3-989F-464F-BFCE-59C6786575CC}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe FirewallRules: [{ACAD0768-9293-458E-8477-7484640133AE}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe FirewallRules: [{24015115-3BC8-499D-B000-FDA88AE11B16}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{118E4F48-5B66-45BD-BCFF-30228C2ED4A3}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe FirewallRules: [{5218B62C-FF43-416E-9590-F37E530CFF0F}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe FirewallRules: [{EEFB2DB5-9F30-47CC-B5D7-ED766997C48B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{11B9FA93-FC56-4CC2-8E09-1B2E8FCF6065}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{D46B30B5-6C64-4E92-9380-D44FECFF957E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{696C7281-5A01-4DC4-8359-55DBC0DC90F7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{F732E822-A259-4733-AE89-F9D3710D3632}] => (Allow) C:\Program Files (x86)\Cardo Updater\CardoUpdater.exe FirewallRules: [{D251C611-FF3E-4E51-9C50-6A03BD30A210}] => (Allow) C:\Program Files (x86)\Cardo Updater\CardoUpdater.exe FirewallRules: [TCP Query User{7154096D-8410-4DE4-81D5-E0CA3DB7AB2D}C:\program files (x86)\password safe and repository 7\psr.exe] => (Block) C:\program files (x86)\password safe and repository 7\psr.exe FirewallRules: [UDP Query User{7EAF97EE-5ED9-4D49-AF3C-1ADE360BBCF0}C:\program files (x86)\password safe and repository 7\psr.exe] => (Block) C:\program files (x86)\password safe and repository 7\psr.exe FirewallRules: [{EBB1A770-7C1B-4850-9B30-1116CE15B797}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= Name: Realtek PCIe GBE Family Controller Description: Realtek PCIe GBE Family Controller Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: RTL8167 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (05/10/2015 00:55:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Setup_DriverDoc_2015.exe, Version: 0.0.0.0, Zeitstempel: 0x545f4e7a Name des fehlerhaften Moduls: nsWeb.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x509b7f18 Ausnahmecode: 0xc0000005 Fehleroffset: 0x04d12dc2 ID des fehlerhaften Prozesses: 0x760 Startzeit der fehlerhaften Anwendung: 0xSetup_DriverDoc_2015.exe0 Pfad der fehlerhaften Anwendung: Setup_DriverDoc_2015.exe1 Pfad des fehlerhaften Moduls: Setup_DriverDoc_2015.exe2 Berichtskennung: Setup_DriverDoc_2015.exe3 Error: (05/10/2015 00:54:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Setup_DriverDoc_2015.exe, Version: 0.0.0.0, Zeitstempel: 0x545f4e7a Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000cea0b ID des fehlerhaften Prozesses: 0x17dc Startzeit der fehlerhaften Anwendung: 0xSetup_DriverDoc_2015.exe0 Pfad der fehlerhaften Anwendung: Setup_DriverDoc_2015.exe1 Pfad des fehlerhaften Moduls: Setup_DriverDoc_2015.exe2 Berichtskennung: Setup_DriverDoc_2015.exe3 Error: (05/10/2015 06:22:47 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.1422, Zeitstempel: 0x51428f51 Name des fehlerhaften Moduls: nvtray.exe, Version: 7.17.13.1422, Zeitstempel: 0x51428f51 Ausnahmecode: 0x40000015 Fehleroffset: 0x0000000000154f89 ID des fehlerhaften Prozesses: 0x920 Startzeit der fehlerhaften Anwendung: 0xnvtray.exe0 Pfad der fehlerhaften Anwendung: nvtray.exe1 Pfad des fehlerhaften Moduls: nvtray.exe2 Berichtskennung: nvtray.exe3 Error: (05/09/2015 01:32:10 PM) (Source: EWA net DB EPC) (EventID: 4097) (User: ) Description: TransBase Multiplexer error report: select() Error: (05/08/2015 01:00:05 PM) (Source: EWA net DB EPC) (EventID: 4097) (User: ) Description: TransBase Multiplexer error report: select() Error: (05/07/2015 06:08:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: WDBackupEngine.exe, Version: 2.0.0.15, Zeitstempel: 0x54dd494c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0 Ausnahmecode: 0xc00000fd Fehleroffset: 0x0002defe ID des fehlerhaften Prozesses: 0x21ec Startzeit der fehlerhaften Anwendung: 0xWDBackupEngine.exe0 Pfad der fehlerhaften Anwendung: WDBackupEngine.exe1 Pfad des fehlerhaften Moduls: WDBackupEngine.exe2 Berichtskennung: WDBackupEngine.exe3 Error: (05/07/2015 06:03:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: WDBackupEngine.exe, Version: 2.0.0.15, Zeitstempel: 0x54dd494c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0 Ausnahmecode: 0xc00000fd Fehleroffset: 0x0003354b ID des fehlerhaften Prozesses: 0x1a88 Startzeit der fehlerhaften Anwendung: 0xWDBackupEngine.exe0 Pfad der fehlerhaften Anwendung: WDBackupEngine.exe1 Pfad des fehlerhaften Moduls: WDBackupEngine.exe2 Berichtskennung: WDBackupEngine.exe3 Error: (05/07/2015 05:57:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: WDBackupEngine.exe, Version: 2.0.0.15, Zeitstempel: 0x54dd494c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0 Ausnahmecode: 0xc00000fd Fehleroffset: 0x0002defe ID des fehlerhaften Prozesses: 0x1944 Startzeit der fehlerhaften Anwendung: 0xWDBackupEngine.exe0 Pfad der fehlerhaften Anwendung: WDBackupEngine.exe1 Pfad des fehlerhaften Moduls: WDBackupEngine.exe2 Berichtskennung: WDBackupEngine.exe3 Error: (05/03/2015 05:04:28 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1214 Startzeit: 01d0857a1ecb2e5b Endzeit: 0 Anwendungspfad: C:\Windows\Explorer.EXE Berichts-ID: a9db592f-f1a5-11e4-8be2-404e57434401 Error: (05/01/2015 10:09:38 AM) (Source: EWA net DB Core) (EventID: 4097) (User: ) Description: TransBase Multiplexer error report: select() System errors: ============= Error: (05/10/2015 00:22:18 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {9E6E74C7-0E85-4D14-8851-7635E2C1C528} Error: (05/10/2015 00:07:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (05/10/2015 00:07:42 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (05/10/2015 10:33:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "WD Backup" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (05/10/2015 10:33:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "WD Drive Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (05/10/2015 10:33:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "TomTomHOMEService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (05/10/2015 10:33:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "EWA net Server" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (05/10/2015 10:33:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Machine Debug Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (05/10/2015 10:33:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "EWA net DB EPC" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (05/10/2015 10:33:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "EWA net DB WIS" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Microsoft Office Sessions: ========================= Error: (05/10/2015 00:55:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Setup_DriverDoc_2015.exe0.0.0.0545f4e7ansWeb.dll_unloaded0.0.0.0509b7f18c000000504d12dc276001d08b0fcbe85c8aD:\Internetdownload\Setup_DriverDoc_2015.exensWeb.dll0f370aca-f703-11e4-a502-404e57434401 Error: (05/10/2015 00:54:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Setup_DriverDoc_2015.exe0.0.0.0545f4e7antdll.dll6.1.7601.187985507b3e0c0000374000cea0b17dc01d08b0f9b9e0f64D:\Internetdownload\Setup_DriverDoc_2015.exeC:\Windows\SysWOW64\ntdll.dlle358ee58-f702-11e4-a502-404e57434401 Error: (05/10/2015 06:22:47 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: nvtray.exe7.17.13.142251428f51nvtray.exe7.17.13.142251428f51400000150000000000154f8992001d08ad8b1baaf62C:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exe3592e115-f6cc-11e4-b616-404e57434401 Error: (05/09/2015 01:32:10 PM) (Source: EWA net DB EPC) (EventID: 4097) (User: ) Description: TransBase Multiplexer error report: select() Error: (05/08/2015 01:00:05 PM) (Source: EWA net DB EPC) (EventID: 4097) (User: ) Description: TransBase Multiplexer error report: select() Error: (05/07/2015 06:08:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: WDBackupEngine.exe2.0.0.1554dd494cntdll.dll6.1.7601.187985507b3e0c00000fd0002defe21ec01d088df55c023d7C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exeC:\Windows\SysWOW64\ntdll.dll5212c1f0-f4d3-11e4-8be2-404e57434401 Error: (05/07/2015 06:03:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: WDBackupEngine.exe2.0.0.1554dd494cntdll.dll6.1.7601.187985507b3e0c00000fd0003354b1a8801d088de97cdecfcC:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exeC:\Windows\SysWOW64\ntdll.dll8c6538d9-f4d2-11e4-8be2-404e57434401 Error: (05/07/2015 05:57:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: WDBackupEngine.exe2.0.0.1554dd494cntdll.dll6.1.7601.187985507b3e0c00000fd0002defe194401d088dd9fe653c6C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exeC:\Windows\SysWOW64\ntdll.dllc0c8835f-f4d1-11e4-8be2-404e57434401 Error: (05/03/2015 05:04:28 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Explorer.EXE6.1.7601.17567121401d0857a1ecb2e5b0C:\Windows\Explorer.EXEa9db592f-f1a5-11e4-8be2-404e57434401 Error: (05/01/2015 10:09:38 AM) (Source: EWA net DB Core) (EventID: 4097) (User: ) Description: TransBase Multiplexer error report: select() ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU E5400 @ 2.70GHz Percentage of memory in use: 54% Total physical RAM: 4094.49 MB Available physical RAM: 1857.28 MB Total Pagefile: 8187.18 MB Available Pagefile: 5412.02 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (SYSTEM) (Fixed) (Total:297.99 GB) (Free:153.3 GB) NTFS Drive d: (DATEN) (Fixed) (Total:465.76 GB) (Free:45 GB) NTFS Drive f: (PKBACK# 001) (Removable) (Total:3.69 GB) (Free:3.59 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7B749EEA) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: EC35DFA7) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 3.7 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Protection, 10.05.2015 06:21:20, SYSTEM, PC-8675764, Protection, Malware Protection, Starting, Protection, 10.05.2015 06:21:20, SYSTEM, PC-8675764, Protection, Malware Protection, Started, Protection, 10.05.2015 06:21:20, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Starting, Protection, 10.05.2015 06:21:41, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Started, Update, 10.05.2015 06:23:03, SYSTEM, PC-8675764, Scheduler, Malware Database, 2015.5.9.4, 2015.5.10.2, Protection, 10.05.2015 06:23:03, SYSTEM, PC-8675764, Protection, Refresh, Starting, Protection, 10.05.2015 06:23:03, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Stopping, Protection, 10.05.2015 06:23:03, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Stopped, Protection, 10.05.2015 