|
Plagegeister aller Art und deren Bekämpfung: Bin mir nicht sicher, hab mich am Telefon reinlegen lassen, angeblich vom MS- Support, und habe diesen per teamwiever auf meinem PC gelassenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.06.2015, 22:35 | #1 |
| Bin mir nicht sicher, hab mich am Telefon reinlegen lassen, angeblich vom MS- Support, und habe diesen per teamwiever auf meinem PC gelassen Hallo zusammen, bin neu hier und habe mich am 02.06.2015, von einem angeblichen Microsoft- Helpdesk- Mitarbeiter (aus den USA) belabern lassen, dass mein PC gecrackt worden sei. Er hat mich in einen Bereich geführt, wo Microsoft diverse Fehler/Warnungen und Meldungen hinterlegt... Daraufhin habe ich den Mist geglaubt und habe ihn per Team Viewer auf meinem Rechner gelassen, danach hatte ich 3 mal einen schwarzen Bildschirm für ca. 1 Minute, nachdem bot er mir ein Reinigungsprogramm an der angeblich nur 15€ kosten sollte... Habe mich damit einverstanden begeben, wie er dann zwecks Bezahlung meine Kreditkartennummer haben wollte, hatte ich es geschnallt, -leider eventuell zu spät!?- Habe dann das Gespräch beendet und wollte den Rechner herunter fahren, daraufhin hat er den Rechner ausgeschaltet und ein Passwort eingegeben. Nach eine Weile habe ich versucht den Rechner zu starten, kannte aber das Passwort nicht, habe den Rechner im abgesicherten Modus dann doch gestartet und einen vorherigen Wiederherstellungspunk gewählt, habe dann einen Virusscan drüber laufen lassen (ESET- Smart Security), seit dem läuft der Rechner, weiß aber nicht was der mir eventuell da drauf gespielt hat. Habe jetzt meine W-Lan- Fritzbox neu konfiguriert, sämtliche Passwörter geändert und meine Kreditkarte sperren lassen (von einem anderen Rechner natürlich). Hatte mich dann mit Microsoft Deutschland unterhalten, die sagen dass ich den Rechner platt machen soll und ein neues Betriebssystem drauf spielen soll... Was sagt Ihr dazu??? Für eine hilfreiche Unterstützung wäre ich sehr Dankbar. Ich weiß, Dummheit gehört bestraft, hätte nie gedacht dass ich auf sowas reinfallen würde, aber die Jungs waren sehr überzeugend, gut und schnell. Danke vorab nochmals und herzliche Grüße. F.R. |
04.06.2015, 23:01 | #2 |
| Bin mir nicht sicher, hab mich am Telefon reinlegen lassen, angeblich vom MS- Support, und habe diesen per teamwiever auf meinem PC gelassen Hallo FelResci und ,
__________________ich rate dir, zunächst hier einen neuen Thread zu eröffnen und deinen Rechner von Fachleuten checken zu lassen: Dort kann man dir nach einer Überprüfung auch genau sagen, ob eine Neuinstallation wirklich nötig ist.... Liebe Grüße, Alois Post © Alois 2015 – Alle Rechte vorbehalten – kein Teil darf in irgendeiner Form ohne schriftliche Genehmigung des Autors kritisiert werden!
__________________ Geändert von deeprybka (05.06.2015 um 18:04 Uhr) Grund: Link für neues Thema entfernt. |
05.06.2015, 10:26 | #3 |
| Bin mir nicht sicher, hab mich am Telefon reinlegen lassen, angeblich vom MS- Support, und habe diesen per teamwiever auf meinem PC gelassen Wer weiß welche Systemeinstellungen und Programme (Viren) er verändert hat, wahrscheinlich hat er noch immer die Kontrolle über deinen Rechner.
__________________Eine Neuinstallation wäre die sicherste Lösung, aber du kannst den Rechner natürlich vorher analysieren lassen. |
05.06.2015, 17:34 | #4 |
| Bin mir nicht sicher, hab mich am Telefon reinlegen lassen, angeblich vom MS- Support, und habe diesen per teamwiever auf meinem PC gelassen Hallo, habt erstmal vielen Dank für Eure Antworten, werde mich nochmals darum kümmern und ggf. in den sauren Apfel beißen und neues Betriebssystem aufspielen lassen, allerdings weiß ich nicht wo er was installiert hat, vielleicht habe ich beim sichern der Dateien evtl. immer noch was drauf? Herzliche Grüße und Danke! |
05.06.2015, 17:37 | #5 |
| Bin mir nicht sicher, hab mich am Telefon reinlegen lassen, angeblich vom MS- Support, und habe diesen per teamwiever auf meinem PC gelassen Brauchst dir keine Sorgen machen, wenn er was installiert hat dann exe Dateien, ausführbare Dateien sollte man beim Neuinstallieren sowieso nicht sichern, also hast du nach einer Neuinstallation ein sauberes System wieder. |
05.06.2015, 17:50 | #6 |
| Bin mir nicht sicher, hab mich am Telefon reinlegen lassen, angeblich vom MS- Support, und habe diesen per teamwiever auf meinem PC gelassen Hi, wie schon erwähnt, eröffne hier bitte ein neues Thema und lass deine Kiste prüfen - dann weißt du auch, was installiert wurde: Liebe Grüße, Alois
__________________ --> Bin mir nicht sicher, hab mich am Telefon reinlegen lassen, angeblich vom MS- Support, und habe diesen per teamwiever auf meinem PC gelassen Geändert von deeprybka (05.06.2015 um 18:02 Uhr) Grund: Wurde nach Plagegeister verschoben. |
05.06.2015, 18:01 | #7 |
/// TB-Ausbilder /// Anleitungs-Guru | Bin mir nicht sicher, hab mich am Telefon reinlegen lassen, angeblich vom MS- Support, und habe diesen per teamwiever auf meinem PC gelassen @Fel Resci Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
Hinweis: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst. Los geht's: Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff Posten in CODE-Tags: So gehts... Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
07.06.2015, 11:02 | #8 |
| Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das... Guten Morgen Jürgen, ich bin froh dass Du dich meiner annimmst, mein Name ist Felix! Komme leider aus zeitlichen Gründen heute erst dazu, den Scan und die restlichen Schritte, die Du mir vorgeschlagen hast zu machen... Trotzdem vorab erstmal herzlichen Dank! Liebe Grüße: FeliResci FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-06-2015 Ran by User (administrator) on ACERFELIX on 07-06-2015 11:49:57 Running from C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO1O03C5 Loaded Profiles: User (Available Profiles: User & oghbmuaf) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Sage Software GmbH) C:\Sage\Handwerk\BLServer520.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\ENAgent.exe (SafeNet Inc.) C:\Windows\System32\hasplms.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files\MSSQL\MSSQL10_50.SAGEHW2008\MSSQL\Binn\sqlservr.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sage Software) C:\Program Files (x86)\Common Files\Sage Software Shared\Deploymentservice.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Microsoft Corporation) C:\Windows\System32\FXSSVC.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Google Inc.) C:\Users\User\AppData\Local\Google\Update\1.3.27.5\GoogleCrashHandler.exe (Google Inc.) C:\Users\User\AppData\Local\Google\Update\1.3.27.5\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_ActiveX.