06:23:10, SYSTEM, PC-8675764, Protection, Refresh, Success, Protection, 10.05.2015 06:23:10, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Starting, Protection, 10.05.2015 06:23:10, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Started, Scan, 10.05.2015 07:43:59, SYSTEM, PC-8675764, Context, Start: 10.05.2015 06:23:08, Dauer: 1 Stunden 20 Minuten 51 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, "0" nicht-Malwareerkennung, Protection, 10.05.2015 09:43:43, SYSTEM, PC-8675764, Protection, Malware Protection, Starting, Protection, 10.05.2015 09:43:43, SYSTEM, PC-8675764, Protection, Malware Protection, Started, Protection, 10.05.2015 09:43:43, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Starting, Protection, 10.05.2015 09:43:49, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Started, Protection, 10.05.2015 10:31:25, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Stopping, Protection, 10.05.2015 10:31:25, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Stopped, Protection, 10.05.2015 10:31:25, SYSTEM, PC-8675764, Protection, Malware Protection, Stopping, Protection, 10.05.2015 10:32:08, SYSTEM, PC-8675764, Protection, Malware Protection, Stopped, Protection, 10.05.2015 12:04:59, SYSTEM, PC-8675764, Protection, Malware Protection, Starting, Protection, 10.05.2015 12:05:00, SYSTEM, PC-8675764, Protection, Malware Protection, Started, Protection, 10.05.2015 12:05:00, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Starting, Protection, 10.05.2015 12:05:45, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Started, Detection, 10.05.2015 12:33:57, Peter Maier, PC-8675764, Protection, Malwareschutz, Datei, PUP.Optional.OpenCandy, C:\Users\Peter Maier\AppData\Local\Temp\is-GCFA5.tmp\OCSetupHlp.dll, Quarantäne, [6496761ba1e943f3dc368db149bd6c94] Detection, 10.05.2015 12:49:25, Peter Maier, PC-8675764, Protection, Malwareschutz, Datei, PUP.Optional.OpenCandy, C:\Users\Peter Maier\AppData\Local\Temp\is-DB3R5.tmp\OCSetupHlp.dll, Quarantäne, [75850c85c7c348eeb55d3905fb0b8c74] Detection, 10.05.2015 12:50:14, SYSTEM, PC-8675764, Protection, Malwareschutz, Datei, PUP.Optional.OpenCandy, C:\Users\Peter Maier\AppData\Local\Temp\is-PKD10.tmp\OCSetupHlp.dll, Quarantäne, [7585771a97f385b18092ef4f9076847c] Protection, 10.05.2015 13:22:09, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Stopping, Protection, 10.05.2015 13:22:09, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Stopped, Protection, 10.05.2015 13:22:09, SYSTEM, PC-8675764, Protection, Malware Protection, Stopping, Protection, 10.05.2015 13:22:44, SYSTEM, PC-8675764, Protection, Malware Protection, Stopped, Protection, 10.05.2015 14:49:22, SYSTEM, PC-8675764, Protection, Malware Protection, Starting, Protection, 10.05.2015 14:49:22, SYSTEM, PC-8675764, Protection, Malware Protection, Started, Protection, 10.05.2015 14:49:22, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Starting, Protection, 10.05.2015 14:49:22, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Started, Update, 10.05.2015 14:53:24, SYSTEM, PC-8675764, Manual, Malware Database, 2015.5.10.2, 2015.5.10.3, Protection, 10.05.2015 14:53:24, SYSTEM, PC-8675764, Protection, Refresh, Starting, Protection, 10.05.2015 14:53:24, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Stopping, Protection, 10.05.2015 14:53:24, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Stopped, Protection, 10.05.2015 14:53:51, SYSTEM, PC-8675764, Protection, Refresh, Success, Protection, 10.05.2015 14:53:51, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Starting, Protection, 10.05.2015 14:53:52, SYSTEM, PC-8675764, Protection, Malicious Website Protection, Started, Scan, 10.05.2015 16:24:35, SYSTEM, PC-8675764, Manual, Start: 10.05.2015 14:58:45, Dauer: 1 Stunden 25 Minuten 50 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, "0" nicht-Malwareerkennung, (end) |
10.05.2015, 16:57 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bei HP Druckertreiberinstallation öffnet Free youtube Downloader Hi und
__________________Ich hab schwer den Eindruck, dass es sich hier um ein gewerblich genutztes System handelt. Wenn dem so ist, bitte unsere Policy dazu lesen. => http://www.trojaner-board.de/108422-...tml#post758384 Insbesondere: Zitat:
__________________ |
10.05.2015, 17:58 | #3 |
| Bei HP Druckertreiberinstallation öffnet Free youtube Downloader ja, gelesen und verstanden
__________________es ist richtig. Es sind gewerbliche Programme auf dem Rechner, da ich bis 31.12.2014 Selbstständig war und solange bis der Zirkus mit Finanzamt, Steuerberater, Krankenkassen und letzter Jahresabschluß nicht erledigt ist kann ich diese Programme nicht löschen. Sonst hätte ich die Kiste plattgemacht und die Programme die ich brauche wieder installiert. Ich kann dir gerne meine Gewerbeabmeldung zukommen lassen. Habe leider nicht daran gedacht. |
10.05.2015, 18:09 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bei HP Druckertreiberinstallation öffnet Free youtube Downloader Ok, geht klar, danke für die Erklärung. Hast du nur diese Logs von Malwarebytes? Weil du hast nur die Protection-Logs gepostet.
__________________ Logfiles bitte immer in CODE-Tags posten |
11.05.2015, 08:58 | #5 |
| Bei HP Druckertreiberinstallation öffnet Free youtube Downloader Hallo, ja, nur noch den Scanlog den füge ich ein. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 10.05.2015 Suchlauf-Zeit: 06:23:08 Logdatei: mbam-log1.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.05.10.02 Rootkit Datenbank: v2015.04.21.01 Lizenz: Premium Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Peter Maier Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 559464 Verstrichene Zeit: 1 Std, 20 Min, 51 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) |
11.05.2015, 12:06 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bei HP Druckertreiberinstallation öffnet Free youtube Downloader Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ --> Bei HP Druckertreiberinstallation öffnet Free youtube Downloader |
12.05.2015, 05:32 | #7 |
| Bei HP Druckertreiberinstallation öffnet Free youtube Downloader Hallo, alle Scans gemacht Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2015 Ran by Peter Maier at 2015-05-12 06:24:59 Running from D:\Internetdownload Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3683288306-3887556678-712919813-500 - Administrator - Disabled) Gast (S-1-5-21-3683288306-3887556678-712919813-501 - Limited - Enabled) Peter Maier (S-1-5-21-3683288306-3887556678-712919813-1000 - Administrator - Enabled) => C:\Users\Peter Maier PQPBSUSER (S-1-5-21-3683288306-3887556678-712919813-1011 - Administrator - Enabled) Test (S-1-5-21-3683288306-3887556678-712919813-1004 - Limited - Enabled) => C:\Users\Test UpdatusUser (S-1-5-21-3683288306-3887556678-712919813-1009 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Trend Micro Internet Security (Disabled - Up to date) {F2F88E6A-3C7A-545F-268A-5D0BDD38EE06} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Trend Micro Internet Security (Disabled - Up to date) {49996F8E-1A40-5BD1-1C3A-6679A6BFA4BB} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.3.1 - Angry IP Scanner) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Cardo Updater (HKLM-x32\...\Cardo Updater_is1) (Version: - Cardo Systems, Inc.) CorelDRAW Graphics Suite X3 (HKLM-x32\...\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}) (Version: 13.0 - Corel Corporation) dakota.ag (HKLM-x32\...\dakota.ag) (Version: 6.0.30 - ITSG GmbH) dakota.ag (x32 Version: 6.0.30 - ITSG GmbH) Hidden DE (x32 Version: 13.0 - Corel Corporation) Hidden Design & Print (HKLM-x32\...\Design & Print 1.0.5) (Version: 1.0.5 - Avery Zweckform) DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) Document_Installer (x32 Version: 1.00.0000 - DaimlerChrysler AG) Hidden EPC Compact plus 1.0 (HKLM-x32\...\dbcs1) (Version: - ) eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden EWA net (HKLM-x32\...\EWA net) (Version: - ) EWA_net_Admin (x32 Version: 1.00.0000 - DaimlerChrysler AG) Hidden EWA_net_Client_Applications (x32 Version: 1.00.0000 - DaimlerChrysler AG) Hidden EWA_net_Core (x32 Version: 1.00.0000 - DaimlerChrysler AG) Hidden EWA_net_EPC (x32 Version: 1.00.0000 - Daimler) Hidden EWA_net_Server (x32 Version: 1.00.0000 - DaimlerChrysler AG) Hidden EWA_net_WIS (x32 Version: 1.00.0000 - DaimlerChrysler AG) Hidden EWA_net_WIS_CaseOnline_Importer (x32 Version: 1.00.0000 - DaimlerChrysler AG) Hidden FontNav (x32 Version: 5.0 - Corel Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.) Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden HS/3 2011 (HKLM-x32\...\HS/3_is1) (Version: 2011 (2011.11.001) - HS/3 Hotelsoftware GmbH & Co. KG) iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 4.2.1909 - KYOCERA Document Solutions Inc.) Lexware Elster (HKLM-x32\...\{A4AAD5E5-1563-4A51-AFFC-F896AC979EAE}) (Version: 15.04.00.0028 - Haufe-Lexware GmbH & Co.KG) Lexware Info Service (x32 Version: 5.00.00.0044 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware Installations Dienst (x32 Version: 4.00.00.0005 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware kassenbuch (HKLM-x32\...\{775A55F3-97B4-4574-BD15-8A4C1343B907}) (Version: 13.00.00.0091 - Haufe-Lexware GmbH Co.KG) Lexware lohn+gehalt 2015 (x32 Version: 19.05.00.0078 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware lohn+gehalt plus 2015 (HKLM-x32\...\{3c62bbd1-b4c3-4978-9201-ff5109b491f7}) (Version: 19.1.0.86 - Haufe-Lexware GmbH & Co.KG) Lexware online banking (x32 Version: 22.00.00.0035 - Haufe-Lexware GmbH & Co.KG) Hidden Lexware PDF-Export 5 (x32 Version: 5.00.00.0005 - Haufe-Lexware GmbH & Co.KG) Hidden Logitech SetPoint 6.51 (HKLM\...\SP6) (Version: 6.51.8 - Logitech) Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Meter Drivers for OneTouch(R) Software (x32 Version: 1.6.0.0 - LifeScan) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4711.1003 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3683288306-3887556678-712919813-1000\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation) Microsoft OneNote 2013 - de-de (HKLM\...\OneNoteFreeRetail - de-de) (Version: 15.0.4711.1003 - Microsoft Corporation) Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Msxml4 for LDCF (HKLM-x32\...\{D6160F37-7638-4E56-9774-F3C88F30A4A9}) (Version: 1.0.0.0 - ) NVIDIA 3D Vision Controller-Treiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.22 - NVIDIA Corporation) NVIDIA Grafiktreiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4711.1003 - Microsoft Corporation) Hidden Password Safe and Repository 7 (HKLM\...\{7B6F4DF3-57DA-49AD-8A6B-5639E9D66E8B}) (Version: 7.2.0.2208 - MATESO GmbH) QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group) SFirm (HKLM-x32\...\{A600A500-6AAC-48AB-B29C-145483B3A127}) (Version: 2.39.13.250.1 - Star Finanz GmbH) TerraTec H5 V5.09.0813.00 (HKLM-x32\...\TerraTec H5) (Version: 5.09.0813.00 - ) TomTom HOME (HKLM-x32\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - Ihr Firmenname) TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) Trend Micro Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 8.0 - Trend Micro Inc.) Trend Micro Titanium (Version: 8.0 - Trend Micro Inc.) Hidden Tyre (HKLM-x32\...\Tyre_is1) (Version: 6.4.0.6 - 't Schrijverke) Update Manager (x32 Version: 4.60 - Corel Corporation) Hidden VBA (x32 Version: 6.2 - Corel Corporation) Hidden VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden WD My Cloud (HKLM\...\{432F3CFC-ED41-4CDC-9D8F-6643C8A71CEA}) (Version: 1.0.6.13 - Western Digital Technologies, Inc.) WD Quick View (HKLM-x32\...\{BE1B25F9-5A51-4DB8-81FA-CE0CABC14D07}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.) WD SmartWare (HKLM\...\{FECF90E3-FDEA-4A87-8A06-2683388C69C4}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.) WD SmartWare Installer (HKLM-x32\...\{647175e1-9944-4a82-bac1-102c95f0a99a}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.) Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3683288306-3887556678-712919813-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Peter Maier\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File CustomCLSID: HKU\S-1-5-21-3683288306-3887556678-712919813-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3683288306-3887556678-712919813-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3683288306-3887556678-712919813-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3683288306-3887556678-712919813-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3683288306-3887556678-712919813-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3683288306-3887556678-712919813-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3683288306-3887556678-712919813-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 03-05-2015 12:00:50 Windows-Sicherung 07-05-2015 17:48:35 WD SmartWare Installer 08-05-2015 12:45:58 Konfiguriert Messgerätetreiber für die OneTouch® Software 08-05-2015 13:16:23 Installed HP Support Solutions Framework 10-05-2015 00:34:38 Revo Uninstaller's restore point - Avery Wizard 5.0 10-05-2015 00:35:21 Avery Wizard 5.0 wurde entfernt. 10-05-2015 00:46:17 Revo Uninstaller's restore point - Messgerätetreiber für die OneTouch® Software v1.6 10-05-2015 00:46:38 Konfiguriert Messgerätetreiber für die OneTouch® Software 10-05-2015 06:02:49 Revo Uninstaller's restore point - Free YouTube Download version 3.2.49.1022 10-05-2015 11:53:40 Removed HP Support Solutions Framework 10-05-2015 12:00:31 Windows-Sicherung ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1543C57B-8E6E-4966-A0D5-05C701E31C7F} - System32\Tasks\{F6B6BB97-9D90-444E-8655-0AB7981B6267} => C:\bhps\Sys186\bin\launcher.exe [2014-10-13] () Task: {19C13B80-158C-462C-B9FC-79672668604A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-10] (Google Inc.) Task: {210060A9-94F8-49E3-A158-06F13A329C72} - \Plus-HD-4.9-updater No Task File <==== ATTENTION Task: {2A6AF256-1ED9-466A-99E5-41279B89C6B8} - System32\Tasks\{C4AF5F76-3732-4AF9-B40E-214BD319CA67} => pcalua.exe -a "D:\Internetdownload\DE_de_DP5_DL_20100525 (1).exe" -d D:\Internetdownload Task: {2D8CF4A1-7650-42C4-B26E-095CDD959348} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation) Task: {3A5F2EDA-BC34-433E-9C60-9155D2525403} - System32\Tasks\{282A274C-E9BB-44EC-8F20-175269CA0F83} => pcalua.exe -a "D:\Internetdownload\Setup (1).exe" -d D:\Internetdownload Task: {46B42DE3-2E61-46F9-A33B-1BD6DA73956D} - System32\Tasks\{DC681306-3E13-4F05-89DF-F4604678DBDD} => C:\bhps\Sys186\bin\launcher.exe [2014-10-13] () Task: {5649080F-AB53-4851-A1DE-1A27B9345604} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation) Task: {5687D392-21E9-4C48-8DAA-78AB47F0340A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-04-22] (Microsoft Corporation) Task: {574F9381-5F9E-4EBA-88CA-5F03F09E03B9} - System32\Tasks\{6B4366FB-FBE5-4929-8003-EF88A07A3CC7} => pcalua.exe -a C:\bhps\Sys186\bin\launcher.exe -d C:\bhps\Sys186\bin -c -aDBCS {"C:\bhps\dbcs1\bin\winmbww.exe" -aDBCS 0 1} Task: {5E3CF71A-C53A-4684-AECB-37B397729559} - \Plus-HD-4.9-enabler No Task File <==== ATTENTION Task: {5FFA3EA4-E718-4C2B-8654-B01D1A2722D0} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {6D4DE76F-309A-4D18-9D3D-BBDAF4FED753} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation) Task: {73637D49-B93F-4F26-8A9D-2C6398B486AC} - System32\Tasks\{DD5FC5D8-0162-46B6-8A1C-8524DC1C4F4C} => C:\bhps\Sys186\bin\launcher.exe [2014-10-13] () Task: {7E6267C2-8577-4FB9-9750-13B6417B7ECE} - \Plus-HD-4.9-codedownloader No Task File <==== ATTENTION Task: {8303BEA7-9834-40D1-80F9-78DFB079DDB1} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe Task: {832BABB5-5A41-4350-9600-CD611E8CA53E} - System32\Tasks\{707B91E9-53CE-4387-B058-E31E4A46B4C6} => pcalua.exe -a D:\Internetdownload\setup.exe -d D:\Internetdownload Task: {83A8EA0E-F6AB-4B49-8413-446D12B47005} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {867A8D03-6D75-453C-8672-ADB75019788B} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe Task: {87BAC021-9506-4148-B955-C88B941F32B8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {932CCBC0-3933-4B39-ADC5-FDA3E623B0D4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation) Task: {952A9410-4AD0-43BC-BCCF-092E41E42332} - \Plus-HD-4.9-chromeinstaller No Task File <==== ATTENTION Task: {A0B949CD-5933-4E4C-B532-B3A5FFB1173D} - System32\Tasks\{881B582D-7E9E-4263-AC63-F51D1E1A9CA7} => E:\SETUP.EXE Task: {A3836003-21BE-4BCF-906C-22C4C746B141} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated) Task: {A6C8215A-D64C-40CE-892A-2B052E947D8E} - System32\Tasks\Amazon Music Helper => C:\Users\Peter Maier\AppData\Local\Amazon Music\Amazon Music Helper.exe Task: {A9F51D7B-0B3B-4AFA-8312-CD48E3CA370D} - System32\Tasks\Microsoft Office 15 Sync Maintenance for PC-8675764-Peter Maier PC-8675764 => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation) Task: {B20D795C-230B-492D-BFA6-099A67A843F2} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe Task: {B9E59A2F-71BF-4684-A154-71D37C6C6A9A} - System32\Tasks\{D0BB2061-ED66-4D1B-9DBE-402AF27E6D38} => E:\SETUP.EXE Task: {BE87B7E9-6561-4A7B-B7BB-098E56A6D693} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-10] (Google Inc.) Task: {D1AA3BB6-9F1C-4C7A-B9A2-92BA8C8443B6} - System32\Tasks\{17BB5240-1395-451F-847B-E8044B09ED9F} => C:\Program Files (x86)\Sfirm32\SFirm32.exe Task: {D4888BAD-9C71-46A5-B24E-7E6F2151DF14} - System32\Tasks\{BAE4C050-1FCA-4BFB-96FA-9FD953AFF402} => C:\bhps\Sys186\bin\launcher.exe [2014-10-13] () Task: {E0355066-CCF2-4291-9F37-AF0A7681ADBD} - System32\Tasks\{A207691B-BB71-491D-8C20-0A25D15B0604} => pcalua.exe -a C:\bhps\Instlr4\bin\uninstaller.exe -c -iDBCS -lg -n"EPC Compact plus 1.0" -p"C:\bhps\dbcs1" -r"C:\bhps\Instlr4" Task: {E94E0D12-1AE6-4B34-B017-33BDC3E60D67} - System32\Tasks\{BBEB252E-D5E6-4774-8FE8-7960E114443E} => E:\SETUP.EXE Task: {F06788A7-B1E9-4F71-A8CF-343533D1BA57} - System32\Tasks\Western Digital\SmartWare\____Volume_1a175e4c_df64_11de_acc7_00241dd8bd54__uuid_73656761_7465_7375_636b_0090a9448272_SmartWare_ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2015-02-12] (Western Digital Technologies, Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2015-03-10 12:44 - 2014-07-20 21:05 - 00089088 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_thread-vc110-mt-1_52.dll 2015-03-10 12:44 - 2014-07-20 21:05 - 00018944 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_system-vc110-mt-1_52.dll 2015-03-10 12:44 - 2014-07-20 21:05 - 00049664 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_date_time-vc110-mt-1_52.dll 2014-06-23 12:48 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-11-18 10:06 - 2014-11-18 10:06 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3683288306-3887556678-712919813-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Peter Maier\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.2.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Amazon Music => "C:\Users\Peter Maier\AppData\Local\Amazon Music\Amazon Music Helper.exe" MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe MSCONFIG\startupreg: PocketCloud Location => "C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: Remote Control Editor => C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTVRC.exe MSCONFIG\startupreg: SfWinStartInfo => "C:\Program Files (x86)\SFirm\sfWinStartupInfo.exe" ==================== FirewallRules (whitelisted) =============== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{4B7DBCE0-6CE8-4B71-892E-8012C23FB813}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\InstTool.exe FirewallRules: [{399CB9C5-A6F8-4E89-8BC0-EDD62894FBD2}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\InstTool.exe FirewallRules: [{BD97A8DC-6573-4EE8-BD49-9B5E30B35B6F}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\CinergyDvr.exe FirewallRules: [{C9CB1051-E3C8-4608-A70F-D6EA532A9370}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\CinergyDvr.exe FirewallRules: [{6050D991-FCC3-4D04-99F1-D9FFAD78AB74}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe FirewallRules: [{263848C5-AF37-4263-9065-70FFCCAD6148}] => (Allow) C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe FirewallRules: [TCP Query User{26E3CBD9-9E23-4E80-8F2C-C20F3F10F13D}C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe] => (Allow) C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe FirewallRules: [UDP Query User{811782A2-27D1-4F94-A2D1-F14DC5559BC4}C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe] => (Allow) C:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [TCP Query User{CEC9E652-3C73-4710-B965-732A1B8D47F0}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [UDP Query User{BCE2C536-917D-4E3E-A770-B17B6AA33C08}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [{20B46BEC-F654-425A-BBC3-9DA14395E1B6}] => (Allow) C:\Users\Peter Maier\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{09544B2B-CA88-4C61-86EF-F4413E54EC03}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{1600A03D-D29F-4389-A407-3052B40CD998}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [TCP Query User{D0F28F19-7DB4-4AE6-93A2-080A512BA5AB}C:\program files (x86)\password safe and repository 