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-01-28] (ESET) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-09] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2725400 2015-02-05] (Sony Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKU\S-1-5-21-3693212948-2018620535-2171421930-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.) HKU\S-1-5-21-3693212948-2018620535-2171421930-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-3693212948-2018620535-2171421930-1000\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-06-02] (Google Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-08-21] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3693212948-2018620535-2171421930-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://ixquick.com/ HKU\S-1-5-21-3693212948-2018620535-2171421930-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp SearchScopes: HKU\S-1-5-21-3693212948-2018620535-2171421930-1000 -> DefaultScope {BCB840CA-D992-4909-9CCD-A9C484E4D56F} URL = https://startpage.com/do/search?query={searchTerms}&cat=web&pl=ie&language=deutsch SearchScopes: HKU\S-1-5-21-3693212948-2018620535-2171421930-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3693212948-2018620535-2171421930-1000 -> {33F34F3F-6D52-41F4-9299-C39EA22AC80B} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3693212948-2018620535-2171421930-1000 -> {A0668EF3-1E17-45E0-8983-6BE3962258E1} URL = hxxp://startpage.com/do/search?query={searchTerms}&nossl=1&cat=web&pl=ie&language=deutsch SearchScopes: HKU\S-1-5-21-3693212948-2018620535-2171421930-1000 -> {BCB840CA-D992-4909-9CCD-A9C484E4D56F} URL = https://startpage.com/do/search?query={searchTerms}&cat=web&pl=ie&language=deutsch BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.) BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.) Toolbar: HKLM - Ixquick Toolbar - {71A784C1-33A1-44F8-9159-76CDFF2397DB} - C:\Program Files\IxquickToolbar\IxquickToolbar-2.0.5.dll [2014-06-13] (Ixquick.com) Toolbar: HKLM-x32 - Ixquick Toolbar - {71A784C1-33A1-44F8-9159-76CDFF2397DB} - C:\Program Files\IxquickToolbar\x86\IxquickToolbar-2.0.5.dll [2014-06-13] (Ixquick.com) Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION) Toolbar: HKU\S-1-5-21-3693212948-2018620535-2171421930-1000 -> Ixquick Toolbar - {71A784C1-33A1-44F8-9159-76CDFF2397DB} - C:\Program Files\IxquickToolbar\IxquickToolbar-2.0.5.dll [2014-06-13] (Ixquick.com) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) Handler: WSWSVCUchrome - No CLSID Value Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @innoplus.de/ino3DViewer -> C:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll [2014-05-14] (INNOVA-engineering GmbH Dresden) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3693212948-2018620535-2171421930-1000: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-02] (Google Inc.) FF Plugin HKU\S-1-5-21-3693212948-2018620535-2171421930-1000: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-02] (Google Inc.) FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-08-21] FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-05-26] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF HKU\S-1-5-21-3693212948-2018620535-2171421930-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-02] CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-02] CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-02] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-02] CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-02] CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-02] CHR Extension: (Bookmark Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-06-02] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-02] CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-02] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-02] StartMenuInternet: Google Chrome.LPLJU6LRAXXTZEECTHJ3C43E7I - C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.) R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173248 2014-11-26] (Microsoft Corp.) R2 BLServerService520; C:\Sage\Handwerk\BLServer520.exe [559616 2013-09-16] (Sage Software GmbH) [File not signed] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2015-01-28] (ESET) R2 ENAgent; C:\Windows\SysWOW64\ENAgent.exe [4209856 2012-07-05] (SEIKO EPSON CORPORATION) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) R2 hasplms; C:\Windows\system32\hasplms.exe [4683144 2014-04-29] (SafeNet Inc.) R2 HPSLPSVC; C:\Users\User\AppData\Local\Temp\7zS3FB1\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed] R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed] R2 MSSQL$SAGEHW2008; C:\Program Files\MSSQL\MSSQL10_50.SAGEHW2008\MSSQL\Binn\sqlservr.exe [62379184 2014-07-10] (Microsoft Corporation) R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [487960 2015-02-05] (Sony Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 SageDeploymentService; C:\Program Files (x86)\Common Files\Sage Software Shared\Deploymentservice.exe [428400 2013-07-09] (Sage Software) [File not signed] S4 SQLAgent$SAGEHW2008; C:\Program Files\MSSQL\MSSQL10_50.SAGEHW2008\MSSQL\Binn\SQLAGENT.EXE [442536 2014-07-10] (Microsoft Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5491984 2015-05-20] (TeamViewer GmbH) R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S3 WsDrvInst; C:\Program Files (x86)\Wondershare\TunesGoRetro\DriverInstall.exe [100080 2015-04-17] (Wondershare) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.) R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.) R1 AutoSave; C:\Windows\System32\DRIVERS\AutoSave.sys [36896 2009-08-13] (Avanquest) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [246000 2015-03-10] (ESET) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241880 2015-03-10] (ESET) R0 edevmon; C:\Windows\SysWOW64\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169792 2015-03-10] (ESET) R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [222280 2015-03-10] (ESET) R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44632 2015-03-10] (ESET) R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [64208 2015-03-10] (ESET) R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331608 2014-04-29] (SafeNet Inc.) R1 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2014-07-10] (Microsoft Corporation) R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2012-12-13] (Windows (R) 2000 DDK provider) R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2012-12-13] (Paragon) R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2012-12-13] (Paragon) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-07 11:37 - 2015-06-07 11:49 - 00000000 ____D C:\FRST 2015-06-07 10:59 - 2015-06-07 10:59 - 00003116 _____ C:\Windows\System32\Tasks\WinZip Malware Protector_startup 2015-06-07 10:58 - 2015-06-07 10:58 - 00000000 ____D C:\Users\User\AppData\Roaming\Nico Mak Computing 2015-06-07 10:55 - 2015-06-07 10:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector 2015-06-07 10:54 - 2015-06-07 10:58 - 00000000 ____D C:\ProgramData\Nico Mak Computing 2015-06-07 10:54 - 2015-06-07 10:58 - 00000000 ____D C:\Program Files (x86)\WinZip Malware Protector 2015-06-07 10:54 - 2013-03-15 17:10 - 00020480 _____ C:\Windows\system32\wsusnative64.exe 2015-06-02 13:09 - 2015-06-02 13:09 - 00002356 _____ C:\Users\User\Desktop\Google Chrome.lnk 2015-06-02 13:09 - 2015-06-02 13:09 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-06-02 13:07 - 2015-06-07 11:23 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3693212948-2018620535-2171421930-1000UA.job 2015-06-02 13:07 - 2015-06-04 14:33 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3693212948-2018620535-2171421930-1000Core.job 2015-06-02 13:07 - 2015-06-02 14:17 - 00004084 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3693212948-2018620535-2171421930-1000UA 2015-06-02 13:07 - 2015-06-02 14:17 - 00003688 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3693212948-2018620535-2171421930-1000Core 2015-06-02 13:07 - 2015-06-02 13:08 - 00000000 ____D C:\Users\User\AppData\Local\Google 2015-06-02 13:07 - 2015-06-02 13:07 - 00000000 ____D C:\Users\User\AppData\Local\Deployment 