7\psr.exe] => (Allow) C:\program files (x86)\password safe and repository 7\psr.exe FirewallRules: [UDP Query User{B5091A54-5561-4420-A56F-854C2A3603FF}C:\program files (x86)\password safe and repository 7\psr.exe] => (Allow) C:\program files (x86)\password safe and repository 7\psr.exe FirewallRules: [{DDB356A3-989F-464F-BFCE-59C6786575CC}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe FirewallRules: [{ACAD0768-9293-458E-8477-7484640133AE}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe FirewallRules: [{24015115-3BC8-499D-B000-FDA88AE11B16}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{118E4F48-5B66-45BD-BCFF-30228C2ED4A3}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe FirewallRules: [{5218B62C-FF43-416E-9590-F37E530CFF0F}] => (Allow) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe FirewallRules: [{EEFB2DB5-9F30-47CC-B5D7-ED766997C48B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{11B9FA93-FC56-4CC2-8E09-1B2E8FCF6065}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{D46B30B5-6C64-4E92-9380-D44FECFF957E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{696C7281-5A01-4DC4-8359-55DBC0DC90F7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{F732E822-A259-4733-AE89-F9D3710D3632}] => (Allow) C:\Program Files (x86)\Cardo Updater\CardoUpdater.exe FirewallRules: [{D251C611-FF3E-4E51-9C50-6A03BD30A210}] => (Allow) C:\Program Files (x86)\Cardo Updater\CardoUpdater.exe FirewallRules: [TCP Query User{7154096D-8410-4DE4-81D5-E0CA3DB7AB2D}C:\program files (x86)\password safe and repository 7\psr.exe] => (Block) C:\program files (x86)\password safe and repository 7\psr.exe FirewallRules: [UDP Query User{7EAF97EE-5ED9-4D49-AF3C-1ADE360BBCF0}C:\program files (x86)\password safe and repository 7\psr.exe] => (Block) C:\program files (x86)\password safe and repository 7\psr.exe FirewallRules: [{EBB1A770-7C1B-4850-9B30-1116CE15B797}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= Name: Realtek PCIe GBE Family Controller Description: Realtek PCIe GBE Family Controller Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: RTL8167 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (05/10/2015 00:55:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Setup_DriverDoc_2015.exe, Version: 0.0.0.0, Zeitstempel: 0x545f4e7a Name des fehlerhaften Moduls: nsWeb.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x509b7f18 Ausnahmecode: 0xc0000005 Fehleroffset: 0x04d12dc2 ID des fehlerhaften Prozesses: 0x760 Startzeit der fehlerhaften Anwendung: 0xSetup_DriverDoc_2015.exe0 Pfad der fehlerhaften Anwendung: Setup_DriverDoc_2015.exe1 Pfad des fehlerhaften Moduls: Setup_DriverDoc_2015.exe2 Berichtskennung: Setup_DriverDoc_2015.exe3 Error: (05/10/2015 00:54:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Setup_DriverDoc_2015.exe, Version: 0.0.0.0, Zeitstempel: 0x545f4e7a Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000cea0b ID des fehlerhaften Prozesses: 0x17dc Startzeit der fehlerhaften Anwendung: 0xSetup_DriverDoc_2015.exe0 Pfad der fehlerhaften Anwendung: Setup_DriverDoc_2015.exe1 Pfad des fehlerhaften Moduls: Setup_DriverDoc_2015.exe2 Berichtskennung: Setup_DriverDoc_2015.exe3 Error: (05/10/2015 06:22:47 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.1422, Zeitstempel: 0x51428f51 Name des fehlerhaften Moduls: nvtray.exe, Version: 7.17.13.1422, Zeitstempel: 0x51428f51 Ausnahmecode: 0x40000015 Fehleroffset: 0x0000000000154f89 ID des fehlerhaften Prozesses: 0x920 Startzeit der fehlerhaften Anwendung: 0xnvtray.exe0 Pfad der fehlerhaften Anwendung: nvtray.exe1 Pfad des fehlerhaften Moduls: nvtray.exe2 Berichtskennung: nvtray.exe3 Error: (05/09/2015 01:32:10 PM) (Source: EWA net DB EPC) (EventID: 4097) (User: ) Description: TransBase Multiplexer error report: select() Error: (05/08/2015 01:00:05 PM) (Source: EWA net DB EPC) (EventID: 4097) (User: ) Description: TransBase Multiplexer error report: select() Error: (05/07/2015 06:08:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: WDBackupEngine.exe, Version: 2.0.0.15, Zeitstempel: 0x54dd494c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0 Ausnahmecode: 0xc00000fd Fehleroffset: 0x0002defe ID des fehlerhaften Prozesses: 0x21ec Startzeit der fehlerhaften Anwendung: 0xWDBackupEngine.exe0 Pfad der fehlerhaften Anwendung: WDBackupEngine.exe1 Pfad des fehlerhaften Moduls: WDBackupEngine.exe2 Berichtskennung: WDBackupEngine.exe3 Error: (05/07/2015 06:03:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: WDBackupEngine.exe, Version: 2.0.0.15, Zeitstempel: 0x54dd494c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0 Ausnahmecode: 0xc00000fd Fehleroffset: 0x0003354b ID des fehlerhaften Prozesses: 0x1a88 Startzeit der fehlerhaften Anwendung: 0xWDBackupEngine.exe0 Pfad der fehlerhaften Anwendung: WDBackupEngine.exe1 Pfad des fehlerhaften Moduls: WDBackupEngine.exe2 Berichtskennung: WDBackupEngine.exe3 Error: (05/07/2015 05:57:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: WDBackupEngine.exe, Version: 2.0.0.15, Zeitstempel: 0x54dd494c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0 Ausnahmecode: 0xc00000fd Fehleroffset: 0x0002defe ID des fehlerhaften Prozesses: 0x1944 Startzeit der fehlerhaften Anwendung: 0xWDBackupEngine.exe0 Pfad der fehlerhaften Anwendung: WDBackupEngine.exe1 Pfad des fehlerhaften Moduls: WDBackupEngine.exe2 Berichtskennung: WDBackupEngine.exe3 Error: (05/03/2015 05:04:28 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1214 Startzeit: 01d0857a1ecb2e5b Endzeit: 0 Anwendungspfad: C:\Windows\Explorer.EXE Berichts-ID: a9db592f-f1a5-11e4-8be2-404e57434401 Error: (05/01/2015 10:09:38 AM) (Source: EWA net DB Core) (EventID: 4097) (User: ) Description: TransBase Multiplexer error report: select() System errors: ============= Error: (05/12/2015 06:18:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "EWA net Server" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (05/12/2015 06:17:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "WD Backup" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (05/12/2015 06:17:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "WD Drive Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (05/12/2015 06:17:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "TomTomHOMEService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (05/12/2015 06:17:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Machine Debug Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (05/12/2015 06:17:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "EWA net DB Core" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (05/12/2015 06:17:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "EWA net DB EPC" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (05/12/2015 06:17:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "EWA net DB WIS" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (05/12/2015 06:17:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (05/12/2015 06:17:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Microsoft Office Sessions: ========================= Error: (05/10/2015 00:55:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Setup_DriverDoc_2015.exe0.0.0.0545f4e7ansWeb.dll_unloaded0.0.0.0509b7f18c000000504d12dc276001d08b0fcbe85c8aD:\Internetdownload\Setup_DriverDoc_2015.exensWeb.dll0f370aca-f703-11e4-a502-404e57434401 Error: (05/10/2015 00:54:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Setup_DriverDoc_2015.exe0.0.0.0545f4e7antdll.dll6.1.7601.187985507b3e0c0000374000cea0b17dc01d08b0f9b9e0f64D:\Internetdownload\Setup_DriverDoc_2015.exeC:\Windows\SysWOW64\ntdll.dlle358ee58-f702-11e4-a502-404e57434401 Error: (05/10/2015 06:22:47 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: nvtray.exe7.17.13.142251428f51nvtray.exe7.17.13.142251428f51400000150000000000154f8992001d08ad8b1baaf62C:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exe3592e115-f6cc-11e4-b616-404e57434401 Error: (05/09/2015 01:32:10 PM) (Source: EWA net DB EPC) (EventID: 4097) (User: ) Description: TransBase Multiplexer error report: select() Error: (05/08/2015 01:00:05 PM) (Source: EWA net DB EPC) (EventID: 4097) (User: ) Description: TransBase Multiplexer error report: select() Error: (05/07/2015 06:08:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: WDBackupEngine.exe2.0.0.1554dd494cntdll.dll6.1.7601.187985507b3e0c00000fd0002defe21ec01d088df55c023d7C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exeC:\Windows\SysWOW64\ntdll.dll5212c1f0-f4d3-11e4-8be2-404e57434401 Error: (05/07/2015 06:03:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: WDBackupEngine.exe2.0.0.1554dd494cntdll.dll6.1.7601.187985507b3e0c00000fd0003354b1a8801d088de97cdecfcC:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exeC:\Windows\SysWOW64\ntdll.dll8c6538d9-f4d2-11e4-8be2-404e57434401 Error: (05/07/2015 05:57:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: WDBackupEngine.exe2.0.0.1554dd494cntdll.dll6.1.7601.187985507b3e0c00000fd0002defe194401d088dd9fe653c6C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exeC:\Windows\SysWOW64\ntdll.dllc0c8835f-f4d1-11e4-8be2-404e57434401 Error: (05/03/2015 05:04:28 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Explorer.EXE6.1.7601.17567121401d0857a1ecb2e5b0C:\Windows\Explorer.EXEa9db592f-f1a5-11e4-8be2-404e57434401 Error: (05/01/2015 10:09:38 AM) (Source: EWA net DB Core) (EventID: 4097) (User: ) Description: TransBase Multiplexer error report: select() ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU E5400 @ 2.70GHz Percentage of memory in use: 35% Total physical RAM: 4094.49 MB Available physical RAM: 2630.27 MB Total Pagefile: 8187.18 MB Available Pagefile: 6629.38 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (SYSTEM) (Fixed) (Total:297.99 GB) (Free:151.98 GB) NTFS Drive d: (DATEN) (Fixed) (Total:465.76 GB) (Free:44.56 GB) NTFS Drive f: (PKBACK# 001) (Removable) (Total:3.69 GB) (Free:3.59 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7B749EEA) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: EC35DFA7) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 3.7 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ Code:
ATTFilter # AdwCleaner v4.203 - Bericht erstellt 11/05/2015 um 23:26:23 # Aktualisiert 30/04/2015 von Xplode # Datenbank : 2015-05-11.1 [Server] # Betriebssystem : Windows 7 Professional Service Pack 1 (x64) # Benutzername : Peter Maier - PC-8675764 # Gestarted von : D:\Internetdownload\AdwCleaner_4.203 (1).exe # Option : Suchlauf ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Geplante Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17728 -\\ Google Chrome v42.0.2311.135 ************************* AdwCleaner[R0].txt - [24001 Bytes] - [15/12/2013 16:33:25] AdwCleaner[R1].txt - [1017 Bytes] - [16/12/2013 16:21:34] AdwCleaner[R2].txt - [3928 Bytes] - [10/05/2015 08:29:10] AdwCleaner[R3].txt - [839 Bytes] - [11/05/2015 23:26:23] AdwCleaner[S0].txt - [21133 Bytes] - [15/12/2013 16:39:18] AdwCleaner[S1].txt - [1078 Bytes] - [16/12/2013 16:24:00] AdwCleaner[S2].txt - [3936 Bytes] - [10/05/2015 09:40:22] ########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1075 Bytes] ########## FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015 Ran by Peter Maier (administrator) on PC-8675764 on 12-05-2015 06:21:57 Running from D:\Internetdownload Loaded Profiles: Peter Maier (Available profiles: Peter Maier & Test & UpdatusUser) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe (Farbar) D:\Internetdownload\FRST64 (1).exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.) HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246304 2014-07-20] (Trend Micro Inc.) HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1266224 2014-07-20] (Trend Micro Inc.) HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3196272 2015-02-12] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation) HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-3683288306-3887556678-712919813-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation) HKU\S-1-5-21-3683288306-3887556678-712919813-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.) HKU\S-1-5-21-3683288306-3887556678-712919813-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.) HKU\S-1-5-21-3683288306-3887556678-712919813-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 Startup: C:\Users\Peter Maier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2015-05-11] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-03-11] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-03-11] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-03-11] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-11] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-11] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Peter Maier\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-11] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3683288306-3887556678-712919813-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3683288306-3887556678-712919813-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation) BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.) BHO: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll [2014-06-30] (Trend Micro Inc.) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll No File BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-03-10] (Microsoft Corporation) BHO: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe64.dll [2014-07-11] (Trend Micro Inc.) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-28] (Oracle Corporation) BHO-x32: TmIEPlugInBHO Class -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll [2014-06-30] (Trend Micro Inc.) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2012-11-04] (Logitech, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-03-10] (Microsoft Corporation) BHO-x32: TmBpIeBHO Class -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll [2014-07-11] (Trend Micro Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-28] (Oracle Corporation) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll No File Toolbar: HKLM - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.) Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll [2009-09-22] (TerraTec Electronic GmbH) Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-720720720720} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe64.dll [2014-07-11] (Trend Micro Inc.) Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\TmBpIe32.dll [2014-07-11] (Trend Micro Inc.) Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg.dll [2014-06-30] (Trend Micro Inc.) Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.5.1186\2.0.1039\TmopIEPlg32.dll [2014-06-30] (Trend Micro Inc.) Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.) Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.) Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2014-07-20] (Trend Micro Inc.) Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2014-07-20] (Trend Micro Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] () FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-06-23] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-03-14] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-03-14] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2011-04-07] FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2011-04-07] FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension [2015-03-10] FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-02-18] FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.0.1069\9.0.1069\firefoxextension FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension FF Extension: Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2015-03-10] FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2015-03-10] Chrome: ======= CHR HomePage: Profile 1 -> hxxp://www.google.com/ CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/", "hxxp://www.sweet-page.com/?type=hp&ts=1416343250&from=cor&uid=HitachiXHDT721050SLA360_STF3L7ME0V5G6K0V5G6KX" CHR Profile: C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-22] CHR Extension: (Google Docs) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-22] CHR Extension: (Google Drive) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-22] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-22] CHR Extension: (YouTube) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-22] CHR Extension: (Google Search) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-22] CHR Extension: (Logitech SetPoint) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2015-02-22] CHR Extension: (Google Sheets) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-22] CHR Extension: (Google Wallet) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-22] CHR Extension: (Gmail) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-22] CHR Profile: C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Slides) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-22] CHR Extension: (Google Drive) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-22] CHR Extension: (YouTube) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-22] CHR Extension: (Google Search) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-22] CHR Extension: (Logitech SetPoint) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2015-02-22] CHR Extension: (Google Sheets) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-22] CHR Extension: (iCloud Bookmarks) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-04-30] CHR Extension: (Wetter Europa) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gdjjeekgglojebicfpgmiaeaadnhfaol [2015-02-22] CHR Extension: (Bookmark Manager) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14] CHR Extension: (Google Wallet) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-22] CHR Extension: (Trend Micro Toolbar) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2015-03-10] CHR Extension: (Gmail) - C:\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-22] CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-02-18] CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-22] (Microsoft Corporation) S2 EWA net DB Core; C:\Program Files (x86)\EWA net\database\TransBase EWA\tbmux32.exe [417792 2008-04-04] (Transaction Software, D 81829 Munich) [File not signed] S2 EWA net DB EPC; C:\Program Files (x86)\EWA net\database\TransBase EPC\tbmux32.exe [417792 2007-11-27] (Transaction Software, D 81829 Munich) [File not signed] S2 EWA net DB WIS; C:\Program Files (x86)\EWA net\database\TransBase WIS\tbmux32.exe [417792 2008-04-04] (Transaction Software, D 81829 Munich) [File not signed] S2 EWA net Server; C:\Program Files (x86)\EWA net\server\bin\tomcat.exe [65536 2003-07-31] (Alexandria Software Consulting) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [64552 2014-08-14] (Haufe-Lexware GmbH & Co. KG) S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1187376 2014-07-20] (Trend Micro Inc.) R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-02-12] (Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [302968 2015-02-12] (Western Digital Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AVMCOWAN; C:\Windows\System32\DRIVERS\AVMCOWAN.sys [79872 2009-06-10] (AVM GmbH) S3 CSRBC; C:\Windows\System32\Drivers\rider64.sys [38400 2012-01-31] (CSR plc.) S3 FPCIBASE; C:\Windows\System32\DRIVERS\fpcibase.sys [899328 2009-06-10] (AVM Berlin) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [121944 2014-07-14] (Trend Micro Inc.) R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [305832 2014-07-14] (Trend Micro Inc.) R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [50976 2014-07-09] (Trend Micro Inc.) R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [106296 2014-07-09] (Trend Micro Inc.) R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [93664 2014-07-14] (Trend Micro Inc.) R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [407864 2014-07-09] (Trend Micro Inc.) R2 tmusa; C:\Windows\System32\DRIVERS\tmusa.sys [106296 2014-06-30] (Trend Micro Inc.) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed] S3 HWHandSet; system32\DRIVERS\hw_quusbmdm.sys [X] U2 TMAgent; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-12 06:20 - 2015-05-12 06:20 - 00000695 _____ () C:\Users\Peter Maier\Desktop\JRT.txt 2015-05-12 06:15 - 2015-05-12 06:14 - 00001154 _____ () C:\Users\Peter Maier\Desktop\AdwCleaner[R3].txt 2015-05-10 19:11 - 2015-05-12 06:18 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat 2015-05-10 19:10 - 2015-05-10 19:10 - 588081580 _____ () C:\Windows\MEMORY.DMP 2015-05-10 19:10 - 2015-05-10 19:10 - 00542712 _____ () C:\Windows\Minidump\051015-27843-01.dmp 2015-05-10 19:10 - 2015-05-10 19:10 - 00000000 ____D () C:\Windows\Minidump 2015-05-10 14:46 - 2015-05-10 14:46 - 00022417 _____ () C:\Users\Peter Maier\Desktop\Gmer.txt 2015-05-10 12:38 - 2015-05-10 12:38 - 00000000 ____D () C:\LJP1100_P1560_P1600_SI_Utility 2015-05-10 10:32 - 2015-05-10 10:32 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PC-8675764-Windows-7-Professional-(64-bit).dat 2015-05-10 10:32 - 2015-05-10 10:32 - 00000000 ____D () C:\RegBackup 2015-05-10 00:41 - 2015-05-10 00:41 - 00000000 ____D () C:\Users\Peter Maier\AppData\Roaming\VSRevoGroup 2015-05-10 00:32 - 2015-05-10 00:32 - 00001270 _____ () C:\Users\Peter Maier\Desktop\Revo Uninstaller.lnk 2015-05-10 00:32 - 2015-05-10 00:32 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-05-09 20:20 - 2015-05-12 06:21 - 00000000 ____D () C:\FRST 2015-05-08 13:33 - 2015-05-08 13:33 - 00000000 ____D () C:\Program Files\HP 2015-05-08 13:33 - 2012-09-27 07:25 - 00056832 ____R () C:\Windows\system32\HP1100SMs.dll 2015-05-08 13:33 - 2012-09-27 07:25 - 00020480 ____R (Marvell Semiconductor, Inc.) C:\Windows\system32\Drivers\mvusbews.sys 2015-05-08 13:33 - 2012-08-31 15:10 - 00350720 _____ () C:\Windows\system32\mvhlewsi.DLL 2015-05-08 13:33 - 2012-08-31 15:03 - 01696256 _____ () C:\Windows\system32\HP1100SM.EXE 2015-05-08 13:33 - 2012-08-31 15:03 - 00288768 _____ () C:\Windows\system32\HP1100LM.DLL 2015-05-08 13:17 - 2015-05-08 13:17 - 00000000 ____D () C:\Program Files (x86)\Hp 2015-05-07 18:04 - 2015-05-07 18:04 - 00000000 ____D () C:\Windows\System32\Tasks\Western Digital 2015-05-07 17:57 - 2015-05-07 17:57 - 00000874 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Angry IP Scanner.lnk 2015-05-07 17:57 - 2015-05-07 17:57 - 00000000 ____D () C:\Program Files\Angry IP Scanner 2015-05-07 17:54 - 2015-05-07 17:54 - 00000000 ____D () C:\Users\Peter Maier\AppData\Local\Western_Digital_Technolog 2015-05-07 17:50 - 2015-05-07 17:50 - 00000000 ____D () C:\ProgramData\Western Digital 2015-05-07 17:50 - 2015-05-07 17:50 - 00000000 ____D () C:\Program Files\Western Digital 2015-05-07 17:50 - 2015-05-07 17:50 - 00000000 ____D () C:\Program Files\Common Files\Western Digital 2015-04-15 03:14 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-04-15 03:14 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-04-15 03:14 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-04-15 03:14 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-04-15 03:14 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-04-15 03:14 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-04-15 03:14 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-04-15 03:14 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-04-15 03:14 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-04-15 03:14 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-04-15 03:14 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-04-15 03:14 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-04-15 03:14 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-04-15 03:14 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-04-15 03:14 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-04-15 03:14 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-04-15 03:14 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-04-15 03:14 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-04-15 03:14 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-04-15 03:14 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-04-15 03:14 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-04-15 03:14 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-04-15 03:14 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-04-15 03:14 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-04-15 03:14 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-04-15 03:14 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-04-15 03:14 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-04-15 03:14 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-04-15 03:14 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-04-15 03:14 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-04-15 03:14 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-04-15 03:14 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-04-15 03:14 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-04-15 03:14 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-04-15 03:14 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-04-15 03:14 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-04-15 03:14 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-04-15 03:14 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-04-15 03:14 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-04-15 03:14 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-04-15 03:14 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-04-15 03:14 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-04-15 03:14 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-04-15 03:14 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-04-15 03:14 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-04-15 03:14 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-04-15 03:14 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-04-15 03:14 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-04-15 03:14 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-04-15 03:14 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-04-15 03:14 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-04-15 03:14 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-04-15 03:14 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-04-15 03:14 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2015-04-15 03:14 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-04-15 03:14 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-04-15 03:13 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-04-15 03:13 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-04-15 03:13 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-04-15 03:13 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-04-15 03:13 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-04-15 03:13 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-04-15 03:13 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-04-15 03:13 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-04-15 03:13 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-04-15 03:13 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-04-15 03:13 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-04-15 03:13 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-04-15 03:13 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-04-15 03:13 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-04-15 03:13 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-04-15 03:13 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-04-15 03:13 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-04-15 03:13 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-04-15 03:13 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-04-15 03:13 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-04-15 03:13 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-04-15 03:13 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-04-15 03:13 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-04-15 03:13 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-04-15 03:13 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-04-15 03:13 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-04-15 03:13 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-04-15 03:13 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-04-15 03:13 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-04-15 03:13 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-04-15 03:13 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-04-15 03:13 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-04-15 03:13 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-04-15 03:13 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-04-15 03:13 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-04-15 03:13 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-04-15 03:13 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-04-15 03:13 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-04-15 03:13 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-04-15 03:13 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-04-15 03:13 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-04-15 03:13 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-04-15 03:13 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-04-15 03:13 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-04-15 03:13 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-04-15 03:13 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-04-15 03:13 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-04-15 03:13 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-04-15 03:13 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-04-15 03:13 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-04-15 03:13 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-04-15 03:13 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-04-15 03:13 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-04-15 03:13 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-04-15 03:13 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-04-15 03:13 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-04-15 03:13 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-04-15 03:13 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-04-15 03:13 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-04-15 03:13 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-04-15 03:13 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-04-15 03:13 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-04-15 03:13 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-04-15 03:13 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-04-15 03:13 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-04-15 03:13 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-04-15 03:13 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-04-15 03:13 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-04-15 03:13 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-04-15 03:13 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-04-15 03:13 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-04-15 03:13 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-04-15 03:13 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-04-15 03:13 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-04-15 03:13 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-04-15 03:13 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-04-15 03:13 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-04-15 03:13 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-04-15 03:13 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-04-15 03:13 