2015-06-02 13:07 - 2015-06-02 13:07 - 00000000 ____D C:\Users\User\AppData\Local\Apps\2.0 2015-06-02 13:04 - 2015-06-07 10:41 - 00000000 ____D C:\Users\User\AppData\Roaming\TeamViewer 2015-06-02 13:04 - 2015-06-04 22:27 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2015-06-02 13:04 - 2015-06-02 13:04 - 00001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-06-02 13:04 - 2015-06-02 13:04 - 00001035 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk 2015-06-01 09:09 - 2015-06-01 09:09 - 00000000 ____D C:\Users\User\AppData\Local\GWX 2015-05-20 15:43 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys 2015-05-13 16:44 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 16:44 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 12:34 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-05-13 12:34 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-05-13 12:34 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-05-13 12:34 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-05-13 12:34 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-05-13 12:34 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-05-13 12:34 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-05-13 12:34 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-05-13 12:34 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-05-13 12:34 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-05-13 12:34 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-05-13 12:34 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-05-13 12:34 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-05-13 12:34 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-05-13 12:34 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-05-13 12:34 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-05-13 12:34 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-05-13 12:34 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-05-13 12:34 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-05-13 12:34 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-05-13 12:34 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-05-13 12:34 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-05-13 12:34 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-05-13 12:34 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-05-13 12:34 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-05-13 12:34 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-05-13 12:34 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-05-13 12:34 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-05-13 12:34 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-05-13 12:34 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-05-13 12:34 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-05-13 12:34 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-05-13 12:34 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-05-13 12:34 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-05-13 12:34 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-05-13 12:34 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-05-13 12:34 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-05-13 12:34 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-05-13 12:34 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-05-13 12:34 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-05-13 12:34 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-05-13 12:34 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-05-13 12:34 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-05-13 12:34 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-05-13 12:34 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-05-13 12:34 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-05-13 12:34 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-05-13 12:34 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-05-13 12:34 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-05-13 12:34 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-05-13 12:34 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-05-13 12:34 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-05-13 12:34 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-05-13 12:34 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-05-13 12:34 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-05-13 12:34 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-05-13 12:34 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-05-13 12:34 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-05-13 12:34 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-05-13 12:34 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-05-13 12:34 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-05-13 12:34 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-05-13 12:34 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-05-13 12:34 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-05-13 12:33 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-13 12:33 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-13 12:33 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-05-13 12:33 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-05-13 12:33 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-13 12:33 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-05-13 12:33 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-05-13 12:33 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-05-12 15:43 - 2015-05-12 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2015-05-12 15:43 - 2015-05-12 15:43 - 00000000 ____D C:\ProgramData\ESET 2015-05-12 06:24 - 2015-05-12 06:24 - 04149784 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys 2015-05-08 11:35 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-05-08 11:35 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-05-08 11:35 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-05-08 11:35 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-05-08 11:35 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-05-08 11:35 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-05-08 11:35 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-05-08 11:35 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-05-08 11:35 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-05-08 11:35 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-05-08 11:35 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-05-08 11:35 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-05-08 11:35 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-05-08 11:35 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-05-08 11:35 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-05-08 11:35 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-05-08 11:35 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-05-08 11:35 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-05-08 11:35 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-05-08 11:35 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-05-08 11:35 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-05-08 11:35 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-05-08 11:35 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-05-08 11:35 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-05-08 11:35 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-05-08 11:35 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-05-08 11:35 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-05-08 11:35 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-05-08 11:35 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-05-08 11:35 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-05-08 11:35 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-05-08 11:35 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-05-08 11:35 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-05-08 11:35 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-05-08 11:35 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-05-08 11:35 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-05-08 11:35 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-05-08 11:35 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-05-08 11:35 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-05-08 11:35 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-05-08 11:35 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-05-08 11:35 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-05-08 11:35 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-05-08 11:35 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-05-08 11:35 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-05-08 11:35 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-05-08 11:35 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-05-08 11:35 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-05-08 11:35 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-05-08 11:35 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-05-08 11:35 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-05-08 11:35 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-05-08 11:35 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-05-08 11:35 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-05-08 11:35 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-05-08 11:35 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-05-08 11:35 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-05-08 11:35 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe 2015-05-08 11:35 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe 2015-05-08 11:35 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe 2015-05-08 11:35 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-05-08 11:35 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-05-08 11:35 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-05-08 11:35 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-05-08 11:35 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-05-08 11:35 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-05-08 11:35 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe 2015-05-08 11:35 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-05-08 11:35 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-05-08 11:35 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-05-08 11:35 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-05-08 11:35 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-05-08 11:35 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-05-08 11:35 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-05-08 11:35 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-05-08 11:35 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-05-08 11:35 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-07 11:16 - 2015-01-26 12:13 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-07 10:57 - 2009-07-14 06:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-07 10:57 - 2009-07-14 06:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-07 10:37 - 2014-06-27 15:42 - 01279540 _____ C:\Windows\WindowsUpdate.log 2015-06-07 10:34 - 2014-11-25 13:50 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F2047A18-B5F6-458F-AB22-27B2E4751951} 2015-06-07 10:33 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2015-06-07 10:29 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-07 10:29 - 2009-07-14 06:51 - 00055443 _____ C:\Windows\setupact.log 2015-06-04 14:47 - 2015-05-04 09:08 - 00111240 _____ C:\Users\oghbmuaf\AppData\Local\GDIPFONTCACHEV1.DAT 2015-06-04 12:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF 2015-06-02 15:10 - 2015-05-04 09:05 - 00000000 ____D C:\Users\oghbmuaf 2015-06-02 15:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration 2015-06-02 14:11 - 2009-07-14 06:45 - 00419816 _____ C:\Windows\system32\FNTCACHE.DAT 2015-06-02 13:07 - 2014-06-27 18:23 - 00111240 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT 2015-05-29 10:17 - 2014-06-29 20:54 - 00000000 ____D C:\Users\User\AppData\Local\Microsoft Help 2015-05-28 15:55 - 2015-04-21 12:57 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-05-26 16:10 - 2014-07-04 11:24 - 00000000 ____D C:\Program Files (x86)\EPSON Software 2015-05-20 15:45 - 2015-04-05 12:41 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-05-20 15:45 - 2015-04-05 12:41 - 00000000 ___SD C:\Windows\system32\GWX 2015-05-15 15:17 - 2014-06-28 23:00 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-05-13 18:27 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-05-13 17:35 - 2014-06-29 22:49 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-05-13 17:35 - 2014-06-29 22:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-05-13 17:34 - 2011-04-12 09:55 - 00000000 ____D C:\Program Files\Windows Journal 2015-05-13 16:57 - 2014-06-29 20:53 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-05-13 16:57 - 2014-06-29 12:05 - 00000000 ____D C:\Windows\system32\MRT 2015-05-13 16:51 - 2014-06-29 12:05 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-05-13 16:44 - 2014-06-29 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-08 11:47 - 2011-04-12 09:43 - 00769022 _____ C:\Windows\system32\perfh007.dat 2015-05-08 11:47 - 2011-04-12 09:43 - 00175720 _____ C:\Windows\system32\perfc007.dat 2015-05-08 11:47 - 2009-07-14 07:13 - 01814662 _____ C:\Windows\system32\PerfStringBackup.INI ==================== Files in the root of some directories ======= 2014-09-10 22:20 - 2014-09-10 22:20 - 1730272 _____ (Audible Inc.) C:\Program Files (x86)\ActiveSetupN.exe 2014-06-28 21:47 - 2014-06-28 21:47 - 0666531 _____ () C:\Users\User\AppData\Roaming\UserTile.png 2014-06-30 22:02 - 2014-06-30 22:02 - 0003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-12-15 00:00 - 2014-12-29 22:34 - 0000125 ___SH () C:\ProgramData\.zreglib 2014-07-02 16:42 - 2014-08-21 17:10 - 0010720 _____ () C:\ProgramData\hpzinstall.log Files to move or delete: ==================== C:\Users\User\HW_Registry.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-04 13:20 ==================== End of log ============================ [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:06-06-2015 Ran by User at 2015-06-07 11:50:23 Running from C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HO1O03C5 Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3693212948-2018620535-2171421930-500 - Administrator - Disabled) Gast (S-1-5-21-3693212948-2018620535-2171421930-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-3693212948-2018620535-2171421930-1012 - Limited - Enabled) oghbmuaf (S-1-5-21-3693212948-2018620535-2171421930-1010 - Limited - Enabled) => C:\Users\oghbmuaf User (S-1-5-21-3693212948-2018620535-2171421930-1000 - Administrator - Enabled) => C:\Users\User ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} FW: ESET Personal Firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 3D-Viewer-innoplus (HKLM-x32\...