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-04-15 03:13 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-04-15 03:13 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-04-15 03:13 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-04-15 03:13 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-04-15 03:13 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-04-15 03:13 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-04-15 03:13 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-04-15 03:13 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2015-04-15 03:13 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll 2015-04-15 03:13 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll 2015-04-15 03:13 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-12 06:15 - 2013-12-15 16:33 - 00000000 ____D () C:\AdwCleaner 2015-05-12 06:00 - 2013-12-10 12:48 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-05-12 05:26 - 2012-04-09 10:13 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-11 15:04 - 2014-10-06 13:36 - 00005168 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for PC-8675764-Peter Maier PC-8675764 2015-05-11 12:00 - 2013-12-10 12:48 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-05-11 10:14 - 2009-07-14 06:51 - 00236232 _____ () C:\Windows\setupact.log 2015-05-11 10:00 - 2009-07-14 19:58 - 00716356 _____ () C:\Windows\system32\perfh007.dat 2015-05-11 10:00 - 2009-07-14 19:58 - 00155096 _____ () C:\Windows\system32\perfc007.dat 2015-05-11 10:00 - 2009-07-14 07:13 - 01660476 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-11 09:44 - 2015-02-07 08:13 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-10 22:10 - 2009-12-02 14:53 - 01492930 _____ () C:\Windows\WindowsUpdate.log 2015-05-10 19:19 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-10 19:19 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-10 19:10 - 2012-02-21 18:01 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-05-10 19:10 - 2009-12-02 18:42 - 00534208 _____ () C:\Windows\PFRO.log 2015-05-10 19:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-10 17:24 - 2014-12-08 21:51 - 00007627 _____ () C:\Users\Peter Maier\AppData\Local\Resmon.ResmonCfg 2015-05-10 14:55 - 2013-11-26 17:09 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-05-10 12:33 - 2014-04-08 11:24 - 00000000 ____D () C:\Users\Peter Maier\AppData\Roaming\DVDVideoSoft 2015-05-10 07:30 - 2009-12-16 23:37 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{76264225-A4E2-48C4-AA99-AAB4CC01A17C} 2015-05-10 06:20 - 2009-07-14 06:45 - 00670992 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-05-10 06:03 - 2009-12-02 16:09 - 00199664 _____ () C:\Users\Peter Maier\AppData\Local\GDIPFONTCACHEV1.DAT 2015-05-08 10:20 - 2015-02-07 08:35 - 00000794 _____ () C:\Users\Peter Maier\Documents\psr6.lic 2015-05-07 18:03 - 2014-07-09 07:58 - 00000000 ____D () C:\Users\Peter Maier\AppData\Local\Western Digital 2015-05-07 17:51 - 2014-08-18 16:21 - 00032842 _____ () C:\Windows\DPINST.LOG 2015-05-07 17:50 - 2014-11-10 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital 2015-05-07 17:50 - 2014-11-10 19:23 - 00000000 ____D () C:\Program Files (x86)\Western Digital 2015-05-07 17:49 - 2014-01-24 13:02 - 00000000 ____D () C:\ProgramData\Package Cache 2015-05-07 11:26 - 2011-04-07 16:51 - 00000000 ____D () C:\ProgramData\SFirm 2015-05-07 11:23 - 2011-04-07 16:51 - 00000000 ____D () C:\Program Files (x86)\SFirm 2015-05-07 11:15 - 2011-05-02 17:40 - 00000000 ____D () C:\ProgramData\SFirm_Datensicherungen 2015-05-05 04:26 - 2014-06-23 12:48 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2015-05-01 02:02 - 2014-01-30 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2015-04-30 21:04 - 2015-02-22 11:29 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-04-26 03:56 - 2015-02-07 08:13 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-04-26 03:56 - 2015-02-07 08:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-04-26 03:56 - 2015-02-07 08:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-04-22 10:47 - 2014-06-07 09:21 - 00000000 ____D () C:\Users\Peter Maier\AppData\Roaming\Tyre 2015-04-17 00:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat 2015-04-16 04:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2015-04-16 03:44 - 2014-12-11 11:51 - 00000000 ____D () C:\Windows\system32\appraiser 2015-04-16 03:44 - 2014-04-30 18:05 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-04-16 03:23 - 2009-12-13 11:28 - 01637564 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-04-16 03:20 - 2013-08-17 03:02 - 00000000 ____D () C:\Windows\system32\MRT 2015-04-16 03:06 - 2009-12-02 15:07 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-04-14 21:57 - 2012-04-09 10:13 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-04-14 21:57 - 2012-04-09 10:13 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-04-14 21:57 - 2011-06-05 08:26 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-04-14 09:37 - 2015-02-07 08:13 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-04-14 09:37 - 2015-02-07 08:13 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-04-14 09:37 - 2015-02-07 08:13 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys ==================== Files in the root of some directories ======= 2013-12-08 15:09 - 2013-12-15 16:45 - 0000055 _____ () C:\Users\Peter Maier\AppData\Roaming\mbam.context.scan 2010-04-24 22:50 - 2012-12-06 12:46 - 0009728 _____ () C:\Users\Peter Maier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-03-10 12:39 - 2015-03-10 12:39 - 0000036 _____ () C:\Users\Peter Maier\AppData\Local\housecall.guid.cache 2014-12-08 21:51 - 2015-05-10 17:24 - 0007627 _____ () C:\Users\Peter Maier\AppData\Local\Resmon.ResmonCfg Files to move or delete: ==================== C:\Users\Peter Maier\WDMyCloud_win.exe C:\Users\Public\TTi_50_MR_2012_TIS.exe Some content of TEMP: ==================== C:\Users\Test\AppData\Local\Temp\lpuninstall.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-04 00:25 ==================== End Of Log ============================ --- --- --- |
12.05.2015, 15:47 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bei HP Druckertreiberinstallation öffnet Free youtube Downloader Log von JRT fehlt...
__________________ Logfiles bitte immer in CODE-Tags posten |
12.05.2015, 17:42 | #9 |
| Bei HP Druckertreiberinstallation öffnet Free youtube Downloader Sooory! Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.7.0 (05.09.2015:1) OS: Windows 7 Professional x64 Ran by Peter Maier on 12.05.2015 at 18:36:31,89 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] C:\Windows\prefetch\TOOLBARNATIVEMSGHOST.EXE-ACB9C73B.pf ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 12.05.2015 at 18:40:06,00 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
12.05.2015, 17:45 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bei HP Druckertreiberinstallation öffnet Free youtube Downloader Hast du JRT nur heute ausgeführt oder auch schon gestern?
__________________ Logfiles bitte immer in CODE-Tags posten |
13.05.2015, 06:57 | #11 |
| Bei HP Druckertreiberinstallation öffnet Free youtube Downloader Hatte ich gestern auch schon ausgeführt, habe es aber nochmal laufenlassen um eine aktuelle log zu haben war das falsch? |
13.05.2015, 12:47 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bei HP Druckertreiberinstallation öffnet Free youtube Downloader Wollte eigentlich das vorherige Log haben um zu sehen, was JRT noch entfernt hat nach MBAM und adwCleaner. FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter CHR StartupUrls: Profile 1 -> "http://www.google.com/", "http://www.sweet-page.com/?type=hp&ts=1416343250&from=cor&uid=HitachiXHDT721050SLA360_STF3L7ME0V5G6K0V5G6KX" C:\Users\Peter Maier\WDMyCloud_win.exe C:\Users\Public\TTi_50_MR_2012_TIS.exe Task: {210060A9-94F8-49E3-A158-06F13A329C72} - \Plus-HD-4.9-updater No Task File <==== ATTENTION Task: {5E3CF71A-C53A-4684-AECB-37B397729559} - \Plus-HD-4.9-enabler No Task File <==== ATTENTION Task: {7E6267C2-8577-4FB9-9750-13B6417B7ECE} - \Plus-HD-4.9-codedownloader No Task File <==== ATTENTION Task: {952A9410-4AD0-43BC-BCCF-092E41E42332} - \Plus-HD-4.9-chromeinstaller No Task File <==== ATTENTION EmptyTemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
13.05.2015, 16:41 | #13 |
| Bei HP Druckertreiberinstallation öffnet Free youtube Downloader Hallo, erledigt anbei fixlog.txt. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-05-2015 Ran by Peter Maier at 2015-05-13 17:27:32 Run:1 Running from D:\Internetdownload Loaded Profiles: Peter Maier (Available profiles: Peter Maier & Test & UpdatusUser) Boot Mode: Normal ============================================== Content of fixlist: ***************** CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/", "hxxp://www.sweet-page.com/?type=hp&ts=1416343250&from=cor&uid=HitachiXHDT721050SLA360_STF3L7ME0V5G6K0V5G6KX" C:\Users\Peter Maier\WDMyCloud_win.exe C:\Users\Public\TTi_50_MR_2012_TIS.exe Task: {210060A9-94F8-49E3-A158-06F13A329C72} - \Plus-HD-4.9-updater No Task File <==== ATTENTION Task: {5E3CF71A-C53A-4684-AECB-37B397729559} - \Plus-HD-4.9-enabler No Task File <==== ATTENTION Task: {7E6267C2-8577-4FB9-9750-13B6417B7ECE} - \Plus-HD-4.9-codedownloader No Task File <==== ATTENTION Task: {952A9410-4AD0-43BC-BCCF-092E41E42332} - \Plus-HD-4.9-chromeinstaller No Task File <==== ATTENTION EmptyTemp: ***************** Chrome StartupUrls deleted successfully. C:\Users\Peter Maier\WDMyCloud_win.exe => Moved successfully. C:\Users\Public\TTi_50_MR_2012_TIS.exe => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{210060A9-94F8-49E3-A158-06F13A329C72}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{210060A9-94F8-49E3-A158-06F13A329C72}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-4.9-updater" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5E3CF71A-C53A-4684-AECB-37B397729559}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E3CF71A-C53A-4684-AECB-37B397729559}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-4.9-enabler" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7E6267C2-8577-4FB9-9750-13B6417B7ECE}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E6267C2-8577-4FB9-9750-13B6417B7ECE}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-4.9-codedownloader" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{952A9410-4AD0-43BC-BCCF-092E41E42332}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{952A9410-4AD0-43BC-BCCF-092E41E42332}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-4.9-chromeinstaller" => Key deleted successfully. EmptyTemp: => Removed 3.5 GB temporary data. The system needed a reboot. ==== End of Fixlog 17:29:04 ==== |