\{B96DB037-DBEA-4186-9081-9CBD537F82E8}) (Version: 14.00.302 - INNOVA-engineering GmbH) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer) Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated) Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.4.7.0 - SlySoft) Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG) Ashampoo CD & DVD Drive Access Control 1.0.0 (HKLM-x32\...\Ashampoo CD & DVD Drive Access Control_is1) (Version: - Ashampoo) ATI Catalyst Install Manager (HKLM\...\{11F38253-8940-FFDA-D131-B14120C357E4}) (Version: 3.0.754.0 - ATI Technologies, Inc.) AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2008825086.48.56.35655026 - Audible, Inc.) Avanquest update (HKLM-x32\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.34 - Avanquest Software) AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version: - AVM Berlin) Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.4.167.0 - Microsoft Corporation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden ccc-core-static (x32 Version: 2009.1209.2335.42329 - Ihr Firmenname) Hidden CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes) Copy (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden CopyTrans Control Center deinstallieren (HKU\S-1-5-21-3693212948-2018620535-2171421930-1000\...\CopyTrans Suite) (Version: 3.003 - WindSolutions) Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DanBasic V (HKLM-x32\...\{ED2FC50F-C1A5-40DA-B6A7-A787F7323E86}) (Version: 5.01.01 - Danfoss) Danfoss20120515 (x32 Version: 5.02.01 - Danfoss) Hidden Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden DJ_AIO_06_F2400_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION) Epson E-Web Print (HKLM-x32\...\{E904F572-D7DB-43C1-929F-043F267FC77D}) (Version: 1.22.0000 - SEIKO EPSON CORPORATION) EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON XP-205 207 Series Printer Uninstall (HKLM\...\EPSON XP-205 207 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION) ESET Smart Security (HKLM\...\{7BB8ADC6-BA3A-4757-9BE8-4485C651C99C}) (Version: 8.0.312.3 - ESET, spol s r. o.) F2400 (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden GDR 4033 für SQL Server 2008 R2 (KB2977320) (64-bit) (HKLM\...\KB2977320) (Version: 10.52.4033.0 - Microsoft Corporation) Google Chrome (HKU\S-1-5-21-3693212948-2018620535-2171421930-1000\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.) GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM-x32\...\{8343C2D8-09DF-38B3-9D1A-A26148918E45}.KB947789) (Version: 1 - Microsoft Corporation) HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{819CA3BC-2FF8-4811-B42F-421F7BFD3559}) (Version: 14.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.) IxquickToolbar (x64) (HKLM\...\IxquickToolbar) (Version: 2.0.5 - Ixquick.com) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden liNear Updater (x32 Version: 2.00 - liNear GmbH) Hidden MergeModule_x64 (Version: 9.0.00 - Sony Corporation) Hidden MergeModule_x86 (x32 Version: 9.0.00 - Sony Corporation) Hidden Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3693212948-2018620535-2171421930-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation) Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation) Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - DEU (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - DEU) (Version: - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2005-Abwärtskompatibilität (HKLM\...\{1A3B22D6-4932-4920-B7D3-7D17D36E9BA4}) (Version: 8.05.2309 - Microsoft Corporation) Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation) Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{E8F7904A-4780-4F3F-B153-21BE32857120}) (Version: 10.52.4033.0 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{1D4A3734-9328-440F-960C-42B4CE481EB4}) (Version: 10.52.4033.0 - Microsoft Corporation) Microsoft SQL Server 2008 R2-Richtlinien (HKLM-x32\...\{78033A38-50E2-4A65-823F-C1B34DF9FE41}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft SQL Server Browser (HKLM-x32\...\{8DD113A8-811A-404E-A4D7-443D014946AC}) (Version: 10.52.4000.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 Query Tools DEU (HKLM-x32\...\{3888A22E-1A9E-4DBE-A93B-42385141F37D}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{FBBA9369-3A6B-4EE3-9C53-DA0D29C2FC95}) (Version: 10.52.4000.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM-x32\...\{8343C2D8-09DF-38B3-9D1A-A26148918E45}) (Version: 9.0.35191 - Microsoft Corporation) Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0407-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation) Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla) Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version: - SEIKO EPSON Corporation) MyEpson Portal (x32 Version: 1.1.1.0 - SEIKO EPSON CORPORATION) Hidden Paragon Backup and Recovery™ 12 Home (HKLM-x32\...\{485DF5E7-8379-4BFA-BAE1-9B8DBFE0D6B4}) (Version: 90.00.0003 - Paragon Software) PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PDF-XChange 4 (HKLM\...\{EA08048C-3823-4DC8-B169-1D5D11FFC19F}_is1) (Version: 4.0.160.0 - Tracker Software Products Ltd) PlayMemories Home (HKLM-x32\...\{9BC57F80-FBCF-463C-B69F-09DEC3A4612B}) (Version: 4.2.00.02052 - Sony Corporation) PMB_ModeEditor (x32 Version: 9.1.00 - Sony Corporation) Hidden PMB_ServiceUploader (x32 Version: 9.2.00 - Sony Corporation) Hidden QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) RepertoriX® 7 (HKLM-x32\...\RepertoriX® 7) (Version: - ) Sage Handwerk Setup-Requirements (HKLM-x32\...\{6020E187-FF3D-41A3-999B-412CF16EB9A9}) (Version: 1.00.0000 - Sage Software GmbH) Sage HWP 2013 (HKLM-x32\...\{796BC9A3-103B-48B4-AE0B-B340E42151B4}) (Version: 5.2 - Sage Software GmbH) Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden Service Pack 2 für SQL Server 2008 R2 (KB2630458) (64-bit) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden Software Updater (HKLM-x32\...\{E1BAD1BA-C0E8-4018-9281-E7D2C6B07474}) (Version: 4.3.6 - SEIKO EPSON CORPORATION) SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) Hidden SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden SQL Server 2008 R2 SP2 Common Files (Version: 10.52.4000.0 - Microsoft Corporation) Hidden SQL Server 2008 R2 SP2 Database Engine Services (Version: 10.52.4000.0 - Microsoft Corporation) Hidden SQL Server 2008 R2 SP2 Database Engine Shared (Version: 10.52.4000.0 - Microsoft Corporation) Hidden SQL Server 2008 R2 SP2 Management Studio (Version: 10.52.4000.0 - Microsoft Corporation) Hidden Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Stellar Phoenix Windows Data Recovery - Home (HKLM-x32\...\Stellar Phoenix Windows Data Recovery - Home_is1) (Version: 5.0.0.0 - Stellar Information Systems Ltd) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.42849 - TeamViewer) Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Unterstützungsdateien für Microsoft SQL Server 2008-Setup (HKLM\...\{6AF73222-EE90-434C-AE7E-B96F70A68D89}) (Version: 10.1.2731.0 - Microsoft Corporation) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) Viega Online-Update (HKLM-x32\...\liNear Updater) (Version: 2.00 - liNear GmbH) Viptool Master 3 (HKLM-x32\...\Viptool Master 3) (Version: 3.00 - Viega) Viptool Master 3 (x32 Version: 3.00 - Viega) Hidden VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes) WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom) Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) (HKLM\...\3932CA781A7894D20116FDF60F878301800EA8AB) (Version: 09/11/2009 6.2.0.9407 - Broadcom) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinZip Malware Protector (HKLM-x32\...\WinZip Malware Protector_is1) (Version: 2.1.1000.14260 - WinZip International LLC) Wondershare TunesGo Retro ( Version 4.6.16 ) (HKLM-x32\...\{0B31C808-8274-460D-8846-C711D40544A0}_is1) (Version: 4.6.16 - Wondershare) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3693212948-2018620535-2171421930-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3693212948-2018620535-2171421930-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3693212948-2018620535-2171421930-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3693212948-2018620535-2171421930-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-3693212948-2018620535-2171421930-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3693212948-2018620535-2171421930-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3693212948-2018620535-2171421930-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3693212948-2018620535-2171421930-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 18-12-2014 20:57:36 Windows Update 19-12-2014 17:14:31 Installed Software Updater 23-12-2014 10:51:27 Windows Update 29-12-2014 13:26:52 Windows Update 29-12-2014 13:40:02 Windows Update 29-12-2014 13:41:17 Windows Update 03-01-2015 12:33:41 Windows Update 06-01-2015 23:26:52 Windows Update 15-01-2015 11:07:00 Windows Update 19-01-2015 21:31:35 Windows Update 22-01-2015 10:39:39 Windows Update 26-01-2015 12:14:59 Windows Update 30-01-2015 10:52:36 Windows Update 03-02-2015 11:13:00 Windows Update 09-02-2015 11:16:36 Windows Update 11-02-2015 16:42:58 Windows Update 17-02-2015 11:28:09 Windows Update 17-02-2015 11:31:16 Windows Update 19-02-2015 09:41:58 Windows Update 20-02-2015 12:44:34 Windows Update 24-02-2015 11:51:19 Windows Update 27-02-2015 10:48:35 Installed Software Updater 27-02-2015 10:48:35 Windows Update 03-03-2015 18:37:33 Windows Update 10-03-2015 10:10:25 Windows Update 11-03-2015 12:27:43 Windows Update 14-03-2015 13:00:07 Windows Update 17-03-2015 12:59:56 DirectX wurde installiert 17-03-2015 16:15:51 Installiert Viptool Master 3 17-03-2015 16:21:47 Installiert liNear Updater 20-03-2015 11:41:57 Windows Update 24-03-2015 16:11:14 Windows Update 25-03-2015 14:55:57 Windows Update 27-03-2015 12:18:16 Windows Update 31-03-2015 13:29:34 Windows Update 05-04-2015 12:38:04 Windows Update 05-04-2015 12:41:00 Windows Update 11-04-2015 10:38:10 Windows Update 11-04-2015 10:46:06 Windows Update 15-04-2015 11:42:34 Windows Update 21-04-2015 11:53:33 Windows Update 21-04-2015 12:54:49 Windows Update 27-04-2015 12:05:54 Windows Update 27-04-2015 12:12:07 Windows Update 02-05-2015 20:21:56 Windows Update 05-05-2015 20:34:41 Windows Update 08-05-2015 11:36:23 Windows Update 12-05-2015 14:37:13 Windows Update 12-05-2015 14:50:52 Windows Update 12-05-2015 15:42:16 ESET Smart Security wurde installiert 13-05-2015 16:42:49 Windows Update 19-05-2015 08:47:51 Windows Update 20-05-2015 15:44:56 Windows Update 26-05-2015 08:33:48 Windows Update 29-05-2015 13:44:45 Windows Update 02-06-2015 10:27:55 Windows Update 02-06-2015 13:09:23 Gerätetreiber-Paketinstallation: TeamViewer GmbH Monitore 07-06-2015 10:37:05 Windows Update ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2013-09-03 17:19 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {076D7C58-A8F3-4D01-ABD6-9C39C32C4DFE} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft) Task: {08035D88-753B-444A-926E-910311D5AC15} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe [2015-03-13] (Nico Mak Computing) Task: {0860D86C-0293-470E-9286-CF72AACFB7B4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3693212948-2018620535-2171421930-1000Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2015-06-02] (Google Inc.) Task: {09B936A8-466D-476E-A51C-9D2040B8AE7E} - System32\Tasks\{AA73832F-49F5-4737-B33B-805ACE667185} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.0.0.102/de/abandoninstall?page=tsMain Task: {1C78F6E5-EEC3-4305-A46E-81E9ABF7738B} - System32\Tasks\{21B20418-B44D-44EB-8C16-D9531503DD4A} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation) Task: {1C7FE973-4434-41D9-AE6A-71FA33C9C4C7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {1E5749B3-BA69-4F57-A469-12994A312483} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {2FA9F7E6-105C-47DD-82E0-569B220CFFFD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {30C36A83-317D-442B-9106-E2793CF06A7D} - System32\Tasks\{431E9244-15D2-4F7C-A3CA-1B1509DB7904} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2014-01-29] (Microsoft Corporation) Task: {399410C3-CA7F-4895-B09C-C9690CB2AD48} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3693212948-2018620535-2171421930-1000UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2015-06-02] (Google Inc.) Task: {438DDEFE-E394-4374-B47C-049ABB48A00A} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {5BAD00ED-10FC-472E-95A1-2E876CFB9A91} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {66043AB1-6955-478D-A1AE-DA04B73992F0} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.) Task: {6728B14C-8C3E-46D7-B7D4-CADE882E81DB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {6DE75A13-C876-4606-8203-D815D6C45E13} - System32\Tasks\{27B3456B-864E-4DC3-88CE-1288F8B58241} => C:\Program Files (x86)\Avanquest\AutoSaveEssentials\AutoSave Essentials.exe Task: {7F494EBA-E985-47E8-9BA7-BCFC3D53211A} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2014-11-21] (Microsoft Corporation) Task: {7FB276D1-FC3B-44D3-B0FB-D76DD8292C66} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation) Task: {82E7E464-8E4F-49D3-BA81-78139FA4C206} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation) Task: {82FCA180-7AF2-4697-8760-98BAAEF3A9A0} - System32\Tasks\{73DF83AD-A124-4405-BA52-E46EED2395DA} => C:\Program Files (x86)\Avanquest\AutoSaveEssentials\AutoSave Essentials.exe Task: {87FDD692-E734-4531-8108-97614125C253} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {8AFC0447-5AC7-4391-AEEB-3B20BBD9882B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks Task: {A9B3BE2B-DFC1-421A-879D-2F08E8ED3635} - System32\Tasks\{8CB37E9F-2BD5-4044-AEDE-3887B362755D} => pcalua.exe -a C:\Sage\Handwerk\CSetup.exe Task: {B99A8472-7BB9-4647-9313-A54BA36FE1FD} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {C13D6939-7DB6-4E9F-85D3-7C68D174E1A5} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {E2D19B9F-D06B-4EAE-BE8A-87B974D4907A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated) Task: {EDE07EE7-BD66-4CD7-AD19-031B128004F2} - System32\Tasks\{04D2F973-AB13-4914-9497-EBDC8922006E} => C:\Users\User\Desktop\ESET.