13.05.2015, 16:45 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bei HP Druckertreiberinstallation öffnet Free youtube Downloader Okay, dann Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
14.05.2015, 06:15 | #15 |
| Bei HP Druckertreiberinstallation öffnet Free youtube Downloader Soweit alles erledigt Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=655c696be3811947b374f7688c7a9e6b # engine=23831 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-05-13 11:36:02 # local_time=2015-05-14 01:36:02 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Trend Micro Internet Security' # compatibility_mode=528 16777213 100 100 3848084 25677067 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 5579699 183190012 0 0 # scanned=416050 # found=63 # cleaned=0 # scan_time=23984 sh=096EE9069526CD95FE0F33E0348DB0E9561203AA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-4.9\45918.crx.vir" sh=9750DE47F1625093F8F174DD77D81FF593345DB5 ft=1 fh=ecc21214262917d4 vn="Variante von Win32/Toolbar.CrossRider.V evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-bho.dll.vir" sh=607789E75C770D9802C0118711417F5CF8105132 ft=1 fh=786c221dce6028de vn="Variante von Win64/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-bho64.dll.vir" sh=F869C1DD538108888ABB656CE21D31392FCC0E6A ft=1 fh=e90efe246ad865b8 vn="Variante von Win32/Toolbar.CrossRider.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-buttonutil.dll.vir" sh=F1B0B72CF88E03907112BFC5F97E103B419D3A67 ft=1 fh=51639bd2095bd078 vn="Variante von Win64/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-buttonutil64.dll.vir" sh=5211536332FB1A794459C27BF264137E1FA480A9 ft=1 fh=8bd759ad1fa3e1b4 vn="Variante von Win64/Toolbar.Crossrider.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-buttonutil64.exe.vir" sh=373019CD1B9E2D823F346F6B1F6653AE3CCA2C75 ft=1 fh=4b34d707a162b3c7 vn="Variante von Win32/Toolbar.CrossRider.T evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-codedownloader.exe.vir" sh=DCBE16BF8761B8743CD6540F10B891CD1E4701A6 ft=1 fh=b8554ff3d07eb933 vn="Variante von Win32/Toolbar.CrossRider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-enabler.exe.vir" sh=BE3F8652CEAB1CC5880AB636DE921AE8E02CF4A1 ft=1 fh=6efdfd2f07e310ba vn="Variante von Win32/Toolbar.CrossRider.BQ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-helper.exe.vir" sh=BA3C80701F3A72647887833464C5C3CEA3E24296 ft=1 fh=33e4b997af5403af vn="Variante von Win32/Toolbar.CrossRider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-updater.exe.vir" sh=7B5D470F1F6DD7AF8EBD5EB2632577CEDF1BEBE1 ft=1 fh=f657a54956f4f8ee vn="Win32/Packed.VMDetector.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-4.9\utils.exe.vir" sh=B5ED1E639B7D9AD3C0F3C81E5AA2E9F88DDFEB65 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\102_dealply_m.js.vir" sh=FC28D62EDB6C0C353E97185BB4B6DC87F5EDED14 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\103_intext_5_m.js.vir" sh=1AA56806D2545B3773D7C5CCEAE82353BDBB575F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\104_jollywallet_m.js.vir" sh=0B21E41A47E579081215969619861996F43524B1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\105_corticas_m.js.vir" sh=30AFCC1D03C04E68202593C239C4964A29BA2E15 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\108_icm_m.js.vir" sh=7F7359D9F0900191297BFDF5B85D5CDF588CD9EA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir" sh=FE3704EEF2BFB9DCA552518E7AEC9D6AFC1ED15C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\119_similar_web_m.js.vir" sh=1A9BCED07CCAC5AABE7F80BB199360D125E6F268 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\120_luck_m.js.vir" sh=0CE44D7F4F3469C96749E6220CA51CB96B0CFA1F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\123_intext_adv_m.js.vir" sh=B0DF9F21E3E69C188775A6F9C466B19932C9238A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir" sh=D295E3F253D0942BD3114F61DEF5D78DD0FC5BFB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\125_arcadi2_m.js.vir" sh=3CFE90E3825BB08EB9B4222552FAC05360188207 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\126_revizer_ws_m.js.vir" sh=031F6CD140ED363E0F137E627AE1FE4DED5714E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\127_revizer_p_m.js.vir" sh=28ECD06AF56EB424F74BB63563BC79E57C15C2D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\128_superfish_pricora_m.js.vir" sh=BB2946641B9FEB2F76D281220A52220336E454E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\135_arcadi3_m.js.vir" sh=8BD506BDCB470B73FE581B4DA1769AD9FBCAF0D8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\138_getdeal_m.js.vir" sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\141_corticas_ru_m.js.js.vir" sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\142_intext_fa_m.js.vir" sh=943F60E8E3F306CF4EE6E844D06FAC7552EE1856 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\155_ibario_pops_m.js.vir" sh=0CEB1A073B87956FD1F21F8425B8F76015B1BCD8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir" sh=441E98540BDEC21B7E534C2B317AE91925F6CEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\159_cortica_rollover_m.js.vir" sh=C8B01A1511A63AEC3D40B1D045034D76B1E85EFD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\171_arcadi2_sourceID_m.js.vir" sh=078C314715CCC0DE7547172AD4B810FD754115C6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir" sh=E2AAC0A6807AABEFDD15388FE0DF40EDD826084E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\175_coolmirage_m.js.vir" sh=CFFCA6A4EE3A0DF2319440491BB297ADEC6EEF37 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir" sh=ADB54DE323736C99B4191A45B478B70DF1B7B945 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\179_revizer_p_dynamic_m.js.vir" sh=73374EAD120BC84FC9C0C827196BCAEB3C20EEB6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\180_bpo_serp_m.js.vir" sh=63D3217BF16BFB37091DD90C82E573D8CA13F08E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\1_base.js.vir" sh=5902FC10054355A5B8B9CC41620445BAA0F1D0AB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\21_debug.js.vir" sh=57F2136CD86B69E88017E3346CF16BE0C2A51A2B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\28_initializer.js.vir" sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir" sh=CCE2C38E8E351E54EF7624D60D5C8E8943A8C1D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Peter Maier\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.25.6_0\js\lib\crossriderAPI.js.vir" sh=609F2D4B1AE5C7177C44CCAF9309EFD16FC9E42D ft=1 fh=8551c46845849e5f vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PQPBSUSER\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\TbHelper2.exe.vir" sh=22B1B0EAFDBB1229336F9D8187F9905A5DDEDF89 ft=1 fh=406c1e66a46fc082 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PQPBSUSER\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\uninstall.exe.vir" sh=88CA2B9C5E587306B08CF6EA239CA72775495695 ft=1 fh=b15f3040528a74fd vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\PQPBSUSER\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\update.exe.vir" sh=609F2D4B1AE5C7177C44CCAF9309EFD16FC9E42D ft=1 fh=8551c46845849e5f vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\TbHelper2.exe" sh=22B1B0EAFDBB1229336F9D8187F9905A5DDEDF89 ft=1 fh=406c1e66a46fc082 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\uninstall.exe" sh=88CA2B9C5E587306B08CF6EA239CA72775495695 ft=1 fh=b15f3040528a74fd vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\update.exe" sh=609F2D4B1AE5C7177C44CCAF9309EFD16FC9E42D ft=1 fh=8551c46845849e5f vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\TbHelper2.exe" sh=22B1B0EAFDBB1229336F9D8187F9905A5DDEDF89 ft=1 fh=406c1e66a46fc082 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\uninstall.exe" sh=88CA2B9C5E587306B08CF6EA239CA72775495695 ft=1 fh=b15f3040528a74fd vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Toolbar4\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\update.exe" sh=CE66289B73116BB3A9EC074696A654A68389FD35 ft=1 fh=e9397ac68c2f876e vn="Win32/Solvusoft.A evtl. unerwünschte Anwendung" ac=I fn="D:\Internetdownload\Setup_DriverDoc_2015.exe" sh=6F463BFFDC4C8481CB1618053B5158A56827C059 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="D:\PC-8675764\Backup Set 2014-08-24 120002\Backup Files 2014-08-24 120002\Backup files 12.zip" sh=0FECD529C5A8AB969C0F703704D5948FF5DDDD2D ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\PC-8675764\Backup Set 2014-08-24 120002\Backup Files 2014-08-24 120002\Backup files 19.zip" sh=0D334D9FB884E6ED70C2B8F3ABB7ADDD0F557F56 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="D:\PC-8675764\Backup Set 2014-10-05 120002\Backup Files 2014-10-05 120002\Backup files 12.zip" sh=F8C5E364DE518A6646A19299C87144C3D8B7FE5F ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\PC-8675764\Backup Set 2014-10-05 120002\Backup Files 2014-10-05 120002\Backup files 19.zip" sh=CF7E97023AF85F911018860268FD1030EE325111 ft=0 fh=0000000000000000 vn="Variante von Win32/ELEX.CP evtl. unerwünschte Anwendung" ac=I fn="D:\PC-8675764\Backup Set 2014-11-23 120002\Backup Files 2014-11-23 120002\Backup files 10.zip" sh=5FD2D0760EDCEA4DE9982793C1881AF160EA4C02 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="D:\PC-8675764\Backup Set 2014-11-23 120002\Backup Files 2014-11-23 120002\Backup files 13.zip" sh=91B035DFF41A542C69724FE31DE7D3E177CFBF7F ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\PC-8675764\Backup Set 2014-11-23 120002\Backup Files 2014-11-23 120002\Backup files 20.zip" sh=B404995E76CCF0EF62A57F9C412434C00A2296B9 ft=0 fh=0000000000000000 vn="Variante von Win32/ELEX.CP evtl. unerwünschte Anwendung" ac=I fn="D:\PC-8675764\Backup Set 2015-01-04 120003\Backup Files 2015-01-04 120003\Backup files 10.zip" sh=97E2A00B6C5E63770B478C329BF2C242C6198F04 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="D:\PC-8675764\Backup Set 2015-01-04 120003\Backup Files 2015-01-04 120003\Backup files 13.zip" sh=24740097A0571CFB65F059D50523014BEBB4AB78 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\PC-8675764\Backup Set 2015-01-04 120003\Backup Files 2015-01-04 120003\Backup files 20.zip" |
Themen zu Bei HP Druckertreiberinstallation öffnet Free youtube Downloader |
adware, bonjour, browser, defender, desktop, downloader, explorer, flash player, free youtube downloader, google, helper, home, homepage, hp druckertreiber, iexplore.exe, monitor, mozilla, office 365, onedrive, problem, realtek, refresh, registry, security, sekunden, server, system, temp, udp, windows |