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3693212948-2018620535-2171421930-1000Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3693212948-2018620535-2171421930-1000UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2014-10-08 11:14 - 2006-02-23 11:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll 2014-10-08 11:14 - 2006-02-22 10:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll 2014-04-28 15:54 - 2014-04-28 15:54 - 00034304 _____ () C:\Windows\System32\ssl1clm.dll 2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-12-12 21:56 - 2014-10-24 15:16 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll 2014-04-28 15:54 - 2014-09-05 05:57 - 01252864 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\ssl1cdu.dll 2009-07-29 13:10 - 2009-07-29 13:10 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2014-06-27 16:59 - 2014-06-27 16:59 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2012-09-12 13:25 - 2013-07-12 15:10 - 00063488 _____ () C:\Sage\Handwerk\dxThemeRS16.bpl 2014-10-13 16:59 - 2014-10-31 17:37 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll 2014-10-13 16:59 - 2014-05-19 18:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll 2014-06-13 16:01 - 2014-06-13 16:01 - 00011640 _____ () C:\Program Files\IxquickToolbar\x86\IxquickToolbar_de.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:2683706C ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3693212948-2018620535-2171421930-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{7F0E00BC-532F-4000-93D6-22A3AA853D28}] => (Allow) C:\Users\User\AppData\Local\Temp\EPSON XP-205 207 Series_Home\Network\EpsonNetSetup\Data\ENEasyApp.exe FirewallRules: [{9D756A1A-4CDD-47BE-9598-8F7CD4C800E4}] => (Allow) C:\Users\User\AppData\Local\Temp\EPSON XP-205 207 Series_Home\Network\EpsonNetSetup\Data\ENEasyApp.exe FirewallRules: [{F000489C-2A64-4AE0-BF3A-86F7549FFBC6}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe FirewallRules: [{DE0D0CED-4F2E-4CC7-B172-119951C9346F}] => (Allow) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe FirewallRules: [{4E9FAE2F-DA68-499C-B95E-A4F2359E8A69}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{5A4F78ED-A210-404F-9F22-379A6FD95114}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{7DA07B41-C9E9-4D63-A2CB-0C3923EE0B43}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{B6DA9630-903F-43DF-855A-573417D84AC5}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS64D2\HPDiagnosticCoreUI.exe FirewallRules: [{821943DD-01F3-4AD7-8DA7-EF4434CEADB2}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS64D2\HPDiagnosticCoreUI.exe FirewallRules: [{50C60474-53FD-4CE8-B8A5-30FA5BE5A6D6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{7AF06412-C9EA-4617-91CC-F756C5B28930}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{4420FB83-EF5D-4165-8DCC-28774BA29C10}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{85550561-BBE2-408A-9C5B-9A5F1DCCB503}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe FirewallRules: [{2C2BF336-2B05-49DA-B41E-9929CE6AF62F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{E1EF2EC8-EBA7-43D8-81E0-00E52D34934D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{ABE694E3-5D84-4747-907D-404BB0384B40}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{68C890D7-D3E8-49F4-95CB-1BEE27ACF238}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{54ED6F66-0606-47D3-A5C2-DB81D54D3087}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{62BE9F29-EF12-4715-B783-0B53A1102CDA}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{A7355ABE-2331-4316-926C-1F97E3BA27C9}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe FirewallRules: [{2F5DEC05-2DE8-4CB7-8A90-167549295D59}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{313F72FD-74A0-4758-85F7-81D9ECC085B7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{29B9C053-237B-4163-B7EE-B26436B9C507}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{BB4010E0-A9E8-4398-962B-54D1D7660FB9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{35A5FC64-6068-4D54-B9F7-12EEB7883877}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS3FB1\hppiw.exe FirewallRules: [{DA26251E-0959-4A3C-9EFC-79E14A93DB02}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS3FB1\hppiw.exe FirewallRules: [{D2302AE0-FCBD-405B-AF23-7AFADF407929}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS4146\HPDiagnosticCoreUI.exe FirewallRules: [{CDC5E1AD-4F04-4594-8F55-EDA238333973}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS4146\HPDiagnosticCoreUI.exe FirewallRules: [{6C8B125B-976A-48AC-BA0A-51421D29A3A0}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS680E\HPDiagnosticCoreUI.exe FirewallRules: [{6DA31963-1133-4D6D-A6DB-4D3BBBAFC3B0}] => (Allow) C:\Users\User\AppData\Local\Temp\7zS680E\HPDiagnosticCoreUI.exe FirewallRules: [{691E10E8-DF7F-48D7-9B24-D4F38A40A924}] => (Allow) C:\Sage\Handwerk\csetup.exe FirewallRules: [{EC3C6A5E-394F-4499-8D7A-AF299B42F542}] => (Allow) C:\Sage\Handwerk\csetup.exe FirewallRules: [{D9205584-92AD-46CF-A7EA-03C489A18656}] => (Allow) LPort=50400 FirewallRules: [{39E3E85D-0F33-406E-A27B-753FDB5B679C}] => (Allow) LPort=50400 FirewallRules: [{E8DAA742-E1D9-4F91-8A6D-FDFA4FB01B63}] => (Allow) LPort=50420 FirewallRules: [{A9A5ABEB-A7BE-43BF-8C78-52A89AA1E4D8}] => (Allow) LPort=50420 FirewallRules: [{0356006E-441B-48D5-A437-BAEAAD85959C}] => (Allow) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{749B8E0C-E9C9-463A-A08C-9EB02F1E4D3C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{30967074-3703-429F-82EE-24508FE0C6A0}] => (Allow) LPort=2869 FirewallRules: [{BE9A441D-9292-4872-B97A-8DBFE078C5D3}] => (Allow) LPort=1900 FirewallRules: [{E8084484-6D47-4541-9F23-3498E19C7DA2}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{B8A1FBFB-9C42-461C-9C5D-295B3E755B8C}] => (Allow) C:\Program Files (x86)\FRITZ!\fboxset.exe FirewallRules: [{15D0E82C-BF31-44D3-A07F-A1F58CCCF1DE}] => (Allow) C:\Program Files (x86)\FRITZ!\fboxset.exe FirewallRules: [{ABE92D3D-80A1-4BAD-86F6-02BA0F879828}] => (Allow) C:\Program Files (x86)\FRITZ!\igd_finder.exe FirewallRules: [{90A26ED4-19A8-4B59-8A8F-0DFFF23D6A42}] => (Allow) C:\Program Files (x86)\FRITZ!\igd_finder.exe FirewallRules: [{E823400B-88A8-44D6-BE12-FE0FE8F793D9}] => (Allow) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe FirewallRules: [{232B8D34-713A-4C4B-BDDC-91EA5254D09F}] => (Allow) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe FirewallRules: [{A263C454-D403-4E99-A4D1-CEC4EF009DF2}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe FirewallRules: [{841D5416-EE73-4932-9564-C38B205612AA}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe FirewallRules: [{90B80CBD-5E05-482E-A667-4F2C288852EB}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe FirewallRules: [{465DBB8B-9038-4244-B5FE-26474DC8BD7D}] => (Allow) C:\Windows\system32\hasplms.exe FirewallRules: [{F576C2D2-6B01-4D70-B736-51C913F11798}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{9D116B82-14D5-463F-861E-4C203953B0B4}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{39D6B0A2-A89A-4CB6-A7BA-B6DBC073D08A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{2E08C8EE-3418-4508-8607-E9C23122B155}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{2B48FD87-8738-4A1F-A88E-009D3278BEAD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{D50DB67B-60F7-4883-97F1-B0541BA4A58B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/07/2015 10:37:05 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-3693212948-2018620535-2171421930-1009.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig. . Vorgang: OnIdentify-Ereignis Generatordaten werden gesammelt Kontext: Ausführungskontext: Shadow Copy Optimization Writer Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Generatorname: Shadow Copy Optimization Writer Generatorinstanz-ID: {a821b5aa-906c-4723-93cc-b7142004c736} Error: (06/07/2015 10:31:01 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/04/2015 10:27:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: SpfService64.exe, Version: 1.3.0.9090, Zeitstempel: 0x4e684dec Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e8bfa Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000053cfc ID des fehlerhaften Prozesses: 0xec4 Startzeit der fehlerhaften Anwendung: 0xSpfService64.exe0 Pfad der fehlerhaften Anwendung: SpfService64.exe1 Pfad des fehlerhaften Moduls: SpfService64.exe2 Berichtskennung: SpfService64.exe3 Error: (06/04/2015 10:26:25 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/04/2015 02:45:30 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/04/2015 11:36:03 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/02/2015 02:13:13 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/02/2015 01:09:24 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-3693212948-2018620535-2171421930-1009.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig. . Vorgang: OnIdentify-Ereignis Generatordaten werden gesammelt Kontext: Ausführungskontext: Shadow Copy Optimization Writer Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Generatorname: Shadow Copy Optimization Writer Generatorinstanz-ID: {5456eea4-3f9c-4d78-ac62-d4ed30720d06} Error: (06/02/2015 11:10:14 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1800891 Error: (06/02/2015 11:10:14 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1800891 System errors: ============= Error: (06/07/2015 10:31:27 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (06/04/2015 10:27:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Sony Digital Media Server" wurde mit folgendem Fehler beendet: %%-2147194947 Error: (06/04/2015 10:27:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "VAIO Entertainment Common Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (06/04/2015 10:27:00 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (06/04/2015 02:46:29 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst TeamViewer erreicht. Error: (06/04/2015 02:45:52 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (06/04/2015 11:35:38 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (06/02/2015 02:14:01 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (06/02/2015 02:12:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Sage Handwerk Buisiness Logic Server 5.2" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (06/02/2015 02:12:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Sage Handwerk Buisiness Logic Server 5.2 erreicht. Microsoft Office: ========================= Error: (12/12/2014 07:48:17 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. Error: (10/07/2014 11:17:05 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7369 seconds with 0 seconds of active time. This session ended with a crash. Error: (07/03/2014 01:32:55 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1329 seconds with 0 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz Percentage of memory in use: 52% Total physical RAM: 6004.5 MB Available physical RAM: 2832.2 MB Total Pagefile: 12007.21 MB Available Pagefile: 8422.44 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:332.95 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 065A501C) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS) ==================== End of log ============================ |
07.06.2015, 15:32 | #9 | ||
/// TB-Ausbilder /// Anleitungs-Guru | Bin mir nicht sicher, hab mich am Telefon reinlegen lassen, angeblich vom MS- Support, und habe diesen per teamwiever auf meinem PC gelassen Hi, Zitat:
Reinigungsprogramm? Für was und warum? Zitat:
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
08.06.2015, 14:36 | #10 |
| Bin mir nicht sicher, hab mich am Telefon reinlegen lassen, angeblich vom MS- Support, und habe diesen per teamwiever auf meinem PC gelassen Hallo Jürgen, zum schwarzen Bildschirm: Ja er war per Teamviewer in meinem PC, hat mir in der Betriebsebene gezeigt wo die angeblichen Hackerspuren hinterlassen wurden, danach bot er mir für diese Maleware ein Programm an dass angeblich regulär ca. 300 € kosten würde, für eine einmalige gebühr von 15 € an, dies sei nur für MS- Kunden... Als ich mich damit einverstanden erklärte, wählte er eine Seite wohl von seinem PC an, dann wurde der Bildschirm schwarz, (können auch nur 30 Sekunden gewesen sein!?) danach hat er ein paar mal was eingegeben und wieder Desktop schwarz... Nachdem erschien eine fertige Seite zum Eingeben meiner Kontaktdaten, dies tat ich auch, als auf der nächsten Seite meine Kreditkartennummer und Bankdaten verlangt wurden, wurde ich stutzig und habe das ganze verbal abgeblockt. Sagte ihm dass ich meine Kreditkarte im Büro vergessen habe und ich den Betrag überweisen würde, er erwiderte das sei nicht möglich, ich darauf, na dann lassen wir das... er fragte mich wie lange ich benötigen würde um die Kreditkarte zu holen, darauf ich, ca. 1 Stunde... er sagte ok, rufe dich in eine Stunde an und wollte den Rechner verbunden lassen, darauf ich, nein meinen Rechner lasse ich nicht unbeaufsichtigt, ich fahre ihn jetzt runter. Dann sagte er: nein das mache ich für dich, bin mir jetzt nicht sicher ob er das Passwort zum sichern oder schließen seines Programms benötigt hat oder für was auch immer. Auf jeden Fall erschien da ein kleines Kästchen, wo er ein unlesbares, kurzes Passwort eingab (ca. 8-stellig). Jeden fallls konnte ich beim Neustart erstmal nicht in mein PC rein, der hat mein altes Passwort nicht mehr angenommen, bin nur über den abgesicherten Modus wieder rein gekommen und habe dann einen letzten Wiederherstellungspunkt gewählt. Danach konnte ich wieder in meinem Betriebsystem... In der Zwischenzeit hatte ich MS- Deutschland angerufen um zu hören ob die normal sei dass MS- USA die Kunden anruft... darauf sagte man mir dass dies Betrüger seien und ich auf jeden Fall ein neues Betriebssystem aufspielen sollte, nachdem ich alles gesichert habe. Kommst mit den Infos erstmal klar? Grüße: Felix |
08.06.2015, 20:18 | #11 |
/// TB-Ausbilder /// Anleitungs-Guru | Bin mir nicht sicher, hab mich am Telefon reinlegen lassen, angeblich vom MS- Support, und habe diesen per teamwiever auf meinem PC gelassen Wie sieht es bei Dir aus? Hast Du die Möglichkeit & Lust zur Neuinstallation? Eine Installations-DVD kann man ja kostenlos runterladen. Ich meine die haben bestimmt nicht irgendeinen "normalen" Trojaner installiert, den man gut finden und entfernen kann. Durch den Zugriff hatten sie auch Möglichkeiten, die ein 0815-Trojaner nicht hat. Das kann man jetzt schwer beurteilen, auch wenn die Logs sauber aussehen würden. Wiederherstellungspunkt hin...Wiederherstellungspunkt her. Trauen würde ich denen nicht. Und dumm sind die auch nicht.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
09.06.2015, 08:13 | #12 |
| Bin mir nicht sicher, hab mich am Telefon reinlegen lassen, angeblich vom MS- Support, und habe diesen per teamwiever auf meinem PC gelassen Guten Morgen, Ich denke dass ich das machen muss, vielleicht gebe ich den Rechner sogar zum Fachmann ab?! Werde mir das nochmals durch den Kopf gehen lassen... Und melde mich ggf. Herzlichen Dank nochmals für Deine/Eure Mühen!!! Felix |
Themen zu Bin mir nicht sicher, hab mich am Telefon reinlegen lassen, angeblich vom MS- Support, und habe diesen per teamwiever auf meinem PC gelassen |
abgesicherten, beendet, bereich, betriebssystem, bezahlung, bildschirm, bot, diverse, fritzbox, gen, geändert, hallo zusammen, hilfreiche, karte, meldungen, modus, neu, neues, passwort, passwörter, rechner, security, spiele, starten, virusscan |